The admin_token config is being used to bypass to normal authentication process, thereby avoiding the issue.
Can you paste the rest of your authtoken config? Also, try token-get against 5000, and then try the resulting token as your admin_token value. -Dolph Mathews On May 12, 2012, at 12:01 PM, Shashi Kanth Boddula <[email protected]> wrote: > # keystone user-list > +----------------------------------+---------+-------+--------+ > | id | enabled | email | name | > +----------------------------------+---------+-------+--------+ > | 76a3cb1e5e7a427d8272838fc0a759fc | True | None | nova | > | a19e7f6975984e7fa6c8774d688d690b | True | None | admin | > | c92f9e064b884d5c8c140c98c4bb5fe2 | True | None | swift | > | ebc043e91a304342ac091854b05a383b | True | None | glance | > +----------------------------------+---------+-------+--------+ > > # glance index > Failed to show index. Got error: > You are not authenticated. > Details: 401 Unauthorized > > This server could not verify that you are authorized to access the document > you requested. Either you supplied the wrong credentials (e.g., bad > password), or your browser does not understand how to supply the credentials > required. > > Authentication required > > > # keystone --os_username=glance --os_password=glance --os_tenant_name=service > --os_auth_url=http://127.0.0.1:35357/v2.0 token-get > 'Client' object has no attribute 'service_catalog' > > > But i am not getting this problem if i specify admin_token and auth_token in > api/registry file > > admin_token = 012345SECRET99TOKEN012345 > auth_token = 012345SECRET99TOKEN012345 > > If i add the above two lines, then it started working. > > The same case with swift also, "swift stat" command was not working, but if i > add the above two lines, then it started working. > > But the openstack documents did not specify to add these lines in glance and > swift config files. > > What could be the problem ? > > Thanks in advance. > > On Sat, May 12, 2012 at 4:24 PM, Dolph Mathews <[email protected]> > wrote: > I think the key is this line: > > 2012-05-11 10:03:11 18461 INFO [keystone.middleware.auth_token] Keystone > rejected admin token {'X-Auth-Token': u'6f220a2e7e324bf4bd7a96040f364316'}, > resetting > > It looks like your auth_token middleware isn't properly authenticating itself > with keystone. Verify that you can receive an admin token from the admin > endpoint using whatever credentials you've configured the auth_token > middleware to use via [filter:authtoken], (notice I'm using the admin > endpoint here): > > $ keystone --os_username=glance --os_password=glance --os_tenant=service > --os_auth_url=http://127.0.0.1:35357/v2.0 token-get > > I'm guessing this authentication is either failing, or doesn't have the > necessary admin privileges to validate other tokens? As shake.chen points > out, user-list will probably fail for this reason. > > -Dolph > > > On Sat, May 12, 2012 at 3:03 AM, Shake Chen <[email protected]> wrote: > you can check your keystone whether work correctly. > > keystone user-list > > > > On Fri, May 11, 2012 at 12:42 PM, Shashi Kanth Boddula <[email protected]> > wrote: > Ubuntu 12.04 Essex. > > # glance index > Failed to show index. Got error: > You are not authenticated. > Details: 401 Unauthorized > > This server could not verify that you are authorized to access the document > you requested. Either you supplied the wrong credentials (e.g., bad > password), or your browser does not understand how to supply the credentials > required. > > Authentication required > > # glance --os_username=glance --os_password=glance --os_tenant=service > --os_auth_url=http://127.0.0.1:5000/v2.0 index > > Failed to show index. Got error: > You are not authenticated. > Details: 401 Unauthorized > > This server could not verify that you are authorized to access the document > you requested. Either you supplied the wrong credentials (e.g., bad > password), or your browser does not understand how to supply the credentials > required. > > Authentication required > > > --------------------------------------- > > In the keystone log file i see the error bellow. > > > 2012-05-11 10:03:11 18461 INFO [keystone.middleware.auth_token] Retrying > validation > 2012-05-11 10:03:11 18461 INFO [keystone.middleware.auth_token] Keystone > rejected admin token {'X-Auth-Token': u'6f220a2e7e324bf4bd7a96040f364316'}, > resetting > 2012-05-11 10:03:11 18461 WARNING [keystone.middleware.auth_token] Invalid > user token: 238dc305de1e418b8b81bee4f648f984. Keystone response: {u'error': > {u'message': u'The request you have made requires authentication.', u'code': > 401, u'title': u'Not Authorized'}}. > 2012-05-11 10:03:11 18461 INFO [keystone.middleware.auth_token] Invalid > user token - rejecting request > > > > Not understanding where could be the problem. > > glace user is mapped to admin role in the service tenant. > > glance endpoint is created. > > I have specified glance user name, password and the service tenant in > glance-api/registry files, and keystone authentication specified. > > > Anyone tell me what could be the problem? Thank you. > > > > -- > Thanks & Regards, > Shashi Kanth > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : [email protected] > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > > > > -- > Shake Chen > > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : [email protected] > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > > > > > -- > Thanks & Regards, > Shashi Kanth >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
