Great post Adam. Thanks. Cheers, Syed
On Wed, Jul 24, 2013 at 10:54 PM, Adam Young <ayo...@redhat.com> wrote: > I wrote this up as a general answer. Hope it helps. > > https://adam.younglogic.com/2013/07/troubleshooting-pki-middleware/ > > > On 07/24/2013 11:44 AM, Adam Young wrote: > > On 07/24/2013 10:45 AM, Salvatore Orlando wrote: > > Hav you tried checking the credentials that glance uses for validating > tokens with keystone? > > They are defined in glance's conf files in the section: > > [keystone_authtoken] > signing_dir = /var/cache/glance/api > > > make sure that the directory > /var/cache/glance/api > exists and has the certificates in it. A good test is to remove the > certifcates and hit the server again, as they are fetched on demand. If > there are no certificates there after another try, either glance can't talk > to Keystone or keystone is not handing out the certificates. > > auth_uri = http://127.0.0.1:5000/ > auth_host = 127.0.0.1 > auth_port = 35357 > auth_protocol = http > admin_tenant_name = service > admin_user = glance > admin_password = password > > Salvatore > > > On 18 July 2013 22:16, Matt Davis <mattd5...@gmail.com> wrote: > >> Hello all, >> >> I'm working on a deployment script to install and configure my OpenStack >> services and I'm getting a strange result with glance. It's surely a bug >> with my script messing up a config file line, but I can't interpret the >> glance and keystone logs to track the issue down. Here's the use case: >> >> 1) Install keystone following the directions in the Grizzly >> installation guide for Ubuntu 12.04. >> 2) Install glance following the directions in the Grizzly installation >> guide for Ubuntu 12.04. >> 3) Run glance image-list to see if I can get an empty list. >> >> My result: >> >> ===== >> glance --os-username=admin --os-password=secrete --os-tenant-name demo >> --os-auth-url=http://localhost:5000/v2.0 image-list >> >> Request returned failure status. >> Invalid OpenStack Identity credentials. >> ===== >> >> The glance API log is as follows: >> >> ===== >> 2013-07-18 11:18:24.301 6306 DEBUG >> glance.api.middleware.version_negotiation [-] Determining version of >> request: GET //v1/images/detail Accept: process_request >> /usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:46 >> 2013-07-18 11:18:24.302 6306 DEBUG >> glance.api.middleware.version_negotiation [-] Using url versioning >> process_request >> /usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:59 >> 2013-07-18 11:18:24.302 6306 DEBUG >> glance.api.middleware.version_negotiation [-] Matched version: v1 >> process_request >> /usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:71 >> 2013-07-18 11:18:24.302 6306 DEBUG >> glance.api.middleware.version_negotiation [-] new uri /v1/images/detail >> process_request >> /usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:72 >> ===== >> >> No entries are added to the glance registry log. If I tweak the >> password to make the credentials invalid, I get this: >> >> ===== >> glance --os-username=admin --os-password=wrong_pw --os-tenant-name demo >> --os-auth-url=http://localhost:5000/v2.0 image-list >> Unable to communicate with identity service: {"error": {"message": >> "Invalid user / password", "code": 401, "title": "Not Authorized"}}. (HTTP >> 401) >> ===== >> >> So keystone is definitely looking up my credentials and responding >> differently when they match. >> >> Any ideas as to where should I be looking for the issue? >> >> Thanks for your time! >> >> -Matt >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
