Ask Your Question
1

Glance public image create 403 Forbidden: You are not authorized to complete this action. (HTTP 403) error in openstack mitaka

asked 2016-09-02 04:46:41 -0600

murugesan gravatar image

updated 2016-09-02 04:53:13 -0600

I'm using CentOS Linux release 7.2.1511 (Core)

For install Openstack mitaka

I have setup mariadb cluster for two node replication

I could not able create public images in glance module, got 403 not authorized error. How to solve this issue.

I have sourced my admin_rc file as

export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=*****
export OS_AUTH_URL=http://controller2:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

when i create glance public image got following authorization error

[root@controller2 ~]# openstack image create "cirros" --file cirros-0.3.2-x86_64-disk.img --disk-format qcow2 --container-format bare --public
403 Forbidden: You are not authorized to complete this action. (HTTP 403)

but i can able create non public images,list images and list other services,endpoints

[root@controller2 ~]# openstack image create "cirros_test" --file cirros-0.3.2-x86_64-disk.img --disk-format qcow2 --container-format bare
+------------------+------------------------------------------------------+
| Field            | Value                                                |
+------------------+------------------------------------------------------+
| checksum         | 64d7c1cd2b6f60c92c14662941cb7913                     |
| container_format | bare                                                 |
| created_at       | 2016-09-02T07:13:50Z                                 |
| disk_format      | qcow2                                                |
| file             | /v2/images/48ab03c8-e3d6-47a6-9aa5-baf5009ee7b1/file |
| id               | 48ab03c8-e3d6-47a6-9aa5-baf5009ee7b1                 |
| min_disk         | 0                                                    |
| min_ram          | 0                                                    |
| name             | cirros_test                                          |
| owner            | None                                                 |
| protected        | False                                                |
| schema           | /v2/schemas/image                                    |
| size             | 13167616                                             |
| status           | active                                               |
| tags             |                                                      |
| updated_at       | 2016-09-02T07:13:51Z                                 |
| virtual_size     | None                                                 |
| visibility       | private                                              |
+------------------+------------------------------------------------------+

[root@controller2 ~]# glance image-list
+--------------------------------------+-------------+
| ID                                   | Name        |
+--------------------------------------+-------------+
| 099c64e7-4d6c-4d90-a318-e3c4482fa6ac | cirros      |
| 48ab03c8-e3d6-47a6-9aa5-baf5009ee7b1 | cirros_test |
+--------------------------------------+-------------+

[root@controller2 ~]# openstack image list
+--------------------------------------+-------------+--------+
| ID                                   | Name        | Status |
+--------------------------------------+-------------+--------+
| 48ab03c8-e3d6-47a6-9aa5-baf5009ee7b1 | cirros_test | active |
| 099c64e7-4d6c-4d90-a318-e3c4482fa6ac | cirros      | active |
+--------------------------------------+-------------+--------+

image back-end store has both public and private images, even that 403 error occurred image also has

[root@controller2 ~]# du -sh /var/lib/glance/images/*
13M     /var/lib/glance/images/099c64e7-4d6c-4d90-a318-e3c4482fa6ac
13M     /var/lib/glance/images/48ab03c8-e3d6-47a6-9aa5-baf5009ee7b1
13M     /var/lib/glance/images/b6259842-13a3-43aa-9027-a84bad66d92c
13M     /var/lib/glance/images/b6df34cb-1684-45aa-aafa-8a374c28106b

when i create public image following logs generated

/var/log/glance/api.log

2016-09-02 12:51:55.915 2826 INFO eventlet.wsgi.server [req-0a0955d8-4234-4239-a722-305bb15aa74c - - - - -] 10.10.100.240 - - [02/Sep/2016 12:51:55] "GET /v2/schemas/image HTTP/1.1" 200 4344 0.002151
2016-09-02 12:51:55.991 2826 INFO eventlet.wsgi.server [req-25c392da-d242-43d5-8710-3b8ad0e08a33 - - - - -] 10.10.100.240 - - [02/Sep/2016 12:51:55] "POST /v2/images HTTP/1.1" 403 383 0.015784

there no log updated in /var/log/glance/registry.log while create public glance image

/var/log/keystone/keystone.log

2016-09-02 12:57:00.826 3106 INFO keystone.common.wsgi [req-4e56c5af-e44e-4836-aa75-e54b50b30a58 - - - - -] GET http://controller2:35357/v3/
2016-09-02 12:57:00.839 3104 INFO keystone.common.wsgi [req-3bba1d1d-48c8-423e-8ffe-8cf296462737 - - - - -] POST http://controller2:35357/v3/auth/tokens
2016-09-02 12:57:00.997 3104 INFO keystone.token.providers.fernet.utils [req-3bba1d1d-48c8-423e-8ffe-8cf296462737 - - - - -] Loaded 2 encryption keys (max_active_keys=3) from: /etc/keystone/fernet-keys/
2016-09-02 12:57:01.048 3107 INFO keystone.common.wsgi [req-0ccccc65-7ddb-467b-b99b-73285c3e1ce1 - - - - -] POST http://controller2:35357/v3/auth/tokens
2016-09-02 12:57:01.204 3107 INFO keystone.token.providers.fernet.utils [req-0ccccc65-7ddb-467b-b99b-73285c3e1ce1 - - - - -] Loaded 2 encryption keys (max_active_keys=3) from: /etc/keystone/fernet-keys/

i also tried to change the /etc/glance/policy.json

"publicize_image": "role:admin", to "publicize_image": "",

facing same issue

Following is my public image creation with debug

[root@controller2 ~]# openstack --debug image create "cirros" --file cirros-0.3.2-x86_64-disk.img --disk-format qcow2 --container-format bare --public ...
(more)
edit retag flag offensive close merge delete

Comments

I am having the same problem at the moment: glance image-create --visibility public --disk-format qcow2 --container-format bare --progress --file ./CentOS-7-x86_64-GenericCloud-1503.qcow2 --name centos7-image 403 Forbidden You are not authorized to complete publicize_image

twotwo gravatar imagetwotwo ( 2016-12-06 13:25:33 -0600 )edit

4 answers

Sort by ยป oldest newest most voted
0

answered 2016-09-02 05:06:24 -0600

dbaxps gravatar image

Try openstack image set imageName --is-public True
If fails login as admin to dashboard and update image features via GUI.

edit flag offensive delete link more

Comments

--is-public argument not working

openstack image set: error: unrecognized arguments: --is-public True

i used openstack image set cirros --public

same issue 403 Forbidden: You are not authorized to complete this action. (HTTP 403)

My glance version is 2.0.0

murugesan gravatar imagemurugesan ( 2016-09-02 05:15:12 -0600 )edit

Have Glance been installed via RDO repos ?
Would be more precise - post all RDO repos been used for deployment

dbaxps gravatar imagedbaxps ( 2016-09-02 05:20:40 -0600 )edit

I have created centos7 local repository for quick installation it may be a problem, i'll check

murugesan gravatar imagemurugesan ( 2016-09-02 05:53:21 -0600 )edit

hi dbaxps,

Thanks for your update, but I'm using centos7. I have downloaded and created a local repository from ftp://ftp.iitm.ac.in/centos/7/

Is it required RDO repository for centos7?

murugesan gravatar imagemurugesan ( 2016-09-02 23:50:42 -0600 )edit

I would suggest you better follow
https://www.rdoproject.org/install/qu...
on all nodes. Just don't invoke packstack if you are doing manual set up.

dbaxps gravatar imagedbaxps ( 2016-09-03 01:06:59 -0600 )edit
0

answered 2016-10-03 13:34:50 -0600

I'm pretty sure there is some sort of inconsistent behavior there. I couldn't have it work. I would either get 403 Forbidden: You are not authorized to complete this action. (HTTP 403) or The request you have made requires authentication. (HTTP 401) (Request-ID: req-<some-request-id>), when trying to source some made up credentials. In some nth attempt, it suddenly works. This might signal problems.

edit flag offensive delete link more
0

answered 2018-05-09 09:49:41 -0600

This is still an issue. It is an even worse issue in the UI, because you just get a generic "Error" message!

Reading https://www.sebastien-han.fr/blog/2014/10/30/openstack-glance-allow-user-to-create-public-images/ (https://www.sebastien-han.fr/blog/201...) makes it seem like it was purposeful, but it makes no sense why there is an option you can never use.

edit flag offensive delete link more
0

answered 2018-09-01 07:41:13 -0600

Aref gravatar image

updated 2018-09-01 07:41:41 -0600

make sure in file: /etc/glance/glance-registry.conf you have set:

[paste_deploy] flavor = keystone

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2016-09-02 04:46:41 -0600

Seen: 3,799 times

Last updated: Sep 01 '18