Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Glance image-list: Invalid OpenStack Identity credentials

hi all,

i met a problem abouth the identity credential issue. when trying to create an image or show image list. an error "Invalid OpenStack Identity credentials" occurred. i have tried both on ubuntu 14.04 LTS and ubuntu 15. but issue is same.

i checked this website and found some similar issue, such as 'https://ask.openstack.org/en/question/57155/image-service-invalid-openstack-identity-credentials/". the solution in this issue cannot solve my problem.

i have looked into it for long time but....

all ENV have been sourced into OS.

Glance image-list: Invalid OpenStack Identity credentials

hi all,

i met a problem abouth the identity credential issue. when trying to create an image or show image list. an error "Invalid OpenStack Identity credentials" occurred. i have tried both on ubuntu 14.04 LTS and ubuntu 15. but issue is same.

i checked this website and found some similar issue, such as 'https://ask.openstack.org/en/question/57155/image-service-invalid-openstack-identity-credentials/". the solution in this issue cannot solve my problem.

i have looked into it for long time but....

all ENV have been sourced into OS.

root@Controller:~# env | grep OS_
OS_PROJECT_DOMAIN_ID=default
OS_IMAGE_API_VERSION=2
OS_USER_DOMAIN_ID=default
OS_PROJECT_NAME=admin
OS_IDENTITY_API_VERSION=3
OS_PASSWORD=Admin123
OS_AUTH_URL=http://controller:35357/v3
OS_USERNAME=admin
OS_TENANT_NAME=admin
root@Controller:~#

when using "glance image-list", blow is error log:

2015-12-26 12:32:35.632 5645 DEBUG eventlet.wsgi.server [-] (5645) accepted ('10.20.0.2', 41093) server /usr/lib/python2.7/dist-packages/eventlet/wsgi.py:826
2015-12-26 12:32:35.636 5645 DEBUG glance.api.middleware.version_negotiation [-] Determining version of request: GET /v2/images Accept: */* process_request /usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:47
2015-12-26 12:32:35.637 5645 DEBUG glance.api.middleware.version_negotiation [-] Using url versioning process_request /usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:60
2015-12-26 12:32:35.638 5645 DEBUG glance.api.middleware.version_negotiation [-] Matched version: v2 process_request /usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:72
2015-12-26 12:32:35.638 5645 DEBUG glance.api.middleware.version_negotiation [-] new path /v2/images process_request /usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:73
2015-12-26 12:32:35.640 5645 DEBUG keystoneclient.session [-] REQ: curl -g -i -X GET http://controller:35357 -H "Accept: application/json" -H "User-Agent: glance/11.0.0 keystonemiddleware.auth_token/2.3.0" _http_log_request /usr/lib/python2.7/dist-packages/keystoneclient/session.py:198
2015-12-26 12:32:35.653 5645 DEBUG keystoneclient.session [-] RESP: [300] Content-Length: 591 Vary: X-Auth-Token Keep-Alive: timeout=5, max=100 Server: Apache/2.4.7 (Ubuntu) Connection: Keep-Alive Date: Sat, 26 Dec 2015 04:32:35 GMT Content-Type: application/json X-Distribution: Ubuntu 
RESP BODY: {"versions": {"values": [{"status": "stable", "updated": "2015-03-30T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.4", "links": [{"href": "http://controller:35357/v3/", "rel": "self"}]}, {"status": "stable", "updated": "2014-04-17T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v2.0+json"}], "id": "v2.0", "links": [{"href": "http://controller:35357/v2.0/", "rel": "self"}, {"href": "http://docs.openstack.org/", "type": "text/html", "rel": "describedby"}]}]}}
 _http_log_response /usr/lib/python2.7/dist-packages/keystoneclient/session.py:215
2015-12-26 12:32:35.654 5645 DEBUG keystoneclient.auth.identity.v3.base [-] Making authentication request to http://controller:35357/v3/auth/tokens get_auth_ref /usr/lib/python2.7/dist-packages/keystoneclient/auth/identity/v3/base.py:188
2015-12-26 12:32:35.738 5645 DEBUG keystoneclient.session [-] Request returned failure status: 400 request /usr/lib/python2.7/dist-packages/keystoneclient/session.py:400
2015-12-26 12:32:35.738 5645 ERROR keystonemiddleware.auth_token [-] Bad response code while validating token: 400
2015-12-26 12:32:35.741 5645 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "Expecting to find id or name in user - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.", "code": 400, "title": "Bad Request"}}
2015-12-26 12:32:35.742 5645 WARNING keystonemiddleware.auth_token [-] Authorization failed for token
2015-12-26 12:32:35.745 5645 INFO eventlet.wsgi.server [-] 10.20.0.2 - - [26/Dec/2015 12:32:35] "GET /v2/images?limit=20&sort_key=name&sort_dir=asc HTTP/1.1" 401 566 0.110418

Error info in keystone.log:

2015-12-26 12:34:29.314382 2015-12-26 12:34:29.314 5172 DEBUG keystone.middleware.core [req-c57d7698-e81c-41de-8914-b64e0c2f8b3b - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. process_request /usr/lib/python2.7/dist-packages/keystone/middleware/core.py:310
2015-12-26 12:34:29.315427 2015-12-26 12:34:29.315 5172 INFO keystone.common.wsgi [req-c57d7698-e81c-41de-8914-b64e0c2f8b3b - - - - -] GET http://controller:35357/v3/
2015-12-26 12:34:29.319478 2015-12-26 12:34:29.319 5173 DEBUG keystone.middleware.core [req-9b1b9c21-7c20-42ed-8b36-724598528846 - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. process_request /usr/lib/python2.7/dist-packages/keystone/middleware/core.py:310
2015-12-26 12:34:29.322371 2015-12-26 12:34:29.322 5173 INFO keystone.common.wsgi [req-9b1b9c21-7c20-42ed-8b36-724598528846 - - - - -] POST http://controller:35357/v3/auth/tokens
2015-12-26 12:34:29.386523 2015-12-26 12:34:29.386 5173 DEBUG keystone.common.kvs.core [req-9b1b9c21-7c20-42ed-8b36-724598528846 - - - - -] KVS lock acquired for: usertokens-ad41a4ad01dd49848a01cf21298ad67a acquire /usr/lib/python2.7/dist-packages/keystone/common/kvs/core.py:381
2015-12-26 12:34:29.390782 2015-12-26 12:34:29.390 5173 DEBUG keystone.common.kvs.core [req-9b1b9c21-7c20-42ed-8b36-724598528846 - - - - -] KVS lock released for: usertokens-ad41a4ad01dd49848a01cf21298ad67a release /usr/lib/python2.7/dist-packages/keystone/common/kvs/core.py:400
2015-12-26 12:34:29.407685 2015-12-26 12:34:29.407 5175 INFO keystone.common.wsgi [req-498cdb60-0d38-4a70-9db1-12f9d1572e32 - - - - -] GET http://controller:35357/
2015-12-26 12:34:29.418854 2015-12-26 12:34:29.418 5176 DEBUG keystone.middleware.core [req-adbfc731-bd44-4039-9328-60a4dd43de10 - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. process_request /usr/lib/python2.7/dist-packages/keystone/middleware/core.py:310
2015-12-26 12:34:29.420953 2015-12-26 12:34:29.420 5176 INFO keystone.common.wsgi [req-adbfc731-bd44-4039-9328-60a4dd43de10 - - - - -] POST http://controller:35357/v3/auth/tokens
2015-12-26 12:34:29.430648 2015-12-26 12:34:29.430 5176 WARNING keystone.common.wsgi [req-adbfc731-bd44-4039-9328-60a4dd43de10 - - - - -] Expecting to find id or name in user - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.

root@Controller:~# openstack user list
+----------------------------------+--------+
| ID                               | Name   |
+----------------------------------+--------+
| 2032a03d112e46c39528bdd4acb55029 | glance |
| ab0bfe4c69a94992b0d5c05e3431f77c | demo   |
| ad41a4ad01dd49848a01cf21298ad67a | admin  |
+----------------------------------+--------+
root@Controller:~# openstack user show glance
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | default                          |
| enabled   | True                             |
| id        | 2032a03d112e46c39528bdd4acb55029 |
| name      | glance                           |
+-----------+----------------------------------+
root@Controller:~# 

/etc/glance/glance-api.conf
[keystone_authtoken]
auth_uri=http://controller:5000
auth_url=http://controller:35357
auth_plugin=password
project_domain_id=default
user_domain_id=default
project_name=service
user-name=glance
password=Admin123

root@Controller:~# netstat -napl | grep 5000
tcp6       0      0 :::5000                 :::*                    LISTEN      5166/apache2    
root@Controller:~# 
root@Controller:~# netstat -napl | grep 35357
tcp6       0      0 :::35357                :::*                    LISTEN      5166/apache2    
root@Controller:~# 

root@Controller:~# openstack --debug image list
START with options: ['--debug', 'image', 'list']
options: Namespace(access_token_endpoint='', auth_type='', auth_url='http://controller:35357/v3', cacert='', client_id='', client_secret='', cloud='', debug=True, default_domain='default', deferred_help=False, domain_id='', domain_name='', endpoint='', identity_provider='', insecure=None, interface='', log_file=None, os_compute_api_version='', os_identity_api_version='3', os_image_api_version='2', os_network_api_version='', os_object_api_version='', os_project_id=None, os_project_name=None, os_volume_api_version='', password='Admin123', project_domain_id='default', project_domain_name='', project_id='', project_name='admin', protocol='', region_name='', scope='', timing=False, token='', trust_id='', url='', user_domain_id='default', user_domain_name='', user_id='', username='admin', verbose_level=3, verify=None)
defaults: {'auth_type': 'password', 'compute_api_version': '2', 'database_api_version': '1.0', 'api_timeout': None, 'baremetal_api_version': '1', 'cacert': None, 'image_api_use_tasks': False, 'floating_ip_source': 'neutron', 'key': None, 'interface': None, 'network_api_version': '2', 'image_format': 'qcow2', 'object_api_version': '1', 'image_api_version': '1', 'verify': True, 'identity_api_version': '2', 'volume_api_version': '1', 'cert': None, 'secgroup_source': 'neutron', 'dns_api_version': '2', 'disable_vendor_agent': {}}
cloud cfg: {'auth_type': 'password', 'compute_api_version': '2', 'database_api_version': '1.0', 'interface': None, 'network_api_version': '2', 'image_format': 'qcow2', 'object_api_version': '1', 'image_api_version': '2', 'verify': True, 'timing': False, 'dns_api_version': '2', 'verbose_level': 3, 'region_name': '', 'api_timeout': None, 'baremetal_api_version': '1', 'auth': {'username': 'admin', 'project_name': 'admin', 'user_domain_id': 'default', 'tenant_name': 'admin', 'auth_url': 'http://controller:35357/v3', 'password': 'Admin123', 'project_domain_id': 'default'}, 'default_domain': 'default', 'image_api_use_tasks': False, 'floating_ip_source': 'neutron', 'key': None, 'cacert': None, 'deferred_help': False, 'identity_api_version': '3', 'volume_api_version': '1', 'cert': None, 'secgroup_source': 'neutron', 'debug': True, 'disable_vendor_agent': {}}
compute API version 2, cmd group openstack.compute.v2
network API version 2, cmd group openstack.network.v2
image API version 2, cmd group openstack.image.v2
volume API version 1, cmd group openstack.volume.v1
identity API version 3, cmd group openstack.identity.v3
object_store API version 1, cmd group openstack.object_store.v1
command: image list -> openstackclient.image.v2.image.ListImage
Auth plugin password selected
auth_type: password
Using auth plugin: password
Using parameters {'username': 'admin', 'project_name': 'admin', 'auth_url': 'http://controller:35357/v3', 'user_domain_id': 'default', 'tenant_name': 'admin', 'password': 'Admin123', 'project_domain_id': 'default'}
Get auth_ref
REQ: curl -g -i -X GET http://controller:35357/v3 -H "Accept: application/json" -H "User-Agent: python-openstackclient"
Starting new HTTP connection (1): controller
"GET /v3 HTTP/1.1" 200 250
RESP: [200] Content-Length: 250 Vary: X-Auth-Token Keep-Alive: timeout=5, max=100 Server: Apache/2.4.7 (Ubuntu) Connection: Keep-Alive Date: Sat, 26 Dec 2015 04:48:20 GMT x-openstack-request-id: req-b32c4f93-3c05-4800-980b-c3502d12cd88 Content-Type: application/json X-Distribution: Ubuntu 
RESP BODY: {"version": {"status": "stable", "updated": "2015-03-30T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.4", "links": [{"href": "http://controller:35357/v3/", "rel": "self"}]}}

Making authentication request to http://controller:35357/v3/auth/tokens
"POST /v3/auth/tokens HTTP/1.1" 201 1607
take_action(Namespace(columns=[], formatter='table', long=False, max_width=0, page_size=None, private=False, property=None, public=False, quote_mode='nonnumeric', shared=False, sort=None))
Instantiating image client: <class 'glanceclient.v2.client.Client'>
Making authentication request to http://controller:35357/v3/auth/tokens
"POST /v3/auth/tokens HTTP/1.1" 201 1607
Instantiating image api: <class 'openstackclient.api.image_v2.APIv2'>
REQ: curl -g -i -X GET http://controller:9292/v2/images -H "User-Agent: python-openstackclient" -H "X-Auth-Token: {SHA1}82dd99d0bd1b12881d5e711b0198532d8cddcc7e"
Starting new HTTP connection (1): controller
"GET /v2/images HTTP/1.1" 401 358
RESP: [401] Date: Sat, 26 Dec 2015 04:48:20 GMT Connection: keep-alive Content-Type: text/html; charset=UTF-8 Content-Length: 358 Www-Authenticate: Keystone uri='http://controller:5000' 
RESP BODY: <html>
 <head>
  <title>401 Unauthorized</title>
 </head>
 <body>
  <h1>401 Unauthorized</h1>
  This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.<br /><br />



 </body>
</html>

Making authentication request to http://controller:35357/v3/auth/tokens
"POST /v3/auth/tokens HTTP/1.1" 201 1607
"GET /v2/images HTTP/1.1" 401 358
RESP: [401] Date: Sat, 26 Dec 2015 04:48:20 GMT Connection: keep-alive Content-Type: text/html; charset=UTF-8 Content-Length: 358 Www-Authenticate: Keystone uri='http://controller:5000' 
RESP BODY: <html>
 <head>
  <title>401 Unauthorized</title>
 </head>
 <body>
  <h1>401 Unauthorized</h1>
  This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.<br /><br />



 </body>
</html>

Request returned failure status: 401
Unauthorized (HTTP 401)
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 374, in run_subcommand
    result = cmd.run(parsed_args)
  File "/usr/lib/python2.7/dist-packages/cliff/display.py", line 92, in run
    column_names, data = self.take_action(parsed_args)
  File "/usr/lib/python2.7/dist-packages/openstackclient/image/v2/image.py", line 425, in take_action
    page = image_client.api.image_list(marker=marker, **kwargs)
  File "/usr/lib/python2.7/dist-packages/openstackclient/api/image_v2.py", line 71, in image_list
    return self.list(url, **filter)['images']
  File "/usr/lib/python2.7/dist-packages/openstackclient/api/api.py", line 196, in list
    params=params,
  File "/usr/lib/python2.7/dist-packages/openstackclient/api/api.py", line 82, in _request
    return session.request(url, method, **kwargs)
  File "/usr/lib/python2.7/dist-packages/openstackclient/common/session.py", line 40, in request
    resp = super(TimingSession, self).request(url, method, **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystoneclient/utils.py", line 337, in inner
    return func(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystoneclient/session.py", line 401, in request
    raise exceptions.from_response(resp, method, url)
Unauthorized: Unauthorized (HTTP 401)
clean_up ListImage: Unauthorized (HTTP 401)
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/openstackclient/shell.py", line 108, in run
    ret_val = super(OpenStackShell, self).run(argv)
  File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 255, in run
    result = self.run_subcommand(remainder)
  File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 374, in run_subcommand
    result = cmd.run(parsed_args)
  File "/usr/lib/python2.7/dist-packages/cliff/display.py", line 92, in run
    column_names, data = self.take_action(parsed_args)
  File "/usr/lib/python2.7/dist-packages/openstackclient/image/v2/image.py", line 425, in take_action
    page = image_client.api.image_list(marker=marker, **kwargs)
  File "/usr/lib/python2.7/dist-packages/openstackclient/api/image_v2.py", line 71, in image_list
    return self.list(url, **filter)['images']
  File "/usr/lib/python2.7/dist-packages/openstackclient/api/api.py", line 196, in list
    params=params,
  File "/usr/lib/python2.7/dist-packages/openstackclient/api/api.py", line 82, in _request
    return session.request(url, method, **kwargs)
  File "/usr/lib/python2.7/dist-packages/openstackclient/common/session.py", line 40, in request
    resp = super(TimingSession, self).request(url, method, **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystoneclient/utils.py", line 337, in inner
    return func(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystoneclient/session.py", line 401, in request
    raise exceptions.from_response(resp, method, url)
Unauthorized: Unauthorized (HTTP 401)

END return value: 1
root@Controller:~#

i have tried some solution in ask website. but no help for my issue.

anyone can give me some suggestion?

Glance image-list: Invalid OpenStack Identity credentialscredentials in L

hi all,

i met a problem abouth about the identity credential issue. issue. the installation guide is "http://docs.openstack.org/liberty/install-guide-ubuntu/". when trying to create an image or show image list. an error "Invalid OpenStack Identity credentials" occurred. i have tried both on ubuntu 14.04 LTS and ubuntu 15. but issue is same.

i checked this website and found some similar issue, such as 'https://ask.openstack.org/en/question/57155/image-service-invalid-openstack-identity-credentials/". the solution in this issue cannot solve my problem.

i have looked into it for long time but....

all ENV have been sourced into OS.

root@Controller:~# env | grep OS_
OS_PROJECT_DOMAIN_ID=default
OS_IMAGE_API_VERSION=2
OS_USER_DOMAIN_ID=default
OS_PROJECT_NAME=admin
OS_IDENTITY_API_VERSION=3
OS_PASSWORD=Admin123
OS_AUTH_URL=http://controller:35357/v3
OS_USERNAME=admin
OS_TENANT_NAME=admin
root@Controller:~#

when using "glance image-list", blow is error log:

2015-12-26 12:32:35.632 5645 DEBUG eventlet.wsgi.server [-] (5645) accepted ('10.20.0.2', 41093) server /usr/lib/python2.7/dist-packages/eventlet/wsgi.py:826
2015-12-26 12:32:35.636 5645 DEBUG glance.api.middleware.version_negotiation [-] Determining version of request: GET /v2/images Accept: */* process_request /usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:47
2015-12-26 12:32:35.637 5645 DEBUG glance.api.middleware.version_negotiation [-] Using url versioning process_request /usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:60
2015-12-26 12:32:35.638 5645 DEBUG glance.api.middleware.version_negotiation [-] Matched version: v2 process_request /usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:72
2015-12-26 12:32:35.638 5645 DEBUG glance.api.middleware.version_negotiation [-] new path /v2/images process_request /usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:73
2015-12-26 12:32:35.640 5645 DEBUG keystoneclient.session [-] REQ: curl -g -i -X GET http://controller:35357 -H "Accept: application/json" -H "User-Agent: glance/11.0.0 keystonemiddleware.auth_token/2.3.0" _http_log_request /usr/lib/python2.7/dist-packages/keystoneclient/session.py:198
2015-12-26 12:32:35.653 5645 DEBUG keystoneclient.session [-] RESP: [300] Content-Length: 591 Vary: X-Auth-Token Keep-Alive: timeout=5, max=100 Server: Apache/2.4.7 (Ubuntu) Connection: Keep-Alive Date: Sat, 26 Dec 2015 04:32:35 GMT Content-Type: application/json X-Distribution: Ubuntu 
RESP BODY: {"versions": {"values": [{"status": "stable", "updated": "2015-03-30T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.4", "links": [{"href": "http://controller:35357/v3/", "rel": "self"}]}, {"status": "stable", "updated": "2014-04-17T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v2.0+json"}], "id": "v2.0", "links": [{"href": "http://controller:35357/v2.0/", "rel": "self"}, {"href": "http://docs.openstack.org/", "type": "text/html", "rel": "describedby"}]}]}}
 _http_log_response /usr/lib/python2.7/dist-packages/keystoneclient/session.py:215
2015-12-26 12:32:35.654 5645 DEBUG keystoneclient.auth.identity.v3.base [-] Making authentication request to http://controller:35357/v3/auth/tokens get_auth_ref /usr/lib/python2.7/dist-packages/keystoneclient/auth/identity/v3/base.py:188
2015-12-26 12:32:35.738 5645 DEBUG keystoneclient.session [-] Request returned failure status: 400 request /usr/lib/python2.7/dist-packages/keystoneclient/session.py:400
2015-12-26 12:32:35.738 5645 ERROR keystonemiddleware.auth_token [-] Bad response code while validating token: 400
2015-12-26 12:32:35.741 5645 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "Expecting to find id or name in user - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.", "code": 400, "title": "Bad Request"}}
2015-12-26 12:32:35.742 5645 WARNING keystonemiddleware.auth_token [-] Authorization failed for token
2015-12-26 12:32:35.745 5645 INFO eventlet.wsgi.server [-] 10.20.0.2 - - [26/Dec/2015 12:32:35] "GET /v2/images?limit=20&sort_key=name&sort_dir=asc HTTP/1.1" 401 566 0.110418

Error info in keystone.log:

2015-12-26 12:34:29.314382 2015-12-26 12:34:29.314 5172 DEBUG keystone.middleware.core [req-c57d7698-e81c-41de-8914-b64e0c2f8b3b - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. process_request /usr/lib/python2.7/dist-packages/keystone/middleware/core.py:310
2015-12-26 12:34:29.315427 2015-12-26 12:34:29.315 5172 INFO keystone.common.wsgi [req-c57d7698-e81c-41de-8914-b64e0c2f8b3b - - - - -] GET http://controller:35357/v3/
2015-12-26 12:34:29.319478 2015-12-26 12:34:29.319 5173 DEBUG keystone.middleware.core [req-9b1b9c21-7c20-42ed-8b36-724598528846 - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. process_request /usr/lib/python2.7/dist-packages/keystone/middleware/core.py:310
2015-12-26 12:34:29.322371 2015-12-26 12:34:29.322 5173 INFO keystone.common.wsgi [req-9b1b9c21-7c20-42ed-8b36-724598528846 - - - - -] POST http://controller:35357/v3/auth/tokens
2015-12-26 12:34:29.386523 2015-12-26 12:34:29.386 5173 DEBUG keystone.common.kvs.core [req-9b1b9c21-7c20-42ed-8b36-724598528846 - - - - -] KVS lock acquired for: usertokens-ad41a4ad01dd49848a01cf21298ad67a acquire /usr/lib/python2.7/dist-packages/keystone/common/kvs/core.py:381
2015-12-26 12:34:29.390782 2015-12-26 12:34:29.390 5173 DEBUG keystone.common.kvs.core [req-9b1b9c21-7c20-42ed-8b36-724598528846 - - - - -] KVS lock released for: usertokens-ad41a4ad01dd49848a01cf21298ad67a release /usr/lib/python2.7/dist-packages/keystone/common/kvs/core.py:400
2015-12-26 12:34:29.407685 2015-12-26 12:34:29.407 5175 INFO keystone.common.wsgi [req-498cdb60-0d38-4a70-9db1-12f9d1572e32 - - - - -] GET http://controller:35357/
2015-12-26 12:34:29.418854 2015-12-26 12:34:29.418 5176 DEBUG keystone.middleware.core [req-adbfc731-bd44-4039-9328-60a4dd43de10 - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. process_request /usr/lib/python2.7/dist-packages/keystone/middleware/core.py:310
2015-12-26 12:34:29.420953 2015-12-26 12:34:29.420 5176 INFO keystone.common.wsgi [req-adbfc731-bd44-4039-9328-60a4dd43de10 - - - - -] POST http://controller:35357/v3/auth/tokens
2015-12-26 12:34:29.430648 2015-12-26 12:34:29.430 5176 WARNING keystone.common.wsgi [req-adbfc731-bd44-4039-9328-60a4dd43de10 - - - - -] Expecting to find id or name in user - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.

root@Controller:~# openstack user list
+----------------------------------+--------+
| ID                               | Name   |
+----------------------------------+--------+
| 2032a03d112e46c39528bdd4acb55029 | glance |
| ab0bfe4c69a94992b0d5c05e3431f77c | demo   |
| ad41a4ad01dd49848a01cf21298ad67a | admin  |
+----------------------------------+--------+
root@Controller:~# openstack user show glance
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | default                          |
| enabled   | True                             |
| id        | 2032a03d112e46c39528bdd4acb55029 |
| name      | glance                           |
+-----------+----------------------------------+
root@Controller:~# 

root@Controller:~# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                          |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
| 2a59ac392b7e48efb44ac96b4b0f421e | RegionOne | glance       | image        | True    | admin     | http://controller:9292       |
| 2e2d880f426d4603a3748f000a460b30 | RegionOne | keystone     | identity     | True    | admin     | http://controller:35357/v2.0 |
| 3239cf12737c473ab3bbbd8bddd424f4 | RegionOne | glance       | image        | True    | public    | http://controller:9292       |
| 8af8de4e667346158845f79d62176ace | RegionOne | keystone     | identity     | True    | public    | http://controller:5000/v2.0  |
| e393a074c20d4760af15c847446afbb9 | RegionOne | keystone     | identity     | True    | internal  | http://controller:5000/v2.0  |
| f0561439667f4d4b8891f55435ddc913 | RegionOne | glance       | image        | True    | internal  | http://controller:9292       |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
root@Controller:~# 



    /etc/glance/glance-api.conf
 [keystone_authtoken]
 auth_uri=http://controller:5000
 auth_url=http://controller:35357
 auth_plugin=password
 project_domain_id=default
 user_domain_id=default
 project_name=service
 user-name=glance
 password=Admin123

 root@Controller:~# netstat -napl | grep 5000
 tcp6       0      0 :::5000                 :::*                    LISTEN      5166/apache2    
 root@Controller:~# 
 root@Controller:~# netstat -napl | grep 35357
 tcp6       0      0 :::35357                :::*                    LISTEN      5166/apache2    
 root@Controller:~# 

 root@Controller:~# openstack --debug image list
 START with options: ['--debug', 'image', 'list']
 options: Namespace(access_token_endpoint='', auth_type='', auth_url='http://controller:35357/v3', cacert='', client_id='', client_secret='', cloud='', debug=True, default_domain='default', deferred_help=False, domain_id='', domain_name='', endpoint='', identity_provider='', insecure=None, interface='', log_file=None, os_compute_api_version='', os_identity_api_version='3', os_image_api_version='2', os_network_api_version='', os_object_api_version='', os_project_id=None, os_project_name=None, os_volume_api_version='', password='Admin123', project_domain_id='default', project_domain_name='', project_id='', project_name='admin', protocol='', region_name='', scope='', timing=False, token='', trust_id='', url='', user_domain_id='default', user_domain_name='', user_id='', username='admin', verbose_level=3, verify=None)
 defaults: {'auth_type': 'password', 'compute_api_version': '2', 'database_api_version': '1.0', 'api_timeout': None, 'baremetal_api_version': '1', 'cacert': None, 'image_api_use_tasks': False, 'floating_ip_source': 'neutron', 'key': None, 'interface': None, 'network_api_version': '2', 'image_format': 'qcow2', 'object_api_version': '1', 'image_api_version': '1', 'verify': True, 'identity_api_version': '2', 'volume_api_version': '1', 'cert': None, 'secgroup_source': 'neutron', 'dns_api_version': '2', 'disable_vendor_agent': {}}
 cloud cfg: {'auth_type': 'password', 'compute_api_version': '2', 'database_api_version': '1.0', 'interface': None, 'network_api_version': '2', 'image_format': 'qcow2', 'object_api_version': '1', 'image_api_version': '2', 'verify': True, 'timing': False, 'dns_api_version': '2', 'verbose_level': 3, 'region_name': '', 'api_timeout': None, 'baremetal_api_version': '1', 'auth': {'username': 'admin', 'project_name': 'admin', 'user_domain_id': 'default', 'tenant_name': 'admin', 'auth_url': 'http://controller:35357/v3', 'password': 'Admin123', 'project_domain_id': 'default'}, 'default_domain': 'default', 'image_api_use_tasks': False, 'floating_ip_source': 'neutron', 'key': None, 'cacert': None, 'deferred_help': False, 'identity_api_version': '3', 'volume_api_version': '1', 'cert': None, 'secgroup_source': 'neutron', 'debug': True, 'disable_vendor_agent': {}}
 compute API version 2, cmd group openstack.compute.v2
 network API version 2, cmd group openstack.network.v2
 image API version 2, cmd group openstack.image.v2
 volume API version 1, cmd group openstack.volume.v1
 identity API version 3, cmd group openstack.identity.v3
 object_store API version 1, cmd group openstack.object_store.v1
 command: image list -> openstackclient.image.v2.image.ListImage
 Auth plugin password selected
 auth_type: password
 Using auth plugin: password
 Using parameters {'username': 'admin', 'project_name': 'admin', 'auth_url': 'http://controller:35357/v3', 'user_domain_id': 'default', 'tenant_name': 'admin', 'password': 'Admin123', 'project_domain_id': 'default'}
 Get auth_ref
 REQ: curl -g -i -X GET http://controller:35357/v3 -H "Accept: application/json" -H "User-Agent: python-openstackclient"
 Starting new HTTP connection (1): controller
 "GET /v3 HTTP/1.1" 200 250
 RESP: [200] Content-Length: 250 Vary: X-Auth-Token Keep-Alive: timeout=5, max=100 Server: Apache/2.4.7 (Ubuntu) Connection: Keep-Alive Date: Sat, 26 Dec 2015 04:48:20 GMT x-openstack-request-id: req-b32c4f93-3c05-4800-980b-c3502d12cd88 Content-Type: application/json X-Distribution: Ubuntu 
 RESP BODY: {"version": {"status": "stable", "updated": "2015-03-30T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.4", "links": [{"href": "http://controller:35357/v3/", "rel": "self"}]}}
 
Making authentication request to http://controller:35357/v3/auth/tokens
"POST /v3/auth/tokens HTTP/1.1" 201 1607
take_action(Namespace(columns=[], formatter='table', long=False, max_width=0, page_size=None, private=False, property=None, public=False, quote_mode='nonnumeric', shared=False, sort=None))
Instantiating image client: <class 'glanceclient.v2.client.Client'>
Making authentication request to http://controller:35357/v3/auth/tokens
"POST /v3/auth/tokens HTTP/1.1" 201 1607
Instantiating image api: <class 'openstackclient.api.image_v2.APIv2'>
REQ: curl -g -i -X GET http://controller:9292/v2/images -H "User-Agent: python-openstackclient" -H "X-Auth-Token: {SHA1}82dd99d0bd1b12881d5e711b0198532d8cddcc7e"
Starting new HTTP connection (1): controller
"GET /v2/images HTTP/1.1" 401 358
RESP: [401] Date: Sat, 26 Dec 2015 04:48:20 GMT Connection: keep-alive Content-Type: text/html; charset=UTF-8 Content-Length: 358 Www-Authenticate: Keystone uri='http://controller:5000' 
RESP BODY: <html>
 <head>
  <title>401 Unauthorized</title>
 </head>
 <body>
  <h1>401 Unauthorized</h1>
  This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.<br /><br />



 </body>
</html>

Making authentication request to http://controller:35357/v3/auth/tokens
"POST /v3/auth/tokens HTTP/1.1" 201 1607
"GET /v2/images HTTP/1.1" 401 358
RESP: [401] Date: Sat, 26 Dec 2015 04:48:20 GMT Connection: keep-alive Content-Type: text/html; charset=UTF-8 Content-Length: 358 Www-Authenticate: Keystone uri='http://controller:5000' 
RESP BODY: <html>
 <head>
  <title>401 Unauthorized</title>
 </head>
 <body>
  <h1>401 Unauthorized</h1>
  This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.<br /><br />



 </body>
</html>

Request returned failure status: 401
Unauthorized (HTTP 401)
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 374, in run_subcommand
    result = cmd.run(parsed_args)
  File "/usr/lib/python2.7/dist-packages/cliff/display.py", line 92, in run
    column_names, data = self.take_action(parsed_args)
  File "/usr/lib/python2.7/dist-packages/openstackclient/image/v2/image.py", line 425, in take_action
    page = image_client.api.image_list(marker=marker, **kwargs)
  File "/usr/lib/python2.7/dist-packages/openstackclient/api/image_v2.py", line 71, in image_list
    return self.list(url, **filter)['images']
  File "/usr/lib/python2.7/dist-packages/openstackclient/api/api.py", line 196, in list
    params=params,
  File "/usr/lib/python2.7/dist-packages/openstackclient/api/api.py", line 82, in _request
    return session.request(url, method, **kwargs)
  File "/usr/lib/python2.7/dist-packages/openstackclient/common/session.py", line 40, in request
    resp = super(TimingSession, self).request(url, method, **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystoneclient/utils.py", line 337, in inner
    return func(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystoneclient/session.py", line 401, in request
    raise exceptions.from_response(resp, method, url)
Unauthorized: Unauthorized (HTTP 401)
clean_up ListImage: Unauthorized (HTTP 401)
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/openstackclient/shell.py", line 108, in run
    ret_val = super(OpenStackShell, self).run(argv)
  File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 255, in run
    result = self.run_subcommand(remainder)
  File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 374, in run_subcommand
    result = cmd.run(parsed_args)
  File "/usr/lib/python2.7/dist-packages/cliff/display.py", line 92, in run
    column_names, data = self.take_action(parsed_args)
  File "/usr/lib/python2.7/dist-packages/openstackclient/image/v2/image.py", line 425, in take_action
    page = image_client.api.image_list(marker=marker, **kwargs)
  File "/usr/lib/python2.7/dist-packages/openstackclient/api/image_v2.py", line 71, in image_list
    return self.list(url, **filter)['images']
  File "/usr/lib/python2.7/dist-packages/openstackclient/api/api.py", line 196, in list
    params=params,
  File "/usr/lib/python2.7/dist-packages/openstackclient/api/api.py", line 82, in _request
    return session.request(url, method, **kwargs)
  File "/usr/lib/python2.7/dist-packages/openstackclient/common/session.py", line 40, in request
    resp = super(TimingSession, self).request(url, method, **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystoneclient/utils.py", line 337, in inner
    return func(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystoneclient/session.py", line 401, in request
    raise exceptions.from_response(resp, method, url)
Unauthorized: Unauthorized (HTTP 401)

END return value: 1
root@Controller:~#

i have tried some solution solutions in ask website. but no help for my issue.

anyone can give me some suggestion?suggestions?

Glance image-list: Invalid OpenStack Identity credentials in Lcredentials

hi all,

i met a problem about the identity credential issue. the installation guide is "http://docs.openstack.org/liberty/install-guide-ubuntu/". when trying to create an image or show image list. an error "Invalid OpenStack Identity credentials" occurred. i have tried both on ubuntu 14.04 LTS and ubuntu 15. but issue is same.

i checked this website and found some similar issue, such as 'https://ask.openstack.org/en/question/57155/image-service-invalid-openstack-identity-credentials/". the solution in this issue cannot solve my problem.

i have looked into it for long time but....

all ENV have been sourced into OS.

root@Controller:~# env | grep OS_
OS_PROJECT_DOMAIN_ID=default
OS_IMAGE_API_VERSION=2
OS_USER_DOMAIN_ID=default
OS_PROJECT_NAME=admin
OS_IDENTITY_API_VERSION=3
OS_PASSWORD=Admin123
OS_AUTH_URL=http://controller:35357/v3
OS_USERNAME=admin
OS_TENANT_NAME=admin
root@Controller:~#

when using "glance image-list", blow is error log:

2015-12-26 12:32:35.632 5645 DEBUG eventlet.wsgi.server [-] (5645) accepted ('10.20.0.2', 41093) server /usr/lib/python2.7/dist-packages/eventlet/wsgi.py:826
2015-12-26 12:32:35.636 5645 DEBUG glance.api.middleware.version_negotiation [-] Determining version of request: GET /v2/images Accept: */* process_request /usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:47
2015-12-26 12:32:35.637 5645 DEBUG glance.api.middleware.version_negotiation [-] Using url versioning process_request /usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:60
2015-12-26 12:32:35.638 5645 DEBUG glance.api.middleware.version_negotiation [-] Matched version: v2 process_request /usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:72
2015-12-26 12:32:35.638 5645 DEBUG glance.api.middleware.version_negotiation [-] new path /v2/images process_request /usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:73
2015-12-26 12:32:35.640 5645 DEBUG keystoneclient.session [-] REQ: curl -g -i -X GET http://controller:35357 -H "Accept: application/json" -H "User-Agent: glance/11.0.0 keystonemiddleware.auth_token/2.3.0" _http_log_request /usr/lib/python2.7/dist-packages/keystoneclient/session.py:198
2015-12-26 12:32:35.653 5645 DEBUG keystoneclient.session [-] RESP: [300] Content-Length: 591 Vary: X-Auth-Token Keep-Alive: timeout=5, max=100 Server: Apache/2.4.7 (Ubuntu) Connection: Keep-Alive Date: Sat, 26 Dec 2015 04:32:35 GMT Content-Type: application/json X-Distribution: Ubuntu 
RESP BODY: {"versions": {"values": [{"status": "stable", "updated": "2015-03-30T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.4", "links": [{"href": "http://controller:35357/v3/", "rel": "self"}]}, {"status": "stable", "updated": "2014-04-17T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v2.0+json"}], "id": "v2.0", "links": [{"href": "http://controller:35357/v2.0/", "rel": "self"}, {"href": "http://docs.openstack.org/", "type": "text/html", "rel": "describedby"}]}]}}
 _http_log_response /usr/lib/python2.7/dist-packages/keystoneclient/session.py:215
2015-12-26 12:32:35.654 5645 DEBUG keystoneclient.auth.identity.v3.base [-] Making authentication request to http://controller:35357/v3/auth/tokens get_auth_ref /usr/lib/python2.7/dist-packages/keystoneclient/auth/identity/v3/base.py:188
2015-12-26 12:32:35.738 5645 DEBUG keystoneclient.session [-] Request returned failure status: 400 request /usr/lib/python2.7/dist-packages/keystoneclient/session.py:400
2015-12-26 12:32:35.738 5645 ERROR keystonemiddleware.auth_token [-] Bad response code while validating token: 400
2015-12-26 12:32:35.741 5645 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "Expecting to find id or name in user - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.", "code": 400, "title": "Bad Request"}}
2015-12-26 12:32:35.742 5645 WARNING keystonemiddleware.auth_token [-] Authorization failed for token
2015-12-26 12:32:35.745 5645 INFO eventlet.wsgi.server [-] 10.20.0.2 - - [26/Dec/2015 12:32:35] "GET /v2/images?limit=20&sort_key=name&sort_dir=asc HTTP/1.1" 401 566 0.110418

Error info in keystone.log:

2015-12-26 12:34:29.314382 2015-12-26 12:34:29.314 5172 DEBUG keystone.middleware.core [req-c57d7698-e81c-41de-8914-b64e0c2f8b3b - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. process_request /usr/lib/python2.7/dist-packages/keystone/middleware/core.py:310
2015-12-26 12:34:29.315427 2015-12-26 12:34:29.315 5172 INFO keystone.common.wsgi [req-c57d7698-e81c-41de-8914-b64e0c2f8b3b - - - - -] GET http://controller:35357/v3/
2015-12-26 12:34:29.319478 2015-12-26 12:34:29.319 5173 DEBUG keystone.middleware.core [req-9b1b9c21-7c20-42ed-8b36-724598528846 - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. process_request /usr/lib/python2.7/dist-packages/keystone/middleware/core.py:310
2015-12-26 12:34:29.322371 2015-12-26 12:34:29.322 5173 INFO keystone.common.wsgi [req-9b1b9c21-7c20-42ed-8b36-724598528846 - - - - -] POST http://controller:35357/v3/auth/tokens
2015-12-26 12:34:29.386523 2015-12-26 12:34:29.386 5173 DEBUG keystone.common.kvs.core [req-9b1b9c21-7c20-42ed-8b36-724598528846 - - - - -] KVS lock acquired for: usertokens-ad41a4ad01dd49848a01cf21298ad67a acquire /usr/lib/python2.7/dist-packages/keystone/common/kvs/core.py:381
2015-12-26 12:34:29.390782 2015-12-26 12:34:29.390 5173 DEBUG keystone.common.kvs.core [req-9b1b9c21-7c20-42ed-8b36-724598528846 - - - - -] KVS lock released for: usertokens-ad41a4ad01dd49848a01cf21298ad67a release /usr/lib/python2.7/dist-packages/keystone/common/kvs/core.py:400
2015-12-26 12:34:29.407685 2015-12-26 12:34:29.407 5175 INFO keystone.common.wsgi [req-498cdb60-0d38-4a70-9db1-12f9d1572e32 - - - - -] GET http://controller:35357/
2015-12-26 12:34:29.418854 2015-12-26 12:34:29.418 5176 DEBUG keystone.middleware.core [req-adbfc731-bd44-4039-9328-60a4dd43de10 - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. process_request /usr/lib/python2.7/dist-packages/keystone/middleware/core.py:310
2015-12-26 12:34:29.420953 2015-12-26 12:34:29.420 5176 INFO keystone.common.wsgi [req-adbfc731-bd44-4039-9328-60a4dd43de10 - - - - -] POST http://controller:35357/v3/auth/tokens
2015-12-26 12:34:29.430648 2015-12-26 12:34:29.430 5176 WARNING keystone.common.wsgi [req-adbfc731-bd44-4039-9328-60a4dd43de10 - - - - -] Expecting to find id or name in user - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.

root@Controller:~# openstack user list
+----------------------------------+--------+
| ID                               | Name   |
+----------------------------------+--------+
| 2032a03d112e46c39528bdd4acb55029 | glance |
| ab0bfe4c69a94992b0d5c05e3431f77c | demo   |
| ad41a4ad01dd49848a01cf21298ad67a | admin  |
+----------------------------------+--------+
root@Controller:~# openstack user show glance
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | default                          |
| enabled   | True                             |
 | id        | 2032a03d112e46c39528bdd4acb55029 |
 | name      | glance                           |
 +-----------+----------------------------------+
 root@Controller:~# 

 root@Controller:~# openstack endpoint list
 +----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
 | ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                          |
 +----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
 | 2a59ac392b7e48efb44ac96b4b0f421e | RegionOne | glance       | image        | True    | admin     | http://controller:9292       |
 | 2e2d880f426d4603a3748f000a460b30 | RegionOne | keystone     | identity     | True    | admin     | http://controller:35357/v2.0 |
 | 3239cf12737c473ab3bbbd8bddd424f4 | RegionOne | glance       | image        | True    | public    | http://controller:9292       |
 | 8af8de4e667346158845f79d62176ace | RegionOne | keystone     | identity     | True    | public    | http://controller:5000/v2.0  |
 | e393a074c20d4760af15c847446afbb9 | RegionOne | keystone     | identity     | True    | internal  | http://controller:5000/v2.0  |
 | f0561439667f4d4b8891f55435ddc913 | RegionOne | glance       | image        | True    | internal  | http://controller:9292       |
 +----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
 root@Controller:~# 



    /etc/glance/glance-api.conf
        root@Controller:~# egrep -v '(^#|^$)' /etc/glance/glance-api.conf 
[DEFAULT]
verbose = true
notification_driver =noop
[database]
connection = mysql+pymysql://glance:Admin123@controller/glance
[glance_store]
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[image_format]
[keystone_authtoken]
    auth_uri=http://controller:5000
    auth_url=http://controller:35357
    auth_plugin=password
    project_domain_id=default
    user_domain_id=default
    project_name=service
    user-name=glance
    password=Admin123
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
user_name = glance
password = Admin123
[matchmaker_redis]
[matchmaker_ring]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
[oslo_policy]
[paste_deploy]
flavor = keystone
[store_type_location_strategy]
[task]
[taskflow_executor]
root@Controller:~# 

root@Controller:~# egrep -v '(^#|^$)' /etc/glance/glance-registry.conf 
[DEFAULT]
verbose = true
notification_driver =noop
[database]
connection = mysql+pymysql://glance:Admin123@controller/glance
[glance_store]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
user_name = glance
password = Admin123
[matchmaker_redis]
[matchmaker_ring]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
[oslo_policy]
[paste_deploy]
flavor = keystone
root@Controller:~# 


    root@Controller:~# netstat -napl | grep 5000
    tcp6       0      0 :::5000                 :::*                    LISTEN      5166/apache2    
    root@Controller:~# 
    root@Controller:~# netstat -napl | grep 35357
    tcp6       0      0 :::35357                :::*                    LISTEN      5166/apache2    
    root@Controller:~# 

    root@Controller:~# openstack --debug image list
    START with options: ['--debug', 'image', 'list']
    options: Namespace(access_token_endpoint='', auth_type='', auth_url='http://controller:35357/v3', cacert='', client_id='', client_secret='', cloud='', debug=True, default_domain='default', deferred_help=False, domain_id='', domain_name='', endpoint='', identity_provider='', insecure=None, interface='', log_file=None, os_compute_api_version='', os_identity_api_version='3', os_image_api_version='2', os_network_api_version='', os_object_api_version='', os_project_id=None, os_project_name=None, os_volume_api_version='', password='Admin123', project_domain_id='default', project_domain_name='', project_id='', project_name='admin', protocol='', region_name='', scope='', timing=False, token='', trust_id='', url='', user_domain_id='default', user_domain_name='', user_id='', username='admin', verbose_level=3, verify=None)
    defaults: {'auth_type': 'password', 'compute_api_version': '2', 'database_api_version': '1.0', 'api_timeout': None, 'baremetal_api_version': '1', 'cacert': None, 'image_api_use_tasks': False, 'floating_ip_source': 'neutron', 'key': None, 'interface': None, 'network_api_version': '2', 'image_format': 'qcow2', 'object_api_version': '1', 'image_api_version': '1', 'verify': True, 'identity_api_version': '2', 'volume_api_version': '1', 'cert': None, 'secgroup_source': 'neutron', 'dns_api_version': '2', 'disable_vendor_agent': {}}
    cloud cfg: {'auth_type': 'password', 'compute_api_version': '2', 'database_api_version': '1.0', 'interface': None, 'network_api_version': '2', 'image_format': 'qcow2', 'object_api_version': '1', 'image_api_version': '2', 'verify': True, 'timing': False, 'dns_api_version': '2', 'verbose_level': 3, 'region_name': '', 'api_timeout': None, 'baremetal_api_version': '1', 'auth': {'username': 'admin', 'project_name': 'admin', 'user_domain_id': 'default', 'tenant_name': 'admin', 'auth_url': 'http://controller:35357/v3', 'password': 'Admin123', 'project_domain_id': 'default'}, 'default_domain': 'default', 'image_api_use_tasks': False, 'floating_ip_source': 'neutron', 'key': None, 'cacert': None, 'deferred_help': False, 'identity_api_version': '3', 'volume_api_version': '1', 'cert': None, 'secgroup_source': 'neutron', 'debug': True, 'disable_vendor_agent': {}}
    compute API version 2, cmd group openstack.compute.v2
    network API version 2, cmd group openstack.network.v2
    image API version 2, cmd group openstack.image.v2
    volume API version 1, cmd group openstack.volume.v1
    identity API version 3, cmd group openstack.identity.v3
    object_store API version 1, cmd group openstack.object_store.v1
    command: image list -> openstackclient.image.v2.image.ListImage
    Auth plugin password selected
    auth_type: password
    Using auth plugin: password
    Using parameters {'username': 'admin', 'project_name': 'admin', 'auth_url': 'http://controller:35357/v3', 'user_domain_id': 'default', 'tenant_name': 'admin', 'password': 'Admin123', 'project_domain_id': 'default'}
    Get auth_ref
    REQ: curl -g -i -X GET http://controller:35357/v3 -H "Accept: application/json" -H "User-Agent: python-openstackclient"
    Starting new HTTP connection (1): controller
    "GET /v3 HTTP/1.1" 200 250
    RESP: [200] Content-Length: 250 Vary: X-Auth-Token Keep-Alive: timeout=5, max=100 Server: Apache/2.4.7 (Ubuntu) Connection: Keep-Alive Date: Sat, 26 Dec 2015 04:48:20 GMT x-openstack-request-id: req-b32c4f93-3c05-4800-980b-c3502d12cd88 Content-Type: application/json X-Distribution: Ubuntu 
    RESP BODY: {"version": {"status": "stable", "updated": "2015-03-30T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.4", "links": [{"href": "http://controller:35357/v3/", "rel": "self"}]}}


Making authentication request to http://controller:35357/v3/auth/tokens
"POST /v3/auth/tokens HTTP/1.1" 201 1607
take_action(Namespace(columns=[], formatter='table', long=False, max_width=0, page_size=None, private=False, property=None, public=False, quote_mode='nonnumeric', shared=False, sort=None))
Instantiating image client: <class 'glanceclient.v2.client.Client'>
Making authentication request to http://controller:35357/v3/auth/tokens
"POST /v3/auth/tokens HTTP/1.1" 201 1607
Instantiating image api: <class 'openstackclient.api.image_v2.APIv2'>
REQ: curl -g -i -X GET http://controller:9292/v2/images -H "User-Agent: python-openstackclient" -H "X-Auth-Token: {SHA1}82dd99d0bd1b12881d5e711b0198532d8cddcc7e"
Starting new HTTP connection (1): controller
"GET /v2/images HTTP/1.1" 401 358
RESP: [401] Date: Sat, 26 Dec 2015 04:48:20 GMT Connection: keep-alive Content-Type: text/html; charset=UTF-8 Content-Length: 358 Www-Authenticate: Keystone uri='http://controller:5000' 
RESP BODY: <html>
 <head>
  <title>401 Unauthorized</title>
 </head>
 <body>
  <h1>401 Unauthorized</h1>
  This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.<br /><br />



 </body>
</html>

Making authentication request to http://controller:35357/v3/auth/tokens
"POST /v3/auth/tokens HTTP/1.1" 201 1607
"GET /v2/images HTTP/1.1" 401 358
RESP: [401] Date: Sat, 26 Dec 2015 04:48:20 GMT Connection: keep-alive Content-Type: text/html; charset=UTF-8 Content-Length: 358 Www-Authenticate: Keystone uri='http://controller:5000' 
RESP BODY: <html>
 <head>
  <title>401 Unauthorized</title>
 </head>
 <body>
  <h1>401 Unauthorized</h1>
  This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.<br /><br />



 </body>
</html>

Request returned failure status: 401
Unauthorized (HTTP 401)
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 374, in run_subcommand
    result = cmd.run(parsed_args)
  File "/usr/lib/python2.7/dist-packages/cliff/display.py", line 92, in run
    column_names, data = self.take_action(parsed_args)
  File "/usr/lib/python2.7/dist-packages/openstackclient/image/v2/image.py", line 425, in take_action
    page = image_client.api.image_list(marker=marker, **kwargs)
  File "/usr/lib/python2.7/dist-packages/openstackclient/api/image_v2.py", line 71, in image_list
    return self.list(url, **filter)['images']
  File "/usr/lib/python2.7/dist-packages/openstackclient/api/api.py", line 196, in list
    params=params,
  File "/usr/lib/python2.7/dist-packages/openstackclient/api/api.py", line 82, in _request
    return session.request(url, method, **kwargs)
  File "/usr/lib/python2.7/dist-packages/openstackclient/common/session.py", line 40, in request
    resp = super(TimingSession, self).request(url, method, **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystoneclient/utils.py", line 337, in inner
    return func(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystoneclient/session.py", line 401, in request
    raise exceptions.from_response(resp, method, url)
Unauthorized: Unauthorized (HTTP 401)
clean_up ListImage: Unauthorized (HTTP 401)
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/openstackclient/shell.py", line 108, in run
    ret_val = super(OpenStackShell, self).run(argv)
  File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 255, in run
    result = self.run_subcommand(remainder)
  File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 374, in run_subcommand
    result = cmd.run(parsed_args)
  File "/usr/lib/python2.7/dist-packages/cliff/display.py", line 92, in run
    column_names, data = self.take_action(parsed_args)
  File "/usr/lib/python2.7/dist-packages/openstackclient/image/v2/image.py", line 425, in take_action
    page = image_client.api.image_list(marker=marker, **kwargs)
  File "/usr/lib/python2.7/dist-packages/openstackclient/api/image_v2.py", line 71, in image_list
    return self.list(url, **filter)['images']
  File "/usr/lib/python2.7/dist-packages/openstackclient/api/api.py", line 196, in list
    params=params,
  File "/usr/lib/python2.7/dist-packages/openstackclient/api/api.py", line 82, in _request
    return session.request(url, method, **kwargs)
  File "/usr/lib/python2.7/dist-packages/openstackclient/common/session.py", line 40, in request
    resp = super(TimingSession, self).request(url, method, **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystoneclient/utils.py", line 337, in inner
    return func(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystoneclient/session.py", line 401, in request
    raise exceptions.from_response(resp, method, url)
Unauthorized: Unauthorized (HTTP 401)

END return value: 1
root@Controller:~#

i have tried some solutions in ask website. but no help for my issue.

anyone can give me some suggestions?