Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

OpenStack Icehouse glance image-list The request you have made requires authentication. (HTTP 401)

I can not figure out what is wrong with authentication when using glance? I have installed keystone which is worknig, but I can not set glance to work.

admin-openrc.sh:

export OS_USERNAME=admin
export OS_PASSWORD=adminpass
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://controler:35357/v2.0

When I use keystone I set:

$ export OS_SERVICE_TOKEN=43beada85170163c97e1
$ export OS_SERVICE_ENDPOINT=http://controler:35357/v2.0

and it is working fine. But when I try to run glance command I always get this error or error: Invaild OpenStack Identity credentials.

Users and passwords of mysql are:

root mysqlpass
keystone mysqlpass
glance mysqlpass

I have instaled glance in this order:

$ apt-get install glance python-glanceclient

Set up connection in /etc/glance/glance-api.conf and /etc/glance/glance-registry.conf:

[database]
connection =mysql://glance:mysqlpass@controler/glance

Set up configuration in /etc/glance/glance-api.conf:

[DEFAULT]
...
rpc_backend = rabbit
rabbit_host = controller
rabbit_password = rabbitpass

Set up mysql for glance:

$ mysql -u root -p
mysql> CREATE DATABASE glance;
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost'  IDENTIFIED BY 'mysqlpass';
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%'  IDENTIFIED BY 'mysqlpass';
$glance-manage db_sync
$ keystone user-create --name=glance --pass=glancepass  --email=glance@gmail.com
$ keystone user-role-add --user=glance --tenant=service --role=admin

I have made needed configurations in /etc/glance/glance-api.conf and /etc/glance/glance-registry.conf:

[keystone_authtoken]
auth_uri=http://controler:5000/v2.0    
auth_host=controler
auth_port=35357
auth_protocol=http
admin_tenant_name=service
admin_user=glance
admin_password=glancepass
[paste_deploy]
flavor=keystone

$ keystone service-create --name=glance --type=image  --description="OpenStack Image Service"
$ keystone endpoint-create  --service-id=23a41691715b4a4581e3ad7e1620977c 
  --publicurl=http://controller:9292 
  --internalurl=http://controller:9292
  --adminurl=http://controller:9292

$ service glance-registry restart
$ service glance-api restart
$ glance image-list
The request you hacve made requires authentication. (HTTP 401)
$ env | grep OS_
OS_SERVICE_TOKEN=43beda85170163c97e1
OS_TENANT_ENDPOINT=http://controler:35357/v2.0
OS_TENANT_ID=da83c962081f465381e61067481d731a
OS_SERVICE_ENDPOINT=http://controler:9292/v2.0
OS_PASSWORD=adminpass
OS_AUTH_URL=http://controler:35357/v2.0
OS_USERNAME=admin
OS_TENANT_NAME=admin
The request you hacve made requires authentication. (HTTP 401)

Then I have tried with changing with this environment variables ( here isn't all changes, only ones that I remmber):

$ export OS_USERNAME=glance
$ export OS_PASSWORD=glancepass
$ glance image-list
The request you hacve made requires authentication. (HTTP 401)
$ export OS_PASSWORD=mysqlpass

I have also tried with some others OS_TENANT_ID from these:

$ keystone tenant-list
                            id                             name   enabled
2e2a2d61c8fb4de0932347ca8c6b78b2    admin    True
32070f16d71f4c30a2cfca25298e9f59     demo     True
da83c962081f465381e61067481d731a   service  True

And now I am very confused. I wolud like to get answers on these questions: 1. How to solve this issue? 2. Should every sevice (keystone, glance, etc) should have his own SERVICE-openrc.sh But I don't understand then why did I create admin-openrc.sh file? 3. Can someone explains me about atuhnetication for users as admin and demo and for users as services keystone, glance, etc. If services are running when cloud is working these service authentication should work automaticly. What about if I (administrator) want to administrate cloud? What about if I as user want to use cloud? Then how should I athenticate? 4. I have noticed I can't ping google.com or any other servers except myself and COMPUTE node. I have not changed any of network configurations. Can this be a reson for not working glance?