Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

unable to create new image

Hi,

I've followed the RDO quick start on top of CentOS 7 and I've now moved on to "Running an instance" which is linked at the bottom of the RDO quick start (I need 10 karma points in order to post links, so I apologize that I don't have any).

Step 4 fails for me and a little red box comes up with "Unable to create new image". I also tried just using a local .iso file to the same result.

Being new to this, I'm unsure of how troubleshoot openstack. I've looked in /var/log/horizon/horizon.log, but there isn't much for detail.

2014-11-22 04:04:59,428 18080 WARNING horizon.exceptions Recoverable error: <html>
 <head>
  <title>403 Forbidden</title>
 </head>
 <body>
  <h1>403 Forbidden</h1>
  Access was denied to this resource.<br /><br />

 </body>
</html> (HTTP 403)

I also don't see anything in the glance logs. I'm curious where I should be looking for more debugging information and if anyone else as ran into this issue.

Thanks in advance.

unable to create new image

Hi,

I've followed the RDO quick start on top of CentOS 7 and I've now moved on to "Running an instance" which is linked at the bottom of the RDO quick start (I need 10 karma points in order to post links, so I apologize that I don't have any).

Step 4 fails for me and a little red box comes up with "Unable to create new image". I also tried just using a local .iso file to the same result.

Being new to this, I'm unsure of how troubleshoot openstack. I've looked in /var/log/horizon/horizon.log, but there isn't much for detail.

2014-11-22 04:04:59,428 18080 WARNING horizon.exceptions Recoverable error: <html>
 <head>
  <title>403 Forbidden</title>
 </head>
 <body>
  <h1>403 Forbidden</h1>
  Access was denied to this resource.<br /><br />

 </body>
</html> (HTTP 403)

I also don't see anything in the glance logs. I'm curious where I should be looking for more debugging information and if anyone else as ran into this issue.

Thanks in advance.


UPDATE: I updated the config to enable debug. Here's a snippet of the api.log after I click 'Create Image'. I don't see any errors.

2014-11-25 11:00:26.825 2201 DEBUG glance.api.middleware.version_negotiation [-] Determining version of request: POST /v1/images Accept: */* process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:44
2014-11-25 11:00:26.826 2201 DEBUG glance.api.middleware.version_negotiation [-] Using url versioning process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:57
2014-11-25 11:00:26.826 2201 DEBUG glance.api.middleware.version_negotiation [-] Matched version: v1 process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:69
2014-11-25 11:00:26.826 2201 DEBUG glance.api.middleware.version_negotiation [-] new path /v1/images process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:70
2014-11-25 11:00:26.826 2201 DEBUG keystonemiddleware.auth_token [-] Removing headers from request environment: X-Service-Catalog,X-Identity-Status,X-Roles,X-Service-Roles,X-Domain-Name,X-Service-Domain-Name,X-Project-Id,X-Service-Project-Id,X-Project-Domain-Name,X-Service-Project-Domain-Name,X-User-Id,X-Service-User-Id,X-User-Name,X-Service-User-Name,X-Project-Name,X-Service-Project-Name,X-User-Domain-Id,X-Service-User-Domain-Id,X-Domain-Id,X-Service-Domain-Id,X-User-Domain-Name,X-Service-User-Domain-Name,X-Project-Domain-Id,X-Service-Project-Domain-Id,X-Role,X-User,X-Tenant-Name,X-Tenant-Id,X-Tenant _remove_auth_headers /usr/lib/python2.7/site-packages/keystonemiddleware/auth_token.py:780
2014-11-25 11:00:26.826 2201 DEBUG keystonemiddleware.auth_token [-] Authenticating user token __call__ /usr/lib/python2.7/site-packages/keystonemiddleware/auth_token.py:708
2014-11-25 11:00:26.830 2201 DEBUG keystonemiddleware.auth_token [-] Returning cached token _cache_get /usr/lib/python2.7/site-packages/keystonemiddleware/auth_token.py:1793
2014-11-25 11:00:26.831 2201 DEBUG keystonemiddleware.auth_token [-] Authenticating service token __call__ /usr/lib/python2.7/site-packages/keystonemiddleware/auth_token.py:727
2014-11-25 11:00:26.831 2201 DEBUG keystonemiddleware.auth_token [-] Received request from user: user_id None, project_id None, roles None service: user_id None, project_id None, roles None __call__ /usr/lib/python2.7/site-packages/keystonemiddleware/auth_token.py:746
2014-11-25 11:00:26.835 2201 DEBUG routes.middleware [-] Matched POST /images __call__ /usr/lib/python2.7/site-packages/routes/middleware.py:100
2014-11-25 11:00:26.836 2201 DEBUG routes.middleware [-] Route path: '/images', defaults: {'action': u'create', 'controller': <glance.common.wsgi.Resource object at 0x2d3d750>} __call__ /usr/lib/python2.7/site-packages/routes/middleware.py:102
2014-11-25 11:00:26.837 2201 DEBUG routes.middleware [-] Match dict: {'action': u'create', 'controller': <glance.common.wsgi.Resource object at 0x2d3d750>} __call__ /usr/lib/python2.7/site-packages/routes/middleware.py:103
2014-11-25 11:00:26.838 2201 INFO glance.wsgi.server [-] 10.0.2.15 - - [25/Nov/2014 11:00:26] "POST /v1/images HTTP/1.1" 403 347 0.013483

unable to create new image

Hi,

I've followed the RDO quick start on top of CentOS 7 and I've now moved on to "Running an instance" which is linked at the bottom of the RDO quick start (I need 10 karma points in order to post links, so I apologize that I don't have any).

Step 4 fails for me and a little red box comes up with "Unable to create new image". I also tried just using a local .iso file to the same result.

Being new to this, I'm unsure of how troubleshoot openstack. I've looked in /var/log/horizon/horizon.log, but there isn't much for detail.

2014-11-22 04:04:59,428 18080 WARNING horizon.exceptions Recoverable error: <html>
 <head>
  <title>403 Forbidden</title>
 </head>
 <body>
  <h1>403 Forbidden</h1>
  Access was denied to this resource.<br /><br />

 </body>
</html> (HTTP 403)

I also don't see anything in the glance logs. I'm curious where I should be looking for more debugging information and if anyone else as ran into this issue.

Thanks in advance.


UPDATE: UPDATE 2: Through the Identify>Projects interface as the admin user, I added the admin role to the demo user. It's default value is _member_. Then, logging in as the demo user, I was able to create an image. So this must be a permissions issue with the _member_ role?

Is there a way I can see/define what roles can or cannot do? Is there a hole in the quick start documentation? I assume not, since I'm the only one having this issue.

UPDATE 1: I updated the config to enable debug. Here's a snippet of the api.log after I click 'Create Image'. I don't see any errors.

2014-11-25 11:00:26.825 2201 DEBUG glance.api.middleware.version_negotiation [-] Determining version of request: POST /v1/images Accept: */* process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:44
2014-11-25 11:00:26.826 2201 DEBUG glance.api.middleware.version_negotiation [-] Using url versioning process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:57
2014-11-25 11:00:26.826 2201 DEBUG glance.api.middleware.version_negotiation [-] Matched version: v1 process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:69
2014-11-25 11:00:26.826 2201 DEBUG glance.api.middleware.version_negotiation [-] new path /v1/images process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:70
2014-11-25 11:00:26.826 2201 DEBUG keystonemiddleware.auth_token [-] Removing headers from request environment: X-Service-Catalog,X-Identity-Status,X-Roles,X-Service-Roles,X-Domain-Name,X-Service-Domain-Name,X-Project-Id,X-Service-Project-Id,X-Project-Domain-Name,X-Service-Project-Domain-Name,X-User-Id,X-Service-User-Id,X-User-Name,X-Service-User-Name,X-Project-Name,X-Service-Project-Name,X-User-Domain-Id,X-Service-User-Domain-Id,X-Domain-Id,X-Service-Domain-Id,X-User-Domain-Name,X-Service-User-Domain-Name,X-Project-Domain-Id,X-Service-Project-Domain-Id,X-Role,X-User,X-Tenant-Name,X-Tenant-Id,X-Tenant _remove_auth_headers /usr/lib/python2.7/site-packages/keystonemiddleware/auth_token.py:780
2014-11-25 11:00:26.826 2201 DEBUG keystonemiddleware.auth_token [-] Authenticating user token __call__ /usr/lib/python2.7/site-packages/keystonemiddleware/auth_token.py:708
2014-11-25 11:00:26.830 2201 DEBUG keystonemiddleware.auth_token [-] Returning cached token _cache_get /usr/lib/python2.7/site-packages/keystonemiddleware/auth_token.py:1793
2014-11-25 11:00:26.831 2201 DEBUG keystonemiddleware.auth_token [-] Authenticating service token __call__ /usr/lib/python2.7/site-packages/keystonemiddleware/auth_token.py:727
2014-11-25 11:00:26.831 2201 DEBUG keystonemiddleware.auth_token [-] Received request from user: user_id None, project_id None, roles None service: user_id None, project_id None, roles None __call__ /usr/lib/python2.7/site-packages/keystonemiddleware/auth_token.py:746
2014-11-25 11:00:26.835 2201 DEBUG routes.middleware [-] Matched POST /images __call__ /usr/lib/python2.7/site-packages/routes/middleware.py:100
2014-11-25 11:00:26.836 2201 DEBUG routes.middleware [-] Route path: '/images', defaults: {'action': u'create', 'controller': <glance.common.wsgi.Resource object at 0x2d3d750>} __call__ /usr/lib/python2.7/site-packages/routes/middleware.py:102
2014-11-25 11:00:26.837 2201 DEBUG routes.middleware [-] Match dict: {'action': u'create', 'controller': <glance.common.wsgi.Resource object at 0x2d3d750>} __call__ /usr/lib/python2.7/site-packages/routes/middleware.py:103
2014-11-25 11:00:26.838 2201 INFO glance.wsgi.server [-] 10.0.2.15 - - [25/Nov/2014 11:00:26] "POST /v1/images HTTP/1.1" 403 347 0.013483

unable to create new image

Hi,

I've followed the RDO quick start on top of CentOS 7 and I've now moved on to "Running an instance" which is linked at the bottom of the RDO quick start (I need 10 karma points in order to post links, so I apologize that I don't have any).

Step 4 fails for me and a little red box comes up with "Unable to create new image". I also tried just using a local .iso file to the same result.

Being new to this, I'm unsure of how troubleshoot openstack. I've looked in /var/log/horizon/horizon.log, but there isn't much for detail.

2014-11-22 04:04:59,428 18080 WARNING horizon.exceptions Recoverable error: <html>
 <head>
  <title>403 Forbidden</title>
 </head>
 <body>
  <h1>403 Forbidden</h1>
  Access was denied to this resource.<br /><br />

 </body>
</html> (HTTP 403)

I also don't see anything in the glance logs. I'm curious where I should be looking for more debugging information and if anyone else as ran into this issue.

Thanks in advance.


UPDATE 2: Through the Identify>Projects interface as the admin user, I added the admin role to the demo user. It's default value is _member_. Then, logging in as the demo user, I was able to create an image. So this must be a permissions issue with the _member_ role?

Is there a way I can see/define what roles can or cannot do? Is there a hole in the quick start documentation? I assume not, since I'm the only one having this issue.


UPDATE 1: I updated the config to enable debug. Here's a snippet of the api.log after I click 'Create Image'. I don't see any errors.

2014-11-25 11:00:26.825 2201 DEBUG glance.api.middleware.version_negotiation [-] Determining version of request: POST /v1/images Accept: */* process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:44
2014-11-25 11:00:26.826 2201 DEBUG glance.api.middleware.version_negotiation [-] Using url versioning process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:57
2014-11-25 11:00:26.826 2201 DEBUG glance.api.middleware.version_negotiation [-] Matched version: v1 process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:69
2014-11-25 11:00:26.826 2201 DEBUG glance.api.middleware.version_negotiation [-] new path /v1/images process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:70
2014-11-25 11:00:26.826 2201 DEBUG keystonemiddleware.auth_token [-] Removing headers from request environment: X-Service-Catalog,X-Identity-Status,X-Roles,X-Service-Roles,X-Domain-Name,X-Service-Domain-Name,X-Project-Id,X-Service-Project-Id,X-Project-Domain-Name,X-Service-Project-Domain-Name,X-User-Id,X-Service-User-Id,X-User-Name,X-Service-User-Name,X-Project-Name,X-Service-Project-Name,X-User-Domain-Id,X-Service-User-Domain-Id,X-Domain-Id,X-Service-Domain-Id,X-User-Domain-Name,X-Service-User-Domain-Name,X-Project-Domain-Id,X-Service-Project-Domain-Id,X-Role,X-User,X-Tenant-Name,X-Tenant-Id,X-Tenant _remove_auth_headers /usr/lib/python2.7/site-packages/keystonemiddleware/auth_token.py:780
2014-11-25 11:00:26.826 2201 DEBUG keystonemiddleware.auth_token [-] Authenticating user token __call__ /usr/lib/python2.7/site-packages/keystonemiddleware/auth_token.py:708
2014-11-25 11:00:26.830 2201 DEBUG keystonemiddleware.auth_token [-] Returning cached token _cache_get /usr/lib/python2.7/site-packages/keystonemiddleware/auth_token.py:1793
2014-11-25 11:00:26.831 2201 DEBUG keystonemiddleware.auth_token [-] Authenticating service token __call__ /usr/lib/python2.7/site-packages/keystonemiddleware/auth_token.py:727
2014-11-25 11:00:26.831 2201 DEBUG keystonemiddleware.auth_token [-] Received request from user: user_id None, project_id None, roles None service: user_id None, project_id None, roles None __call__ /usr/lib/python2.7/site-packages/keystonemiddleware/auth_token.py:746
2014-11-25 11:00:26.835 2201 DEBUG routes.middleware [-] Matched POST /images __call__ /usr/lib/python2.7/site-packages/routes/middleware.py:100
2014-11-25 11:00:26.836 2201 DEBUG routes.middleware [-] Route path: '/images', defaults: {'action': u'create', 'controller': <glance.common.wsgi.Resource object at 0x2d3d750>} __call__ /usr/lib/python2.7/site-packages/routes/middleware.py:102
2014-11-25 11:00:26.837 2201 DEBUG routes.middleware [-] Match dict: {'action': u'create', 'controller': <glance.common.wsgi.Resource object at 0x2d3d750>} __call__ /usr/lib/python2.7/site-packages/routes/middleware.py:103
2014-11-25 11:00:26.838 2201 INFO glance.wsgi.server [-] 10.0.2.15 - - [25/Nov/2014 11:00:26] "POST /v1/images HTTP/1.1" 403 347 0.013483