essex: glance and swift intergration question.

Have you tried using the same key as in your swift cli command (ie "verybadpass")?

Stuart
I changed "swift_store_key" to "verybadpass" and did some testing.

First, keystone said the token was not found.
I tried to get a new token with
keystone --os_username swift --os_password verybadpass --os_auth_url http://127.0.0.1:5000/v2.0/ token-get
glance -A 1c418960beb34db2ad7ee350fd414e56 -I swift -K verybadpass -T service index

I noticed keystone log says " 'is_admin': False "

So I tried "keystone user-role-add " to add user swift with admin rights to tenant service. but glance didn't get authenticated.

keystone --os_username swift --os_password verybadpass --os_auth_url http://127.0.0.1:5000/v2.0/ token-get
glance -A 480ea3441b324a88811e6584a726612b -I swift -K verybadpass -T service index
Failed to show index. Got error:
You are not authenticated.
Details: 401 Unauthorized

******************** keystone log ********************
 SCRIPT_NAME = /v2.0
 webob.adhoc_attrs = {'response': <Response at 0x3d9fd90 200 OK>}
 REQUEST_METHOD = GET
 PATH_INFO = /tokens/480ea3441b324a88811e6584a726612b
 SERVER_PROTOCOL = HTTP/1.0
 HTTP_X_AUTH_TOKEN = b76ca38475704e649f0e4522bdb986f0
 eventlet.posthooks = []
 SERVER_NAME = 127.0.0.1
 REMOTE_ADDR = 127.0.0.1
 eventlet.input = <eventlet.wsgi.Input object at 0x3d7d390>
 wsgi.url_scheme = http
 SERVER_PORT = 35357
 wsgi.input = <eventlet.wsgi.Input object at 0x3d7d390>
 HTTP_HOST = 127.0.0.1:35357
 wsgi.multithread = True
 HTTP_ACCEPT = application/json
 wsgi.version = (1, 0)
 openstack.context = {'token_id': 'b76ca38475704e649f0e4522bdb986f0', 'is_admin': False}
 GATEWAY_INTERFACE = CGI/1.1
 wsgi.run_once = False
 wsgi.errors = <open file '<stderr>', mode 'w' at 0x7fc75ac93270>
 wsgi.multiprocess = False
 CONTENT_TYPE = application/json
 HTTP_ACCEPT_ENCODING = identity

 ******************** REQUEST BODY ********************

 Matched GET /tokens/480ea3441b324a88811e6584a726612b
 Route path: '{path_info:.*}', defaults: {'controller': <keystone.contrib.admin_crud.core.CrudExtension object at 0x38566d0>}
 Match dict: {'controller': <keystone.contrib.admin_crud.core.CrudExtension object at 0x38566d0>, 'path_info': '/tokens/480ea3441b324a88811e6584a726612b'}
 Matched GET /tokens/480ea3441b324a88811e6584a726612b
 Route path: '{path_info:.*}', defaults: {'controller': <keystone.service.AdminRouter object at 0x2bc67d0>}
 Match dict: {'controller': <keystone.service.AdminRouter object at 0x2bc67d0>, 'path_info': '/tokens/480ea3441b324a88811e6584a726612b'}
 Matched GET /tokens/480ea3441b324a88811e6584a726612b
 Route path: '/tokens/{token_id}', defaults: {'action': u'validate_token', 'controller': <keystone.service.TokenController object at 0x3742e90>}
 Match dict: {'action': u'validate_token', 'token_id': u'480ea3441b324a88811e6584a726612b', 'controller': <keystone.service.TokenController object at 0x3742e90>}
 arg_dict: {'token_id': u'480ea3441b324a88811e6584a726612b'}
 enforce admin_required: {'tenant_id': u'c67bdd38c56f4ca0956cf5ca8d47ff41', 'user_id': u'cfe238c7ccd74ccf9586ccbc471c2b50', u'roles': [u'admin']}
 ******************** RESPONSE HEADERS ********************
 Content-Type = application/json
 Vary = X-Auth-Token
 Content-Length = 222

 ******************** RESPONSE BODY ********************
 {"access": {"token": {"expires": "2012-04-28T16:22:08Z", "id": "480ea3441b324a88811e6584a726612b"}, "user": {"username": "swift", "roles_links": [], "id": "1601e902c4024993a163538869aa99ed", "roles": [], "name": "swift"}}}
 127.0.0.1 - - [27/Apr/2012 12:22:44] "GET /v2.0/tokens/480ea3441b324a88811e6584a726612b HTTP/1.1" 200 351 0.014305

again, the nice people on IRC helped.

<dolphm> askstack: you probably also want to pass a --os_tenant_name to keystone, so you get a scoped token?

these two command work together.
keystone --os_username swift --os_password verybadpass --os_tenant_name service --os_auth_url http://127.0.0.1:5000/v2.0/ token-get
glance -A bb0d49f5f2b74f9085fc67cc9d8f4e02 -I swift -K verybadpass -T service index

however , "glance add" still fails. I am using openstack-glance-2012.1-4.fc16.noarch on Fedora 16.

glance -A bb0d49f5f2b74f9085fc67cc9d8f4e02 -I swift -K verybadpass -T service add name=f16-heos is_public=true disk_format=qcow2 container_format=ovf copy_from=http://berrange.fedorapeople.org/images/2012-02-29/f16-x86_64-openstack-sda.qcow2
Failed to add image. Got error:
Data supplied was not valid.
Details: 400 Bad Request

The server could not comply with the request since it is either malformed or otherwise incorrect.

 Error uploading image: (TypeError): __init__() got an unexpected keyword argument 'auth_version'
Note: Your image metadata may still be in the registry, but the image's status will likely be 'killed'.

Thanks Jay

Fedora has taken all the swift packages out of the yum repo, http://repos.fedorapeople.org/repos/apevec/openstack-preview/. Maybe they are updating these packages. I will report back when I can install the new rpms.

Fedora still hasn't added swift back to the preview repo yet.
I find another source for the swift RPMs, http://mirrors.kernel.org/fedora/updates/testing/17/x86_64/

openstack-swift-1.4.8-1.fc17.noarch
openstack-swift-proxy-1.4.8-1.fc17.noarch
openstack-swift-account-1.4.8-1.fc17.noarch
openstack-swift-object-1.4.8-1.fc17.noarch
openstack-swift-doc-1.4.8-1.fc17.noarch
openstack-swift-container-1.4.8-1.fc17.noarch

After upgrading to these RPMs, I got this error message.

Error uploading image: (ClientException): Auth GET failed: http://127.0.0.1:8080/v1.0/tokens 401 Unauthorized

I found this mail thread, https://lists.launchpad.net/openstack/msg07641.html.
I changed /etc/glance/glance-api.conf
from
swift_store_auth_address = http://127.0.0.1:8080/v1.0/
to
swift_store_auth_address = http://127.0.0.1:5000/v2.0/

then I am able to "glance add".

Thanks for everyone's help.

Thanks Jay Pipes, that solved my question.