glance with identity v3 but self._session calls keystoneclient.auth.identity.v2
I have, haproxy nodes on top of the controllers nodes, https openstack endpoints ssl terminated at the haproxy Centos7, Openstack Juno latest updates, in particular relevant for what follows
openstack-keystone-2014.2.2-1.el7.noarch python-keystone-2014.2.2-1.el7.noarch python-keystoneclient-0.11.1-1.el7.centos.noarch python-keystonemiddleware-1.2.0-1.el7.centos.noarch
openstack-glance-2014.2.2-1.el7.noarch python-glance-2014.2.2-1.el7.noarch python-glanceclient-0.15.0-1.el7.centos.noarch python-glance-store-0.1.10-2.el7.centos.noarch
Virtual IP is: nimbus.ncg.ingrid.pt client env variables OS_AUTH_URL=https://nimbus.ncg.ingrid.pt:5000/v3 OS_CACERT=lipca.pem OS_IDENTITY_API_VERSION=3 OS_PASSWORD=XXXX OS_PROJECT_DOMAIN_NAME=default OS_PROJECT_NAME=admin OS_TENANT_NAME=admin OS_URL=https://nimbus.ncg.ingrid.pt:35357/v3 OS_USER_DOMAIN_NAME=default OS_USERNAME=admin keystone.conf contains ... admin_endpoint = https://nimbus.ncg.ingrid.pt:35357 public_endpoint = https://nimbus.ncg.ingrid.pt:5000 ... glance-api.conf contains ... [keystone_authtoken] auth_uri=https://nimbus.ncg.ingrid.pt:5000/v3 identity_uri=https://nimbus.ncg.ingrid.pt:35357 auth_version=v3 admin_tenant_name=service admin_user=glance admin_password=XXX ...
openstack user list ( or service, project, endpoint ... work as expected) Relevant endpoints Service Name | Service Type | Enabled | Interface | URL | glance | image | True | admin | https://nimbus.ncg.ingrid.pt:9292 glance | image | True | public | https://nimbus.ncg.ingrid.pt:9292 keystone | identity | True | public | https://nimbus.ncg.ingrid.pt:5000/v3 keystone | identity | True | admin | https://nimbus.ncg.ingrid.pt:35357/v3
openstack --debug image list gives .... DEBUG: keystoneclient.auth.identity.v3 Making authentication request to https://nimbus.ncg.ingrid.pt:5000/v3/... DEBUG: requests.packages.urllib3.connectionpool "POST /v3/auth/tokens HTTP/1.1" 201 4293 DEBUG: requests.packages.urllib3.connectionpool "GET /v1/AUTH_2317a44519e04f2d9d898282f8b4ee96?format=json HTTP/1.1" 401 131 DEBUG: keystoneclient.session RESP: DEBUG: keystoneclient.session Request returned failure status: 401 ERROR: openstack Unauthorized (HTTP 401) ..... So the first 2 lines give the correct result, but after that
relevant entries in /var/log/glance/api.log
... 2015-03-26 10:00:58.968 29541 DEBUG glance.api.middleware.version_negotiation [-] new path /v1/images/detail process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:70 2015-03-26 10:00:58.969 29541 DEBUG keystonemiddleware.auth_token [-] Removing headers from request environment: X-Service-Catalog .... X-Tenant _remove_auth_headers /usr/lib/python2.7/site-packages/keystonemiddleware/auth_token.py:780 2015-03-26 10:00:58.969 29541 DEBUG keystonemiddleware.auth_token [-] Authenticating user token __call__ /usr/lib/python2.7/site-packages/keystonemiddleware/auth_token.py:708 2015-03-26 10:00:58.970 29541 INFO keystonemiddleware.auth_token [-] Auth Token proceeding with requested v3 apis 2015-03-26 10:00:58.971 29541 DEBUG keystoneclient.auth.identity.v2 [-] Making authentication request to https://nimbus.ncg.ingrid.pt:35357/v2.0/tokens get_auth_ref /usr/lib/python2.7/site-packages/keystoneclient/auth/identity/v2.py:77 2015-03-26 10:00:58.982 29541 INFO urllib3.connectionpool [-] Starting new HTTPS connection (1): nimbus.ncg.ingrid.pt 2015-03-26 10:00:59.011 29541 WARNING keystonemiddleware.auth_token [-] Retrying on HTTP connection exception: SSL exception connecting to https://nimbus.ncg.ingrid.pt:35357/v2.0/tokens 2015-03-26 10:00:59.511 29541 DEBUG keystoneclient.auth.identity.v2 [-] Making authentication request to https://nimbus.ncg.ingrid ...