Re: [Openstack] Glance API shows authentication errno 1 during uploading image to swift's container

Thu, 22 Aug 2013 07:51:44 -0700 

Can you give us your glance config?

This is the error that makes me suspect some sort of incorrect SSL config

ClientException: Authorization Failure. Authorization Failed: [Errno 1] 
_ssl.c:490: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

Neil
________________________________________
From: Piotr Kopec [[email protected]]
Sent: Thursday, August 22, 2013 7:26 AM
To: Neil Tong
Cc: [email protected]
Subject: Re: [Openstack] Glance API shows authentication errno 1 during 
uploading image to swift's container

No. I think all my services are using just http protocol and just password for 
authentication.
Part of /etc/keystone/keystone.conf below:
```[ssl]
enable = False
#certfile = /etc/keystone/ssl/certs/keystone.pem
#keyfile = /etc/keystone/ssl/private/keystonekey.pem
#ca_certs = /etc/keystone/ssl/certs/ca.pem
#cert_required = True

[signing]
#token_format = PKI
#certfile = /etc/keystone/ssl/certs/signing_cert.pem
#keyfile = /etc/keystone/ssl/private/signing_key.pem
#ca_certs = /etc/keystone/ssl/certs/ca.pem
#key_size = 1024
#valid_days = 3650
#ca_password = None```


2013/8/22 Neil Tong <[email protected]<mailto:[email protected]>>

Looks like an SSL problem, so you have Keystone setup to use SSL?

Piotr Kopec <[email protected]<mailto:[email protected]>> wrote:



Hello folks,

I have met problem during configuration of Swift as a backend storage service 
for Glance. I have configured Glance according to Red Hat Instalation Guide. 
Now when I am trying to upload image using glance image-create command 
following message occures:




[root@openstack182 ~]# glance image-create --name="Cirros 0.3.1" 
--disk-format=qcow2 --container-format bare < 
/tmp/images/cirros-0.3.1-x86_64-disk.img
Request returned failure status.
500 Internal Server Error
The server has either erred or is incapable of performing the requested 
operation.
    (HTTP 500)

So the problem is with Swift server. Although Swift is able to create 
containers and upload files to them usingswift upload command:




[root@openstack182 ~]# swift upload c4 data3.file
data3.file
[root@openstack182 ~]# swift list
c1
c2
c3
c4
[root@openstack182 ~]# swift list c4
data3.file

Glance also works well if the default_store parameter is set to file.

After attempting to upload image to swift's container Glance API logs shows 
there is some problem with authentication:




[root@openstack182 ~]# glance image-create --name="Cirros 0.3.1" 
--disk-format=qcow2 --container-format bare < 
/tmp/images/cirros-0.3.1-x86_64-disk.img
Request returned failure status.
500 Internal Server Error
The server has either erred or is incapable of performing the requested 
operation.
    (HTTP 500)
[root@openstack182 ~]# date
czw, 22 sie 2013, 14:39:00 CEST
[root@openstack182 ~]# tail -n 50 /var/log/glance/api.log
2013-08-22 14:38:49.316 ERROR glance.api.v1.images 
[f32b8f75-054d-4be0-a048-dd797016d043 f554f1bf0c964ab3843214c0dfabf7a6 
c154fa85885b4589aeb3b76f3a8d8beb] Failed to upload image
2013-08-22 14:38:49.316 8466 TRACE glance.api.v1.images Traceback (most recent 
call last):
2013-08-22 14:38:49.316 8466 TRACE glance.api.v1.images   File 
"/usr/lib/python2.6/site-packages/glance/api/v1/images.py", line 444, in _upload
2013-08-22 14:38:49.316 8466 TRACE glance.api.v1.images     image_meta['size'])
2013-08-22 14:38:49.316 8466 TRACE glance.api.v1.images   File 
"/usr/lib/python2.6/site-packages/glance/store/swift.py", line 321, in add
2013-08-22 14:38:49.316 8466 TRACE glance.api.v1.images     
self._create_container_if_missing(location.container, connection)
2013-08-22 14:38:49.316 8466 TRACE glance.api.v1.images   File 
"/usr/lib/python2.6/site-packages/glance/store/swift.py", line 490, in 
_create_container_if_missing
2013-08-22 14:38:49.316 8466 TRACE glance.api.v1.images     
connection.head_container(container)
2013-08-22 14:38:49.316 8466 TRACE glance.api.v1.images   File 
"/usr/lib/python2.6/site-packages/swiftclient/client.py", line 1070, in 
head_container
2013-08-22 14:38:49.316 8466 TRACE glance.api.v1.images     return 
self._retry(None, head_container, container)
2013-08-22 14:38:49.316 8466 TRACE glance.api.v1.images   File 
"/usr/lib/python2.6/site-packages/swiftclient/client.py", line 1022, in _retry
2013-08-22 14:38:49.316 8466 TRACE glance.api.v1.images     self.url, 
self.token = self.get_auth()
2013-08-22 14:38:49.316 8466 TRACE glance.api.v1.images   File 
"/usr/lib/python2.6/site-packages/swiftclient/client.py", line 1010, in get_auth
2013-08-22 14:38:49.316 8466 TRACE glance.api.v1.images     
insecure=self.insecure)
2013-08-22 14:38:49.316 8466 TRACE glance.api.v1.images   File 
"/usr/lib/python2.6/site-packages/swiftclient/client.py", line 329, in get_auth
2013-08-22 14:38:49.316 8466 TRACE glance.api.v1.images     insecure=insecure)
2013-08-22 14:38:49.316 8466 TRACE glance.api.v1.images   File 
"/usr/lib/python2.6/site-packages/swiftclient/client.py", line 266, in 
get_keystoneclient_2_0
2013-08-22 14:38:49.316 8466 TRACE glance.api.v1.images     raise 
ClientException('Authorization Failure. %s' % err)
2013-08-22 14:38:49.316 8466 TRACE glance.api.v1.images ClientException: 
Authorization Failure. Authorization Failed: [Errno 1] _ssl.c:490: 
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
2013-08-22 14:38:49.316 8466 TRACE glance.api.v1.images

Some keystone command output:




[root@openstack182 ~]# keystone user-list
+----------------------------------+---------+---------+-------+
|                id                |   name  | enabled | email |
+----------------------------------+---------+---------+-------+
| f554f1bf0c964ab3843214c0dfabf7a6 |  admin  |   True  |       |
| ce494e0d76e44f1e9a4e4bccc5d6d3b2 |  cinder |   True  |       |
| efa48ad1e0cb4142a7043cdc97ff605e |   ec2   |   True  |       |
| 39d7c739fc31408c97cae9112a6da056 |  glance |   True  |       |
| 147bf1212187401e8a21ee18a6e174b1 |   nova  |   True  |       |
| ac2a95560972434a84583df494b721ba | quantum |   True  |       |
| 97b1c6a788bc476ba620152c769b20b5 |  swift  |   True  |       |
+----------------------------------+---------+---------+-------+
[root@openstack182 ~]# keystone tenant-list
+----------------------------------+---------+---------+
|                id                |   name  | enabled |
+----------------------------------+---------+---------+
| c154fa85885b4589aeb3b76f3a8d8beb |   demo  |   True  |
| ae243f7ba98441aea224d712cdd97ed0 | service |   True  |
+----------------------------------+---------+---------+

[root@openstack182 ~]# keystone service-list
+----------------------------------+----------+--------------+------------------------------+
|                id                |   name   |     type     |         
description          |
+----------------------------------+----------+--------------+------------------------------+
| 8d5ec35259d2442e999a709f49e6355d |  cinder  |    volume    |    Cinder Volume 
Service     |
| e93f78475fd8476895ff7a74fac8842b |   ec2    |     ec2      |   EC2 
Compatibility Layer    |
| 422c6b4ccb8f4765ab55c51d9fd5d11a |  glance  |    image     |        Image 
Service         |
| 64dd013cbab24a48a8d3b25423d8c555 | keystone |   identity   |       Identity 
Service       |
| c807829b23444d90a065a0597c691424 |   nova   |   compute    |       Compute 
Service        |
| 97179db088674c35b31b51abf9605bc7 | quantum  |   network    | OpenStack 
Networking service |
| 72a8718bb35143cfaac726cc7a41e60e |  swift   | object-store |    Object 
Storage Service    |
+----------------------------------+----------+--------------+------------------------------+

Could anyone help me with this issue, please?

All answers are appreciated.

Regards.

 Piotr

_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : [email protected]
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Reply via email to