[rhos-list] Glance API can't authenticate with swift proxy
Flavio Percoco
flavio at redhat.com
Tue Jun 11 12:12:07 UTC 2013
On 11/06/13 11:44 +0000, Lutz Christoph wrote:
> Hi!
> I'm trying to set up Open Stack Grizzly with the Red Hat packages, and
> I'm falbbergasted with a problem between the glance API daemon and the
> swift proxy. Here is a piece of strace from the proxy:
> 25807 recvfrom(9, "POST /v1/tokens HTTP/1.1\r\nHost:
> 192.168.101.118:8080\r\nContent-Length: 105\r\nContent-Type:
> application/json\r\nAccept-Encoding: gzip, deflate, compress\r\nAccept:
> */*\r\nUser-Agent: python-keystoneclient\r\n\r\n{\"auth\":
> {\"tenantName\": \"service\", \"passwordCredentials\": {\"username\":
> \"swift\", \"password\": \"bar\"}}}", 8192, 0, NULL, NULL) = 304
> 25807 getsockname(9, {sa_family=AF_INET, sin_port=htons(8080),
> sin_addr=inet_addr("192.168.101.118")}, [16]) = 0
> 25807 gettimeofday({1370936801, 180804}, NULL) = 0
> 25807 gettimeofday({1370936801, 181775}, NULL) = 0
> 25807 sendto(7, "<132>proxy-server Unable to find authentication token
> in headers\0", 65, 0, NULL, 0) = 65
> 25807 gettimeofday({1370936801, 182507}, NULL) = 0
> 25807 sendto(7, "<134>proxy-server Invalid user token - rejecting
> request\0", 57, 0, NULL, 0) = 57
> 25807 gettimeofday({1370936801, 183435}, NULL) = 0
> 25807 sendto(9, "HTTP/1.1 401 Unauthorized\r\nContent-Type: text/html;
> charset=UTF-8\r\nWww-Authenticate: Keystone
> uri='http://127.0.0.1:35357'\r\nContent-Length: 387\r\nDate: Tue, 11
> Jun 2013 07:46:41 GMT\r\n\r\n<html>\n <head>\n <title>401
> Unauthorized</title>\n </head>\n <body>\n <h1>401 Unauthorized</h1>\n
> This server could not verify that you are authorized to\r\naccess the
> document you requested. Either you supplied the\r\nwrong credentials
> (e.g., bad password), or your browser\r\ndoes not understand how to
> supply the credentials required.\r\n<br /><br />\nAuthentication
> required\n\n\n </body>\n</html>", 571, 0, NULL, 0) = 571
> The proxy code seems to want a X-Auth-Token header, which the glance
> code duely send to other daemons.
> Here is the config on the glance side (assuming the proxy is right to
> complain):
> sql_connection = mysql://glance:foo@192.168.101.118/glance
> default_store = swift
> swift_store_auth_version = 2
> swift_store_auth_address = http://192.168.101.118:8080/v1/
> swift_store_user = service:swift
> swift_store_key = foo
> Any clues? I've been stuck for a day now.
Hi,
Could you please send the output of the glanceclient command as well?
(please use -d -v flags).
This seems to be something related to keystone. Are you able to
authenticate to keystone and use other glance actions not requiring
swift?
Cheers,
FF
--
@flaper87
Flavio Percoco
More information about the rhos-list
mailing list