# cat /etc/keystone/keystone.conf [DEFAULT] bind_host = 0.0.0.0 public_port = 5000 admin_port = 35357 admin_token = 012345SECRET99TOKEN012345 compute_port = 8774 verbose = True debug = True log_config = /etc/keystone/logging.conf
# cat /etc/glance/glance-api-paste.ini [filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory service_protocol = http service_host = 127.0.0.1 service_port = 5000 auth_host = 127.0.0.1 auth_port = 35357 auth_protocol = http auth_uri = http://127.0.0.1:5000/ admin_tenant_name = service admin_user = glance admin_password = glance #admin_token = 012345SECRET99TOKEN012345 #auth_token = 012345SECRET99TOKEN012345 [filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory service_protocol = http service_host = 127.0.0.1 service_port = 5000 auth_host = 127.0.0.1 auth_port = 35357 auth_protocol = http auth_uri = http://127.0.0.1:5000/ admin_tenant_name = "HP Software" admin_user = glance admin_password = glance #admin_token = 012345SECRET99TOKEN012345 #auth_token = 012345SECRET99TOKEN012345 On Sat, May 12, 2012 at 11:57 PM, Dolph Mathews <[email protected]>wrote: > The admin_token config is being used to bypass to normal authentication > process, thereby avoiding the issue. > > Can you paste the rest of your authtoken config? Also, try token-get > against 5000, and then try the resulting token as your admin_token value. > > -Dolph Mathews > > On May 12, 2012, at 12:01 PM, Shashi Kanth Boddula <[email protected]> > wrote: > > # keystone user-list > +----------------------------------+---------+-------+--------+ > | id | enabled | email | name | > +----------------------------------+---------+-------+--------+ > | 76a3cb1e5e7a427d8272838fc0a759fc | True | None | nova | > | a19e7f6975984e7fa6c8774d688d690b | True | None | admin | > | c92f9e064b884d5c8c140c98c4bb5fe2 | True | None | swift | > | ebc043e91a304342ac091854b05a383b | True | None | glance | > +----------------------------------+---------+-------+--------+ > > # glance index > Failed to show index. Got error: > You are not authenticated. > Details: 401 Unauthorized > > This server could not verify that you are authorized to access the > document you requested. Either you supplied the wrong credentials (e.g., > bad password), or your browser does not understand how to supply the > credentials required. > > Authentication required > > > # keystone --os_username=glance --os_password=glance > --os_tenant_name=service --os_auth_url=http://127.0.0.1:35357/v2.0token-get > 'Client' object has no attribute 'service_catalog' > > > But i am not getting this problem if i specify admin_token and auth_token > in api/registry file > > admin_token = 012345SECRET99TOKEN012345 > auth_token = 012345SECRET99TOKEN012345 > > If i add the above two lines, then it started working. > > The same case with swift also, "swift stat" command was not working, but > if i add the above two lines, then it started working. > > But the openstack documents did not specify to add these lines in glance > and swift config files. > > What could be the problem ? > > Thanks in advance. > > On Sat, May 12, 2012 at 4:24 PM, Dolph Mathews <[email protected]>wrote: > >> I think the key is this line: >> >> 2012-05-11 10:03:11 18461 INFO [keystone.middleware.auth_token] >> Keystone rejected admin token {'X-Auth-Token': u' >> 6f220a2e7e324bf4bd7a96040f364316'}, resetting >> >> It looks like your auth_token middleware isn't properly authenticating >> itself with keystone. Verify that you can receive an admin token from the >> admin endpoint using whatever credentials you've configured the auth_token >> middleware to use via [filter:authtoken], (notice I'm using the admin >> endpoint here): >> >> $ keystone --os_username=glance --os_password=glance --os_tenant=service >> --os_auth_url=http://127.0.0.1:35357/v2.0 token-get >> >> I'm guessing this authentication is either failing, or doesn't have the >> necessary admin privileges to validate other tokens? As shake.chen points >> out, user-list will probably fail for this reason. >> >> -Dolph >> >> >> On Sat, May 12, 2012 at 3:03 AM, Shake Chen <[email protected]> wrote: >> >>> you can check your keystone whether work correctly. >>> >>> keystone user-list >>> >>> >>> >>> On Fri, May 11, 2012 at 12:42 PM, Shashi Kanth Boddula < >>> [email protected]> wrote: >>> >>>> Ubuntu 12.04 Essex. >>>> >>>> # glance index >>>> Failed to show index. Got error: >>>> You are not authenticated. >>>> Details: 401 Unauthorized >>>> >>>> This server could not verify that you are authorized to access the >>>> document you requested. Either you supplied the wrong credentials (e.g., >>>> bad password), or your browser does not understand how to supply the >>>> credentials required. >>>> >>>> Authentication required >>>> >>>> # glance --os_username=glance --os_password=glance --os_tenant=service >>>> --os_auth_url=http://127.0.0.1:5000/v2.0 index >>>> >>>> Failed to show index. Got error: >>>> You are not authenticated. >>>> Details: 401 Unauthorized >>>> >>>> This server could not verify that you are authorized to access the >>>> document you requested. Either you supplied the wrong credentials (e.g., >>>> bad password), or your browser does not understand how to supply the >>>> credentials required. >>>> >>>> Authentication required >>>> >>>> >>>> --------------------------------------- >>>> >>>> In the keystone log file i see the error bellow. >>>> >>>> >>>> 2012-05-11 10:03:11 18461 INFO [keystone.middleware.auth_token] >>>> Retrying validation >>>> 2012-05-11 10:03:11 18461 INFO [keystone.middleware.auth_token] >>>> Keystone rejected admin token {'X-Auth-Token': >>>> u'6f220a2e7e324bf4bd7a96040f364316'}, resetting >>>> 2012-05-11 10:03:11 18461 WARNING [keystone.middleware.auth_token] >>>> Invalid user token: 238dc305de1e418b8b81bee4f648f984. Keystone response: >>>> {u'error': {u'message': u'The request you have made requires >>>> authentication.', u'code': 401, u'title': u'Not Authorized'}}. >>>> 2012-05-11 10:03:11 18461 INFO [keystone.middleware.auth_token] >>>> Invalid user token - rejecting request >>>> >>>> >>>> >>>> Not understanding where could be the problem. >>>> >>>> glace user is mapped to admin role in the service tenant. >>>> >>>> glance endpoint is created. >>>> >>>> I have specified glance user name, password and the service tenant in >>>> glance-api/registry files, and keystone authentication specified. >>>> >>>> >>>> Anyone tell me what could be the problem? Thank you. >>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> Shashi Kanth >>>> >>>> >>>> _______________________________________________ >>>> Mailing list: https://launchpad.net/~openstack >>>> Post to : [email protected] >>>> Unsubscribe : https://launchpad.net/~openstack >>>> More help : https://help.launchpad.net/ListHelp >>>> >>>> >>> >>> >>> -- >>> Shake Chen >>> >>> >>> >>> _______________________________________________ >>> Mailing list: https://launchpad.net/~openstack >>> Post to : [email protected] >>> Unsubscribe : https://launchpad.net/~openstack >>> More help : https://help.launchpad.net/ListHelp >>> >>> >> > > > -- > Thanks & Regards, > Shashi Kanth > > -- Thanks & Regards, Shashi Kanth
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
