Ask Your Question
0

glance image-create: Invalid OpenStack Identity credentials.

asked 2015-05-15 22:28:48 -0500

weicheng gravatar image

updated 2015-05-18 02:37:32 -0500

hello,

I'm performing an OpenStack manual installation, and I got stuck on the "glance" part. I'm follow the guide

now when I execute:glance image-create --property name "cirros-0.3.3-x86_64" --property disk-format=qcow2 --property container-format=bare --property is-public=False --progress --file /tmp/images/cirros-0.3.3-x86_64-disk.img report err in this part: Invalid OpenStack Identity credentials.

in glance-api.log:

2015-05-15 12:18:36.818 12185 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}

2015-05-15 12:18:36.846 12185 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}

2015-05-15 12:18:36.846 12185 WARNING keystonemiddleware.auth_token [-] Authorization failed for token
2015-05-15 12:18:36.847 12185 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [15/May/2015 12:18:36] "GET /v2/schemas/image HTTP/1.1" 401 542 0.057455

2015-05-15 12:18:36.849 12185 WARNING keystonemiddleware.auth_token [-] Authorization failed for token

2015-05-15 12:18:36.850 12185 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [15/May/2015 12:18:36] "GET /v2/schemas/metadefs/namespace HTTP/1.1" 401 542 0.000815
2015-05-15 12:18:36.851 12185 WARNING keystonemiddleware.auth_token [-] Authorization failed for token

2015-05-15 12:18:36.851 12185 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [15/May/2015 12:18:36] "GET /v2/schemas/metadefs/resource_type HTTP/1.1" 401 542 0.000776

2015-05-15 12:18:36.953 12184 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}

2015-05-15 12:18:36.981 12184 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}

2015-05-15 12:18:36.982 12184 WARNING keystonemiddleware.auth_token [-] Authorization failed for token

2015-05-15 12:18:36.982 12184 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [15/May/2015 12:18:36] "GET /v2/schemas/image HTTP/1.1" 401 542 0.068133

I have set enverment variable:

export OS_PROJECT_DOMAIN_ID=default

export OS_USER_DOMAIN_ID=default

export OS_PROJECT_NAME=admin

export OS_TENANT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=admin

export OS_AUTH_URL=http://controller:35357/v2.0

export OS_IMAGE_API_VERSION=2

in glancepapi.conf glance-register.conf:

auth_uri = http://controller:5000

auth_url = http://controller:35357

auth_plugin = password

project_domain_id = default

user_domain_id = default

project_name = service

username = glance

password =glance_pass

controller@controller-Precision-T1700:/var/cache/glance$ openstack user show glance

+----------+----------------------------------+

| Field    | Value                            |

+----------+----------------------------------+

| email    | None                             |

| enabled  | True                             |

| id       | c98baebb8a7c4a9ab9d71a6bcd0f4a86 |

| name     | glance                           |

| username | glance                           |

+----------+----------------------------------+


controller@controller-Precision-T1700:/var/cache/glance$ openstack project show admin

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Admin Project                    |

| enabled     | True                             |

| id          | 2e83a9c4d0c142b1ac81cf2080ce5e77 |

| name        | admin                            |

+-------------+----------------------------------+


controller@controller-Precision-T1700:/var/cache/glance$ openstack service show glance

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | OpenStack Image service          |

| enabled     | True                             |

| id          | 32368916c55b46a38da87658e8f37383 |

| name        | glance                           |

| type        | image                            |


controller@controller-Precision-T1700:/var/cache/glance$ openstack role show admin

+-------+----------------------------------+

| Field | Value                            |

+-------+----------------------------------+

| id    | 37c60ca68c00465aa43684bbd003ece2 |

| name  | admin                            |

+-------+----------------------------------+
edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted
0

answered 2015-05-18 02:52:16 -0500

dbaxps gravatar image

updated 2015-05-18 02:58:10 -0500

Combination bellow works fine :-

# cat   keystonerc_admin
export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_PASSWORD=xxxxxxxxxxxxxxxxx
export OS_AUTH_URL=http://192.169.142.127:5000/v2.0/
export OS_REGION_NAME=RegionOne
export PS1='[\u@\h \W(keystone_admin)]\$ '

Glance command

# .  keystonerc_admin
#  glance image-create --name "F21IMAGE" --is-public true --disk-format qcow2  --container-format bare < Fedora-Cloud-Base-20141203-21.x86_64.qcow2

[root@ip-192-169-142-127 glance(keystone_admin)]# cat glance-registry.conf | grep -v ^$|grep -v ^#

[DEFAULT]
verbose=True
debug=False
bind_host=0.0.0.0
bind_port=9191
log_file=/var/log/glance/registry.log
use_syslog=False
log_dir=/var/log/glance
[oslo_policy]
[database]
connection=mysql://glance:41264fc52ffd4fe8@192.169.142.127/glance
idle_timeout=3600
[keystone_authtoken]
identity_uri=http://192.169.142.127:35357
admin_tenant_name=services
admin_user=glance
admin_password=f6a9398960534797
auth_uri=http://192.169.142.127:5000/
[paste_deploy]
flavor=keystone
[profiler]
edit flag offensive delete link more

Comments

hi, did you got an valid solution for this issue? because i met the similar problem, hopefully looking forward your anwser. thanks

Donn gravatar imageDonn ( 2015-12-29 09:10:52 -0500 )edit

Make sure the keys in /etc/keystone/fernet-keys/ are same across all keystone nodes.

snehadeep gravatar imagesnehadeep ( 2018-04-11 01:33:03 -0500 )edit
0

answered 2018-04-10 07:48:33 -0500

This is an issue of fernet-keys not being synced. All nodes hosting keystone shall have the same keys.

[root@controller3 ~]# ll /etc/keystone/fernet-keys/ total 12 -rw------- 1 keystone keystone 44 Apr 10 07:44 0 -rw------- 1 keystone keystone 44 Apr 9 06:50 1 -rw------- 1 keystone keystone 44 Apr 9 06:50 20 2

Copy the keys 0,1 and 2 (you may have 0 and 1 only - additional keys are added when keys are rotated with keystone-manage command) across other nodes hosting keystone.

Also set in /etc/keystone/keystone.conf

[fernet_tokens] key_repository = /etc/keystone/fernet-keys/

edit flag offensive delete link more
0

answered 2016-01-21 12:29:08 -0500

same problem , i think like some config file issue ,but no ture

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-05-15 22:24:19 -0500

Seen: 3,858 times

Last updated: Apr 10