glance 401 unauththorized

Asked by AndyYang on 2012-07-17

I followed http://docs.openstack.org/essex/openstack-compute/install/yum/content/install-glance.html to get glance installed and configured ,but get erros as follow:

glance --os_username=adminUser --os_password=secretword --os_tenant=openstackDemo --os_auth_url=http://localhost:5000/v2.0 add name="tty-linux-kernel" disk_format=aki container_format=aki < ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz
Uploading image 'tty-linux-kernel'
Failed to add image. Got error:
The request returned 500 Internal Server Error

The response body:
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/eventlet/wsgi.py", line 336, in handle_one_response
    result = self.application(self.environ, start_response)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 147, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 208, in call_func
    return self.func(req, *args, **kwargs)
  File "/usr/lib/python2.6/site-packages/glance/common/wsgi.py", line 279, in __call__
    response = req.get_response(self.application)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/request.py", line 1053, in get_response
    application, catch_exc_info=False)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/request.py", line 1022, in call_application
    app_iter = application(self.environ, start_response)
  File "/usr/lib/python2.6/site-packages/keystone/middleware/auth_token.py", line 176, in __call__
    return self.app(env, start_response)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 147, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 208, in call_func
    return self.func(req, *args, **kwargs)
  File "/usr/lib/python2.6/site-packages/glance/common/wsgi.py", line 279, in __call__
    response = req.get_response(self.application)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/request.py", line 1053, in get_response
    application, catch_exc_info=False)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/request.py", line 1022, in call_application
    app_iter = application(self.environ, start_response)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 159, in __call__
    return resp(environ, start_response)
  File "/usr/lib/python2.6/site-packages/Routes-1.12.3-py2.6.egg/routes/middleware.py", line 131, in __call__
    response = self.app(environ, start_response)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 159, in __call__
    return resp(environ, start_response)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 147, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 208, in call_func
    return self.func(req, *args, **kwargs)
  File "/usr/lib/python2.6/site-packages/glance/common/wsgi.py", line 477, in __call__
    request, **action_args)
  File "/usr/lib/python2.6/site-packages/glance/common/wsgi.py", line 494, in dispatch
    return method(*args, **kwargs)
  File "/usr/lib/python2.6/site-packages/glance/api/v1/images.py", line 603, in create
    image_meta = self._reserve(req, image_meta)
  File "/usr/lib/python2.6/site-packages/glance/api/v1/images.py", line 315, in _reserve
    image_meta = registry.add_image_metadata(req.context, image_meta)
  File "/usr/lib/python2.6/site-packages/glance/registry/__init__.py", line 145, in add_image_metadata
    return c.add_image(image_meta)
  File "/usr/lib/python2.6/site-packages/glance/registry/client.py", line 121, in add_image
    res = self.do_request("POST", "/images", body, headers=headers)
  File "/usr/lib/python2.6/site-packages/glance/common/client.py", line 58, in wrapped
    return func(self, *args, **kwargs)
  File "/usr/lib/python2.6/site-packages/glance/common/client.py", line 420, in do_request
    headers=headers)
  File "/usr/lib/python2.6/site-packages/glance/common/client.py", line 75, in wrapped
    return func(self, method, url, body, headers)
  File "/usr/lib/python2.6/site-packages/glance/common/client.py", line 557, in _do_request
    raise exception.ClientConnectionError(e)
ClientConnectionError: There was an error connecting to a server
Details: [Errno 111] ECONNREFUSED

the /var/log/api.log are as follow:
2012-07-18 02:20:24 15643 INFO [keystone.middleware.auth_token] Starting keystone auth_token middleware
2012-07-18 02:20:24 15643 INFO [eventlet.wsgi.server] Starting single process server
2012-07-18 02:58:51 16310 INFO [keystone.middleware.auth_token] Starting keystone auth_token middleware
2012-07-18 02:58:51 16310 INFO [eventlet.wsgi.server] Starting single process server
2012-07-18 03:14:16 16310 WARNING [keystone.middleware.auth_token] Unable to find authentication token in headers: {'SCRIPT_NAME': '/v1', 'webob.adhoc_attrs': {'response': <Response at 0x20338d0 200 OK>}, 'REQUEST_METHOD': 'GET', 'PATH_INFO': '/images', 'SERVER_PROTOCOL': 'HTTP/1.0', 'QUERY_STRING': 'limit=10', 'eventlet.posthooks': [], 'SERVER_NAME': '127.0.0.1', 'REMOTE_ADDR': '127.0.0.1', 'eventlet.input': <eventlet.wsgi.Input object at 0x2033810>, 'wsgi.url_scheme': 'http', 'api.major_version': 1, 'SERVER_PORT': '9292', 'api.minor_version': 0, 'wsgi.input': <eventlet.wsgi.Input object at 0x2033810>, 'HTTP_HOST': '0.0.0.0:9292', 'wsgi.multithread': True, 'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once': False, 'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f2e894e91e0>, 'wsgi.multiprocess': False, 'CONTENT_TYPE': 'text/plain', 'HTTP_ACCEPT_ENCODING': 'identity'}
2012-07-18 03:14:16 16310 INFO [keystone.middleware.auth_token] Invalid user token - rejecting request
2012-07-18 03:14:16 16310 WARNING [keystone.middleware.auth_token] Unable to find authentication token in headers: {'SCRIPT_NAME': '/v1', 'webob.adhoc_attrs': {'response': <Response at 0x2033ed0 200 OK>}, 'REQUEST_METHOD': 'GET', 'PATH_INFO': '/images', 'SERVER_PROTOCOL': 'HTTP/1.0', 'QUERY_STRING': 'limit=10', 'eventlet.posthooks': [], 'SERVER_NAME': '127.0.0.1', 'REMOTE_ADDR': '127.0.0.1', 'eventlet.input': <eventlet.wsgi.Input object at 0x2033f50>, 'wsgi.url_scheme': 'http', 'api.major_version': 1, 'SERVER_PORT': '9292', 'api.minor_version': 0, 'wsgi.input': <eventlet.wsgi.Input object at 0x2033f50>, 'HTTP_HOST': '0.0.0.0:9292', 'wsgi.multithread': True, 'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once': False, 'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f2e894e91e0>, 'wsgi.multiprocess': False, 'CONTENT_TYPE': 'text/plain', 'HTTP_ACCEPT_ENCODING': 'identity'}
2012-07-18 03:14:16 16310 INFO [keystone.middleware.auth_token] Invalid user token - rejecting request
2012-07-18 03:19:15 16310 WARNING [keystone.middleware.auth_token] Authorization failed for token 012345SECRET99TOKEN012345
2012-07-18 03:19:15 16310 INFO [keystone.middleware.auth_token] Invalid user token - rejecting request
2012-07-18 03:19:15 16310 WARNING [keystone.middleware.auth_token] Authorization failed for token 012345SECRET99TOKEN012345
2012-07-18 03:19:15 16310 INFO [keystone.middleware.auth_token] Invalid user token - rejecting request
2012-07-18 03:20:27 16310 WARNING [keystone.middleware.auth_token] Authorization failed for token 012345SECRET99TOKEN012345
2012-07-18 03:20:27 16310 INFO [keystone.middleware.auth_token] Invalid user token - rejecting request
2012-07-18 03:20:27 16310 WARNING [keystone.middleware.auth_token] Authorization failed for token 012345SECRET99TOKEN012345
2012-07-18 03:20:27 16310 INFO [keystone.middleware.auth_token] Invalid user token - rejecting request
2012-07-18 03:22:24 16310 WARNING [keystone.middleware.auth_token] Authorization failed for token 012345SECRET99TOKEN012345
2012-07-18 03:22:24 16310 INFO [keystone.middleware.auth_token] Invalid user token - rejecting request
2012-07-18 03:22:24 16310 WARNING [keystone.middleware.auth_token] Authorization failed for token 012345SECRET99TOKEN012345
2012-07-18 03:22:24 16310 INFO [keystone.middleware.auth_token] Invalid user token - rejecting request
2012-07-18 03:27:02 16310 WARNING [keystone.middleware.auth_token] Authorization failed for token ddeb2dadc71541608a6147c45af1adb9
2012-07-18 03:27:02 16310 INFO [keystone.middleware.auth_token] Invalid user token - rejecting request
2012-07-18 03:27:03 16310 WARNING [keystone.middleware.auth_token] Authorization failed for token ddeb2dadc71541608a6147c45af1adb9
2012-07-18 03:27:03 16310 INFO [keystone.middleware.auth_token] Invalid user token - rejecting request
2012-07-18 04:16:09 16310 WARNING [keystone.middleware.auth_token] Authorization failed for token 012345SECRET99TOKEN012345
2012-07-18 04:16:09 16310 INFO [keystone.middleware.auth_token] Invalid user token - rejecting request
2012-07-18 04:16:09 16310 WARNING [keystone.middleware.auth_token] Authorization failed for token 012345SECRET99TOKEN012345
2012-07-18 04:16:09 16310 INFO [keystone.middleware.auth_token] Invalid user token - rejecting request
2012-07-18 04:17:13 16310 WARNING [keystone.middleware.auth_token] Authorization failed for token 012345SECRET99TOKEN012345
2012-07-18 04:17:13 16310 INFO [keystone.middleware.auth_token] Invalid user token - rejecting request
2012-07-18 04:17:13 16310 WARNING [keystone.middleware.auth_token] Authorization failed for token 012345SECRET99TOKEN012345
2012-07-18 04:17:13 16310 INFO [keystone.middleware.auth_token] Invalid user token - rejecting request
  The /var/log/registry.log are as follow:
2012-07-16 16:34:14 1231 INFO [glance.registry.db.migration] Upgrading mysql://glance:andy@localhost/glance to version latest
2012-07-16 19:14:17 2812 INFO [glance.registry.db.migration] Upgrading mysql://glance:andy@localhost/glance to version latest
2012-07-18 02:59:49 16332 INFO [glance.registry.db.migration] Upgrading mysql://glance:andy@localhost/glance to version latest

Note: Your image metadata may still be in the registry, but the image's status will likely be 'killed'.
=================================================[100%] 41.5M/s, ETA 0h 0m 0s
  I try to get the -A option,but the error as follow:
glance --os_username=adminUser --os_password=secretword --os_tenant=openstackDemo --os_auth_url=http://localhost:5000/v2.0 add name="tty-linux-kernel" disk_format=aki container_format=aki < ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz -A 012345SECRET99TOKEN012345
Uploading image 'tty-linux-kernel'
=================================================[100%] 41.6M/s, ETA 0h 0m 0s
Uploading image 'tty-linux-kernel'
Failed to add image. Got error:
You are not authenticated.
Details: 401 Unauthorized

This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.

 Authentication required
Note: Your image metadata may still be in the registry, but the image's status will likely be 'killed'.
=================================================[100%] 41.9M/s, ETA 0h 0m 0s

The /etc/glance/glance-api-past.ini as follow:
# Default minimal pipeline
[pipeline:glance-api]
pipeline = versionnegotiation authtoken context apiv1app

# Use the following pipeline for keystone auth
# i.e. in glance-api.conf:
# [paste_deploy]
# flavor = keystone
#
[pipeline:glance-api-keystone]
pipeline = versionnegotiation authtoken context apiv1app

# Use the following pipeline to enable transparent caching of image files
# i.e. in glance-api.conf:
# [paste_deploy]
# flavor = caching
#
[pipeline:glance-api-caching]
pipeline = versionnegotiation context cache apiv1app

# Use the following pipeline for keystone auth with caching
# i.e. in glance-api.conf:
# [paste_deploy]
# flavor = keystone+caching
#
[pipeline:glance-api-keystone+caching]
pipeline = versionnegotiation authtoken context cache apiv1app

# Use the following pipeline to enable the Image Cache Management API
# i.e. in glance-api.conf:
# [paste_deploy]
# flavor = cachemanagement
#
[pipeline:glance-api-cachemanagement]
pipeline = versionnegotiation context cache cachemanage apiv1app

# Use the following pipeline for keystone auth with cache management
# i.e. in glance-api.conf:
# [paste_deploy]
# flavor = keystone+cachemanagement
#
[pipeline:glance-api-keystone+cachemanagement]
pipeline = versionnegotiation authtoken context cache cachemanage apiv1app

[app:apiv1app]
paste.app_factory = glance.common.wsgi:app_factory
glance.app_factory = glance.api.v1.router:API

[filter:versionnegotiation]
paste.filter_factory = glance.common.wsgi:filter_factory
glance.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter

[filter:cache]
paste.filter_factory = glance.common.wsgi:filter_factory
glance.filter_factory = glance.api.middleware.cache:CacheFilter

[filter:cachemanage]
paste.filter_factory = glance.common.wsgi:filter_factory
glance.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter

[filter:context]
paste.filter_factory = glance.common.wsgi:filter_factory
glance.filter_factory = glance.common.context:ContextMiddleware

[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_protocol = http
service_host = 127.0.0.1
service_port = 5000
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
auth_uri = http://127.0.0.1:5000/
admin_tenant_name = service
admin_user = glance
admin_password = glance

[paste_deploy]
flavor = keystone

The /etc/glance/glance-registry-paste.ini as follow:
# Default minimal pipeline
[pipeline:glance-registry]
pipeline = authtoken context registryapp

# Use the following pipeline for keystone auth
# i.e. in glance-registry.conf:
# [paste_deploy]
# flavor = keystone
#
[pipeline:glance-registry-keystone]
pipeline = authtoken context registryapp

[app:registryapp]
paste.app_factory = glance.common.wsgi:app_factory
glance.app_factory = glance.registry.api.v1:API

[filter:context]
context_class = glance.registry.context.RequestContext
paste.filter_factory = glance.common.wsgi:filter_factory
glance.filter_factory = glance.common.context:ContextMiddleware

[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_protocol = http
service_host = 127.0.0.1
service_port = 5000
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
auth_uri = http://127.0.0.1:5000/
admin_tenant_name = service
admin_user = glance
admin_password = glance

  could anyone can help me solve this probelm?

Question information

Language:
English Edit question
Status:
Answered
For:
Glance Edit question
Assignee:
No assignee Edit question
Last query:
2012-07-17
Last reply:
2012-07-23
smallma (s-rain) said : #1

Hello,
Please paste your endpoint, rule, user and service list.

Rain

AndyYang (sncel-2008) said : #2

keystone user-list
+----------------------------------+---------+-------+-----------+
| id | enabled | email | name |
+----------------------------------+---------+-------+-----------+
| 1a3104efdd144f46b4a2700ea24c09f7 | True | None | nova |
| 4e061f65344746708e4337f79091978a | True | None | adminUser |
| 84c27a8f3eb14ab883c6da69c5ddcee8 | True | None | swift |
| d2e080c303a449c78434e5243117ef10 | True | None | ec2 |
| dba07b40bef44663a01af8f64be5560b | True | None | glance |
+----------------------------------+---------+-------+-----------+

 keystone role-list
+----------------------------------+------------+
| id | name |
+----------------------------------+------------+
| 596e152752d54d3bb760dd45708b3fcd | memberRole |
| 82f1e7413a3543a28182a429a2d69831 | admin |
+----------------------------------+------------+

keystone service-list
+----------------------------------+----------+--------------+------------------------------+
| id | name | type | description |
+----------------------------------+----------+--------------+------------------------------+
| 176d61580bad46138e853ea808b3a998 | glance | image | Glance Image Service |
| 1c9123e1ae5c479caf61600d1dcf6843 | nova | compute | Nova Compute Service |
| a9fdb86b060d42e8b62ffe2d1f17eeed | swift | object-store | Swift Object Storage Service |
| aaa3cf8be28c4b8db4dbd64b5f84f9f0 | keystone | identity | Keystone Identity Service |
| bcaab6a1f0bf4ef093c555b66df9ff58 | ec2 | ec2 | EC2 Compatibility Layer |
| fff27d2209e246288d6f07ff2fd5be08 | volume | volume | Nova Volume Service |
+----------------------------------+----------+--------------+------------------------------+

keystone endpoint-list
+----------------------------------+-----------+---------------------------------------------+---------------------------------------------+----------------------------------------+
| id | region | publicurl | internalurl | adminurl |
+----------------------------------+-----------+---------------------------------------------+---------------------------------------------+----------------------------------------+
| 0101166407924d449845d013caabf95a | RegionOne | http://localhost:5000/v2.0 | http://localhost:5000/v2.0 | http://localhost:35357/v2.0 |
| 050ff86ec3c24aec87d93bddc456bfe9 | RegionOne | http://localhost:9292/v1 | http://localhost:9292/v1 | http://localhost:9292/v1 |
| 2e03d606e9c9499c935c6448a9e85b60 | RegionOne | http://localhost:8774/v2/%(tenant_id)s | http://localhost:8774/v2/%(tenant_id)s | http://localhost:8774/v2/%(tenant_id)s |
| 42e06931d169422db5d5987518c198c8 | RegionOne | http://localhost:8773/services/Cloud | http://localhost:8773/services/Cloud | http://localhost:8773/services/Admin |
| 4e5456d5adb5404db44d1ac26111e50d | RegionOne | http://localhost:8776/v1/%(tenant_id)s | http://localhost:8776/v1/%(tenant_id)s | http://localhost:8776/v1/%(tenant_id)s |
| e8fa7cc1b4a54af49d553383fa568702 | RegionOne | http://localhost:8888/v1/AUTH_%(tenant_id)s | http://localhost:8888/v1/AUTH_%(tenant_id)s | http://localhost:8888/v1 |
+----------------------------------+-----------+---------------------------------------------+---------------------------------------------+----------------------------------------+

Joeu (joeu-zheng) said : #3

Hello, is there any result? I have the same issue as yours, looking forward to how to solve it. :)

Jay Pipes (jaypipes) said : #4

Joeu, did you also use the CentOS/yum install method?

Jay Pipes (jaypipes) said : #5

It looks from the log output that 012345SECRET99TOKEN012345 is not a valid token. If you grab a token using a curl command to Keystone:

curl -d '{"auth":{"passwordCredentials":{"username": "adminUser", "password": "secretword"}}}' -H "Content-type: application/json" http://localhost:35357/v2.0/tokens

The token will be returned in that request. Try using that token with the -A option to the glance client.

AndyYang (sncel-2008) said : #6

  Hi,Jay pipes.I follow you sugesstion,but still get the same error.
[andy@andy ~]$ curl -d '{"auth":{"passwordCredentials":{"username": "adminUser", "password": "secretword"}}}' -H "Content-type: application/json" http://localhost:35357/v2.0/tokens
{"access": {"token": {"expires": "2012-07-23T08:22:41Z", "id": "5a46facb439643adb3fab9820d14c2e5"}, "serviceCatalog": {}, "user": {"username": "adminUser", "roles_links": [], "id": "4e061f65344746708e4337f79091978a", "roles": [], "name": "adminUser"}}}

 glance --os_username=adminUser --os_password=secretword --os_tenant=openstackDemo --os_auth_url=http://127.0.0.1:5000/v2.0 index -A 5a46facb439643adb3fab9820d14c2e5
Failed to show index. Got error:
The request returned 500 Internal Server Error

The response body:
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/eventlet/wsgi.py", line 336, in handle_one_response
    result = self.application(self.environ, start_response)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 147, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 208, in call_func
    return self.func(req, *args, **kwargs)
  File "/usr/lib/python2.6/site-packages/glance/common/wsgi.py", line 279, in __call__
    response = req.get_response(self.application)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/request.py", line 1053, in get_response
    application, catch_exc_info=False)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/request.py", line 1022, in call_application
    app_iter = application(self.environ, start_response)
  File "/usr/lib/python2.6/site-packages/keystone/middleware/auth_token.py", line 176, in __call__
    return self.app(env, start_response)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 147, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 208, in call_func
    return self.func(req, *args, **kwargs)
  File "/usr/lib/python2.6/site-packages/glance/common/wsgi.py", line 279, in __call__
    response = req.get_response(self.application)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/request.py", line 1053, in get_response
    application, catch_exc_info=False)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/request.py", line 1022, in call_application
    app_iter = application(self.environ, start_response)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 159, in __call__
    return resp(environ, start_response)
  File "/usr/lib/python2.6/site-packages/Routes-1.12.3-py2.6.egg/routes/middleware.py", line 131, in __call__
    response = self.app(environ, start_response)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 159, in __call__
    return resp(environ, start_response)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 147, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 208, in call_func
    return self.func(req, *args, **kwargs)
  File "/usr/lib/python2.6/site-packages/glance/common/wsgi.py", line 477, in __call__
    request, **action_args)
  File "/usr/lib/python2.6/site-packages/glance/common/wsgi.py", line 494, in dispatch
    return method(*args, **kwargs)
  File "/usr/lib/python2.6/site-packages/glance/api/v1/images.py", line 134, in index
    images = registry.get_images_list(req.context, **params)
  File "/usr/lib/python2.6/site-packages/glance/registry/__init__.py", line 129, in get_images_list
    return c.get_images(**kwargs)
  File "/usr/lib/python2.6/site-packages/glance/registry/client.py", line 77, in get_images
    res = self.do_request("GET", "/images", params=params)
  File "/usr/lib/python2.6/site-packages/glance/common/client.py", line 58, in wrapped
    return func(self, *args, **kwargs)
  File "/usr/lib/python2.6/site-packages/glance/common/client.py", line 420, in do_request
    headers=headers)
  File "/usr/lib/python2.6/site-packages/glance/common/client.py", line 75, in wrapped
    return func(self, method, url, body, headers)
  File "/usr/lib/python2.6/site-packages/glance/common/client.py", line 557, in _do_request
    raise exception.ClientConnectionError(e)
ClientConnectionError: There was an error connecting to a server
Details: [Errno 111] ECONNREFUSED

Joeu (joeu-zheng) said : #7

Thanks to both!!! We still have error to follow your suggestions.

We try your command as below:

======Command1 Request=========
root@gplab24:~# curl -d '{"auth":{"passwordCredentials":{"username": "adminUser" ,"password": "secretword"}}}' -H "Content-type: application/json" http://localho st:35357/v2.0/tokens

======Command1 Result =========
{"access": {"token": {"expires": "2012-07-24T03:53:37Z", "id": "18c441aec809476f9747fd1a84d45cd7"}, "serviceCatalog": {}, "user": {"username": "adminUser", "rol es_links": [], "id": "518cacf232e040d1b6d42547047d479b", "roles": [], "name": "a

======Command2 Request =========
root@gplab24:~# glance --os_username=adminUser --os_password=secretword --os_tenant=openstackDemo --os_auth_url=http://127.0.0.1:5000/v2.0 index -A 18c441aec809476f9747fd1a84d45cd7
//18c441aec809476f9747fd1a84d45cd7 come from command1 result id

======Command2 Result =========
Failed to show index. Got error:
You are not authenticated.
Details: 401 Unauthorized

This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.
 Authentication required

=======user list===========

root@gplab24:~# keystone user-list
Expecting authentication method via either a service token, --token or env[SERVICE_TOKEN], or credentials, --os_username or env[OS_USERNAME].

root@gplab24:~# keystone --token 012345SECRET99TOKEN012345 --endpoint http://127.0.0.1:35357/v2.0 user-list
+----------------------------------+---------+-------+-----------+
| id | enabled | email | name |
+----------------------------------+---------+-------+-----------+
| 29c2d976987745fd9b8439dd4aac4701 | True | None | ec2 |
| 518cacf232e040d1b6d42547047d479b | True | None | adminUser |
| 7fe5bcbcb98d41f2aa6d371ea2a3157a | True | None | nova |
| c567d5959b044db98b1c510e281741b2 | True | None | glance |
| f4506084f78d4c81866cac7da07f82f3 | True | None | swift |
+----------------------------------+---------+-------+-----------+

=======role list===========
root@gplab24:~# keystone --token 012345SECRET99TOKEN012345 --endpoint http://127.0.0.1:35357/v2.0 role-list
+----------------------------------+------------+
| id | name |
+----------------------------------+------------+
| 334828fc0a884c048f723c14a0cccf0b | memberRole |
| 6a98b8ee20834bafaf7bd2c0580e0b51 | admin |
+----------------------------------+------------+

=======service list===========
root@gplab24:~# keystone --token 012345SECRET99TOKEN012345 --endpoint http://127.0.0.1:35357/v2.0 service-list
+----------------------------------+----------+--------------+---------------------------+
| id | name | type | description |
+----------------------------------+----------+--------------+---------------------------+
| 05b4ff389a9449038dbed881ea6c26e1 | volume | volume | Nova Volume Service |
| 0e7bb281ff72441db11020b890cea3f3 | nova | compute | Nova Compute Service |
| 10db4791e77c421fb663f8d89151b128 | glance | image | Glance Image Service |
| 31f32e4253264e84870a5ad87aa92c5c | ec2 | ec2 | EC2 Compatibility Layer |
| 605961e742f44e1dac11f89c3f726751 | keystone | identity | Keystone Identity Service |
| 942afb37d92a407b92c2e6ed4fefddfe | swift | object-store | Object Storage Service |
+----------------------------------+----------+--------------+---------------------------+

=======endpoint list===========
root@gplab24:~# keystone --token 012345SECRET99TOKEN012345 --endpoint http://127.0.0.1:35357/v2.0 endpoint-list
+----------------------------------+-----------+---------------------------------------------+---------------------------------------------+----------------------------------------+
| id | region | publicurl | internalurl | adminurl |
+----------------------------------+-----------+---------------------------------------------+---------------------------------------------+----------------------------------------+
| 5a6e4d90889d428683182d9c1b6a58a6 | RegionOne | http://127.0.0.1:5000/v2.0 | http://127.0.0.1:5000/v2.0 | http://127.0.0.1:35357/v2.0 |
| 6f74a335de774df2b59d70423502797f | RegionOne | http://127.0.0.1:9292/v1 | http://127.0.0.1:9292/v1 | http://127.0.0.1:9292/v1 |
| b713eea1f0fb4d679a30a0d349b816ac | RegionOne | http://127.0.0.1:8774/v2/%(tenant_id)s | http://127.0.0.1:8774/v2/%(tenant_id)s | http://127.0.0.1:8774/v2/%(tenant_id)s |
| b842289d645e42f3aa4031762724db3e | RegionOne | http://127.0.0.1:8888/v1/AUTH_%(tenant_id)s | http://127.0.0.1:8888/v1/AUTH_%(tenant_id)s | http://127.0.0.1:8888/ |
| c289df94b93b4d64bf5717014259761d | RegionOne | http://127.0.0.1:8776/v1/%(tenant_id)s | http://127.0.0.1:8776/v1/%(tenant_id)s | http://127.0.0.1:8776/v1/%(tenant_id)s |
| d1b9ce7938d649ed8b2c4b15c4972142 | RegionOne | http://127.0.0.1:8773/services/Cloud | http://127.0.0.1:8773/services/Cloud | http://127.0.0.1:8773/services/Admin |
+----------------------------------+-----------+---------------------------------------------+---------------------------------------------+----------------------------------------+

smallma (s-rain) said : #8

Hello,
Please add "admin_token = ADMIN" in glance-api-paste.ini and glance-registry-paste.ini.

Rain

Joeu (joeu-zheng) said : #9

 Thank so much Rain!!! :)
Still error result as below :( Also including glance-api.conf/glance-api-paste.ini/glance-registry.conf/glance-registry-paste.ini in line.

========================================================
root@gplab24:/tmp/images# glance --os_username=adminUser --os_password=secretword --os_tenant=openstackDemo --os_auth_url=http://127.0.0.1:5000/v2.0 add name="tty-linuxkernel" disk_format=aki container_format=aki < ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz
[100%] 13.9M/s, ETA 0h 0m 0s
Uploading image 'tty-linuxkernel'
Failed to add image. Got error:
You are not authenticated.
Details: 401 Unauthorized

This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.

 Authentication required
Note: Your image metadata may still be in the registry, but the image's st[ 0%]
========================================================

==================glance-api.conf start ========================
                [DEFAULT]
                # Show more verbose log output (sets INFO log level output)
                verbose = True

                # Show debugging output in logs (sets DEBUG log level output)
                debug = False

                # Which backend store should Glance use by default is not specified
                # in a request to add a new image to Glance? Default: 'file'
                # Available choices are 'file', 'swift', and 's3'
                default_store = file

                # Address to bind the API server
                bind_host = 0.0.0.0
                # Port the bind the API server to
                bind_port = 9292

                # Log to this file. Make sure you do not set the same log
                # file for both the API and registry servers!
                log_file = /var/log/glance/api.log

                # Backlog requests when creating socket
                backlog = 4096

                # Number of Glance API worker processes to start.
                # On machines with more than one CPU increasing this value
                # may improve performance (especially if using SSL with
                # compression turned on). It is typically recommended to set
                # this value to the number of CPUs present on your machine.
                workers = 0

                # Role used to identify an authenticated user as administrator
                #admin_role = admin

                # ================= Syslog Options ============================

                # Send logs to syslog (/dev/log) instead of to file specified
                # by `log_file`
                use_syslog = False

                # Facility to use. If unset defaults to LOG_USER.
                # syslog_log_facility = LOG_LOCAL0

                # ================= SSL Options ===============================

                # Certificate file to use when starting API server securely
                # cert_file = /path/to/certfile

                # Private key file to use when starting API server securely
                # key_file = /path/to/keyfile

                # ================= Security Options ==========================

                # AES key for encrypting store 'location' metadata, including
                # -- if used -- Swift or S3 credentials
                # Should be set to a random string of length 16, 24 or 32 bytes
                # metadata_encryption_key = <16, 24 or 32 char registry metadata key>

                # ============ Registry Options ===============================

                # Address to find the registry server
                registry_host = 0.0.0.0
                # Port the registry server is listening on
                registry_port = 9191

                # What protocol to use when connecting to the registry server?
                # Set to https for secure HTTP communication
                registry_client_protocol = http

                # The path to the key file to use in SSL connections to the
                # registry server, if any. Alternately, you may set the
                # GLANCE_CLIENT_KEY_FILE environ variable to a filepath of the key file
                # registry_client_key_file = /path/to/key/file

                # The path to the cert file to use in SSL connections to the
                # registry server, if any. Alternately, you may set the
                # GLANCE_CLIENT_CERT_FILE environ variable to a filepath of the cert file
                # registry_client_cert_file = /path/to/cert/file

                # The path to the certifying authority cert file to use in SSL connections
                # to the registry server, if any. Alternately, you may set the
                # GLANCE_CLIENT_CA_FILE environ variable to a filepath of the CA cert file
                # registry_client_ca_file = /path/to/ca/file

                # ============ Notification System Options =====================

                # Notifications can be sent when images are create, updated or deleted.
                # There are three methods of sending notifications, logging (via the
                # log_file directive), rabbit (via a rabbitmq queue), qpid (via a Qpid
                # message queue), or noop (no notifications sent, the default)
                notifier_strategy = noop

                # Configuration options if sending notifications via rabbitmq (these are
                # the defaults)
                rabbit_host = localhost
                rabbit_port = 5672
                rabbit_use_ssl = false
                rabbit_userid = guest
                rabbit_password = guest
                rabbit_virtual_host = /
                rabbit_notification_exchange = glance
                rabbit_notification_topic = glance_notifications

                # Configuration options if sending notifications via Qpid (these are
                # the defaults)
                qpid_notification_exchange = glance
                qpid_notification_topic = glance_notifications
                qpid_host = localhost
                qpid_port = 5672
                qpid_username =
                qpid_password =
                qpid_sasl_mechanisms =
                qpid_reconnect_timeout = 0
                qpid_reconnect_limit = 0
                qpid_reconnect_interval_min = 0
                qpid_reconnect_interval_max = 0
                qpid_reconnect_interval = 0
                qpid_heartbeat = 5
                # Set to 'ssl' to enable SSL
                qpid_protocol = tcp
                qpid_tcp_nodelay = True

                # ============ Filesystem Store Options ========================

                # Directory that the Filesystem backend store
                # writes image data to
                filesystem_store_datadir = /var/lib/glance/images/

                # ============ Swift Store Options =============================

                # Version of the authentication service to use
                # Valid versions are '2' for keystone and '1' for swauth and rackspace
                swift_store_auth_version = 2

                # Address where the Swift authentication service lives
                # Valid schemes are 'http://' and 'https://'
                # If no scheme specified, default to 'https://'
                # For swauth, use something like '127.0.0.1:8080/v1.0/'
                swift_store_auth_address = 127.0.0.1:35357/v2.0/
                #swift_store_auth_address = http://127.0.0.1:5000/v2.0/
                # User to authenticate against the Swift authentication service
                # If you use Swift authentication service, set it to 'account':'user'
                # where 'account' is a Swift storage account and 'user'
                # is a user in that account
                swift_store_user = jdoe:jdoe

                # Auth key for the user authenticating against the
                # Swift authentication service
                swift_store_key = a86850deb2742ec3cb41518e26aa2d89

                # Container within the account that the account should use
                # for storing images in Swift
                swift_store_container = glance

                # Do we create the container if it does not exist?
                swift_store_create_container_on_put = False

                # What size, in MB, should Glance start chunking image files
                # and do a large object manifest in Swift? By default, this is
                # the maximum object size in Swift, which is 5GB
                swift_store_large_object_size = 5120

                # When doing a large object manifest, what size, in MB, should
                # Glance write chunks to Swift? This amount of data is written
                # to a temporary disk buffer during the process of chunking
                # the image file, and the default is 200MB
                swift_store_large_object_chunk_size = 200

                # Whether to use ServiceNET to communicate with the Swift storage servers.
                # (If you aren't RACKSPACE, leave this False!)
                #
                # To use ServiceNET for authentication, prefix hostname of
                # `swift_store_auth_address` with 'snet-'.
                # Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/
                swift_enable_snet = False

                # ============ S3 Store Options =============================

                # Address where the S3 authentication service lives
                # Valid schemes are 'http://' and 'https://'
                # If no scheme specified, default to 'http://'
                s3_store_host = 127.0.0.1:8080/v1.0/

                # User to authenticate against the S3 authentication service
                s3_store_access_key = <20-char AWS access key>

                # Auth key for the user authenticating against the
                # S3 authentication service
                s3_store_secret_key = <40-char AWS secret key>

                # Container within the account that the account should use
                # for storing images in S3. Note that S3 has a flat namespace,
                # so you need a unique bucket name for your glance images. An
                # easy way to do this is append your AWS access key to "glance".
                # S3 buckets in AWS *must* be lowercased, so remember to lowercase
                # your AWS access key if you use it in your bucket name below!
                s3_store_bucket = <lowercased 20-char aws access key>glance

                # Do we create the bucket if it does not exist?
                s3_store_create_bucket_on_put = False

                # When sending images to S3, the data will first be written to a
                # temporary buffer on disk. By default the platform's temporary directory
                # will be used. If required, an alternative directory can be specified here.
                # s3_store_object_buffer_dir = /path/to/dir

                # ============ RBD Store Options =============================

                # Ceph configuration file path
                # If using cephx authentication, this file should
                # include a reference to the right keyring
                # in a client.<USER> section
                rbd_store_ceph_conf = /etc/ceph/ceph.conf

                # RADOS user to authenticate as (only applicable if using cephx)
                rbd_store_user = glance

                # RADOS pool in which images are stored
                rbd_store_pool = images

                # Images will be chunked into objects of this size (in megabytes).
                # For best performance, this should be a power of two
                rbd_store_chunk_size = 8

                # ============ Delayed Delete Options =============================

                # Turn on/off delayed delete
                delayed_delete = False

                # Delayed delete time in seconds
                scrub_time = 43200

                # Directory that the scrubber will use to remind itself of what to delete
                # Make sure this is also set in glance-scrubber.conf
                scrubber_datadir = /var/lib/glance/scrubber

                # =============== Image Cache Options =============================

                # Base directory that the Image Cache uses
                image_cache_dir = /var/lib/glance/image-cache/

                [paste_deploy]
                flavor = keystone

==================glance-api.conf end======================================

==================glance-api-paste.ini start ====================
                # Default minimal pipeline
                [pipeline:glance-api]
                #pipeline = versionnegotiation authtoken context apiv1app
                pipeline = versionnegotiation authtoken auth-context apiv1app

                # Use the following pipeline for keystone auth
                # i.e. in glance-api.conf:
                # [paste_deploy]
                   flavor = keystone
                #
                [pipeline:glance-api-keystone]
                pipeline = versionnegotiation authtoken context apiv1app

                # Use the following pipeline to enable transparent caching of image files
                # i.e. in glance-api.conf:
                # [paste_deploy]
                # flavor = caching
                #
                [pipeline:glance-api-caching]
                pipeline = versionnegotiation context cache apiv1app

                # Use the following pipeline for keystone auth with caching
                # i.e. in glance-api.conf:
                # [paste_deploy]
                # flavor = keystone+caching
                #
                [pipeline:glance-api-keystone+caching]
                pipeline = versionnegotiation authtoken context cache apiv1app

                # Use the following pipeline to enable the Image Cache Management API
                # i.e. in glance-api.conf:
                # [paste_deploy]
                # flavor = cachemanagement
                #
                [pipeline:glance-api-cachemanagement]
                pipeline = versionnegotiation context cache cachemanage apiv1app

                # Use the following pipeline for keystone auth with cache management
                # i.e. in glance-api.conf:
                # [paste_deploy]
                # flavor = keystone+cachemanagement
                #
                [pipeline:glance-api-keystone+cachemanagement]
                pipeline = versionnegotiation authtoken context cache cachemanage apiv1app

                [app:apiv1app]
                paste.app_factory = glance.common.wsgi:app_factory
                glance.app_factory = glance.api.v1.router:API

                [filter:versionnegotiation]
                paste.filter_factory = glance.common.wsgi:filter_factory
                glance.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter

                [filter:cache]
                paste.filter_factory = glance.common.wsgi:filter_factory
                glance.filter_factory = glance.api.middleware.cache:CacheFilter

                [filter:cachemanage]
                paste.filter_factory = glance.common.wsgi:filter_factory
                glance.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter

                [filter:context]
                paste.filter_factory = glance.common.wsgi:filter_factory
                glance.filter_factory = glance.common.context:ContextMiddleware

                [filter:authtoken]
                paste.filter_factory = keystone.middleware.auth_token:filter_factory
                service_protocol = http
                service_host = 127.0.0.1
                service_port = 5000
                auth_host = 127.0.0.1
                auth_port = 35357
                auth_protocol = http
                auth_uri = http://127.0.0.1:5000/
                #admin_tenant_name = %SERVICE_TENANT_NAME%
                admin_tenant_name = service
                bind-address = 127.0.0.1
                #admin_user = %SERVICE_USER%
                admin_user = glance
                #admin_password = %SERVICE_PASSWORD%
                admin_password = glance
                bste_deployind-address = 127.0.0.1
                admin_token=ADMIN

==================glance-api-paste.ini end======================================

==================glance-registry.conf start====================
                [DEFAULT]
                # Show more verbose log output (sets INFO log level output)
                verbose = True

                # Show debugging output in logs (sets DEBUG log level output)
                debug = False

                # Address to bind the registry server
                bind_host = 0.0.0.0
                # Port the bind the registry server to
                bind_port = 9191

                # Log to this file. Make sure you do not set the same log
                # file for both the API and registry servers!
                log_file = /var/log/glance/registry.log

                # Backlog requests when creating socket
                backlog = 4096

                # SQLAlchemy connection string for the reference implementation
                # registry server. Any valid SQLAlchemy connection string is fine.
                # See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
                #sql_connection = sqlite:////var/lib/glance/glance.sqlite
                sql_connection = mysql://glance:glance@127.0.0.1/glance

                # Period in seconds after which SQLAlchemy should reestablish its connection
                # to the database.
                #
                # MySQL uses a default `wait_timeout` of 8 hours, after which it will drop
                # idle connections. This can result in 'MySQL Gone Away' exceptions. If you
                # notice this, you can lower this value to ensure that SQLAlchemy reconnects
                # before MySQL can drop the connection.
                sql_idle_timeout = 3600

                # Limit the api to return `param_limit_max` items in a call to a container. If
                # a larger `limit` query param is provided, it will be reduced to this value.
                api_limit_max = 1000

                # If a `limit` query param is not provided in an api request, it will
                # default to `limit_param_default`
                limit_param_default = 25

                # Role used to identify an authenticated user as administrator
                #admin_role = admin

                # ================= Syslog Options ============================

                # Send logs to syslog (/dev/log) instead of to file specified
                # by `log_file`
                use_syslog = False

                # Facility to use. If unset defaults to LOG_USER.
                # syslog_log_facility = LOG_LOCAL1

                # ================= SSL Options ===============================

                # Certificate file to use when starting registry server securely
                # cert_file = /path/to/certfile

                # Private key file to use when starting registry server securely
                # key_file = /path/to/keyfile
                [paste_deploy]
                flavor = keystone

==================glance-registry.conf end======================================

==================glance-registry-paste.ini start================
                # Default minimal pipeline
                [pipeline:glance-registry]
                #pipeline = context registryapp authtoken
                pipeline = authtoken auth-context context registryapp

                # Use the following pipeline for keystone auth
                # i.e. in glance-registry.conf:
                # [paste_deploy]
                # flavor = keystone
                #
                [pipeline:glance-registry-keystone]
                pipeline = authtoken context registryapp

                [app:registryapp]
                paste.app_factory = glance.common.wsgi:app_factory
                glance.app_factory = glance.registry.api.v1:API

                [filter:context]
                context_class = glance.registry.context.RequestContext
                paste.filter_factory = glance.common.wsgi:filter_factory
                glance.filter_factory = glance.common.context:ContextMiddleware

                [filter:authtoken]
                paste.filter_factory = keystone.middleware.auth_token:filter_factory
                service_protocol = http
                service_host = 127.0.0.1
                service_port = 5000
                auth_host = 127.0.0.1
                auth_port = 35357
                auth_protocol = http
                auth_uri = http://127.0.0.1:5000/
                #admin_tenant_name = %SERVICE_TENANT_NAME%
                #admin_user = %SERVICE_USER%
                #admin_password = %SERVICE_PASSWORD%
                admin_tenant_name = service
                admin_user = glance
                admin_password = glance
                admin_token=ADMIN

==================glance-registry-paste.ini end================

Joeu (joeu-zheng) said : #10

Hello,

From my side, solve the issue to add in glance-api-paste.ini and glance-registry-paste.ini as below:
admin_token = 012345SECRET99TOKEN012345

root@gplab24:/tmp/images# glance --os_username=adminUser --os_password=secretword --os_tenant=openstackDemo --os_auth_url=http://127.0.0.1:5000/v2.0 add name="tty-linuxkernel" disk_format=aki container_format=aki < ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz
===========================================[100%] 10.4M/s, ETA 0h 0m 0s
Added new image with ID: c590e3c3-e281-4c64-bf62-3d8e83c58d58

Thank so much all of you, thanks again. :)

Jay Pipes (jaypipes) said : #11

Joeu, try adding -S keystone to your glance CLI tool calls. That's the only thing I can think of.. everything else seems to be correct!

smallma (s-rain) said : #12

Hello,
      Please check admin_token in keystone.conf. You should set the same value in glance-api-paste.ini and glance-registry-paste.ini.

Rain

Can you help with this problem?

Provide an answer of your own, or ask AndyYang for more information if necessary.

To post a message you must log in.