[Fiware-lab-federation-nodes] Your configurations with Glance & Swift on Kilo version to work with the central Keystone

Spyros Argyropoulos spyros at intelligence.tuc.gr
Fri Jun 10 10:43:13 CEST 2016
Previous message: [Fiware-lab-federation-nodes] Your configurations with Glance & Swift on Kilo version to work with the central Keystone
Next message: [Fiware-lab-federation-nodes] Your configurations with Glance & Swift on Kilo version to work with the central Keystone
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi all,

We still have this problem with uploading images in our Kilo 
installation. Among the changes Giuseppe have sent us (see attached fie) 
we have additionally changed

/etc/glance/glance-swift.conf:
auth_address=http://cloud.lab.fiware.org:4730/v2.0/
key=<glance-crete password>

Our installation is using Swift as a Glance backend, which means that 
glance admin user (in our case 'glance-crete') is asking swift service 
to store an image.

Every time we are trying to upload an image we get the same ERROR message:
2016-06-02 09:00:31.140 39151 ERROR swiftclient 
[req-c82868f7-3a87-41c3-a243-41d8f656196e 
b3bf6c918b564dadbbf36242f067e16e 00000000000003228460960090160000 - - -] 
Unauthorized. Check username, password and tenant name/id.


*I wonder if glance admin user should have an additional role in order 
to have permissions to store an image through the swiftclient.*


Thank you in advance,


Spyros.

Spyros Argyropoulos, Computer & Informatics Eng.
Intelligent Systems Laboratory
School of Electronic and Computer Engineering
Technical University of Crete
University Campus - Kounoupidiana
73100 Chania, Crete
GREECE
Phone: +3028210 37342
Fax: +3028210 37542

On 10/6/2016 11:25 πμ, Chulani, Ilknur wrote:
>
> Dear all,
>
> Has any of you successfully configured Glance images over Swift on 
> Kilo version with the central Keystone? If so, could you kindly share 
> with us an example configuration?
>
> The reason for my asking is,  we have the exact same problem as the 
> Crete node on the SpainTenerife node. Everything works fine with 
> Glance and Swift when we use the local keystone. But once we switch to 
> the central Keystone, we start getting authorization errors.
>
> So if any of you were able to get this configuration with the Central 
> Keystone/Swift/Glance (Kilo) without issues, could you share with us 
> some tips? Or how you did the configuration, etc.?
>
> Thanks in advance for your help,
>
> ilknur
>
> *From:*fiware-lab-federation-nodes-bounces at lists.fiware.org 
> [mailto:fiware-lab-federation-nodes-bounces at lists.fiware.org] *On 
> Behalf Of * Spyros Argyropoulos
> *Sent:* Thursday, June 02, 2016 2:02 PM
> *To:* fiware-lab-federation-nodes at lists.fiware.org
> *Subject:* [Fiware-lab-federation-nodes] Crete Node: Problem with 
> glance image-create
>
> Hi all,
>
> I would like to have an opinion for a problem we face, especially from 
> the nodes that have already successfully established an openstack 
> deployment in Kilo federated in FiwareLab.
>
> We have already established connection with keystone proxy.
> All services look to work fine in Crete Node, except of one thing 
> (which was working before federated to FiwareLab):
> When we try to make a snapshot from FiwareLab Portal (Region:Crete) or 
> when we try to create an image from CLI with our admin account (glance 
> image_create ....) we get an Authorization ERROR in the glance-api.log 
> (please see below). It seems to be a problem between glance and swift 
> services.
>
> Has anybody faced a similar problem?
> (We have already triple-checked the changes we have made in services 
> configuration files and also cross-checked changes with other nodes).
>
> Thank you in advance,
>
> Spyros.
>
> glance-api.log:
>
> =========================================================================================
>
> 2016-06-02 09:00:30.920 39151 DEBUG keystoneclient.auth.identity.v2 
> [req-c82868f7-3a87-41c3-a243-41d8f656196e 
> b3bf6c918b564dadbbf36242f067e16e 00000000000003228460960090160000 - - 
> -] Making authentication request to 
> http://cloud.lab.fiware.org:4730/v2.0/tokens get_auth_ref 
> /usr/lib/python2.7/dist-packages/keystoneclient/auth/identity/v2.py:76
> 2016-06-02 09:00:31.139 39151 DEBUG keystoneclient.session 
> [req-c82868f7-3a87-41c3-a243-41d8f656196e 
> b3bf6c918b564dadbbf36242f067e16e 00000000000003228460960090160000 - - 
> -] Request returned failure status: 401 request 
> /usr/lib/python2.7/dist-packages/keystoneclient/session.py:398
> 2016-06-02 09:00:31.139 39151 DEBUG keystoneclient.v2_0.client 
> [req-c82868f7-3a87-41c3-a243-41d8f656196e 
> b3bf6c918b564dadbbf36242f067e16e 00000000000003228460960090160000 - - 
> -] Authorization Failed. get_raw_token_from_identity_service 
> /usr/lib/python2.7/dist-packages/keystoneclient/v2_0/client.py:188
> 2016-06-02 09:00:31.140 39151 ERROR swiftclient 
> [req-c82868f7-3a87-41c3-a243-41d8f656196e 
> b3bf6c918b564dadbbf36242f067e16e 00000000000003228460960090160000 - - 
> -] Unauthorized. Check username, password and tenant name/id.
> 2016-06-02 09:00:31.140 39151 TRACE swiftclient Traceback (most recent 
> call last):
> 2016-06-02 09:00:31.140 39151 TRACE swiftclient   File 
> "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 1253, 
> in _retry
> 2016-06-02 09:00:31.140 39151 TRACE swiftclient     self.url, 
> self.token = self.get_auth()
> 2016-06-02 09:00:31.140 39151 TRACE swiftclient   File 
> "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 1227, 
> in get_auth
> 2016-06-02 09:00:31.140 39151 TRACE swiftclient insecure=self.insecure)
> 2016-06-02 09:00:31.140 39151 TRACE swiftclient   File 
> "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 420, in 
> get_auth
> 2016-06-02 09:00:31.140 39151 TRACE swiftclient auth_version=auth_version)
> 2016-06-02 09:00:31.140 39151 TRACE swiftclient   File 
> "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 349, in 
> get_auth_keystone
> 2016-06-02 09:00:31.140 39151 TRACE swiftclient     raise 
> ClientException(msg)
> 2016-06-02 09:00:31.140 39151 TRACE swiftclient ClientException: 
> Unauthorized. Check username, password and tenant name/id.
> 2016-06-02 09:00:31.140 39151 TRACE swiftclient
> 2016-06-02 09:00:31.141 39151 ERROR glance.api.v1.upload_utils 
> [req-c82868f7-3a87-41c3-a243-41d8f656196e 
> b3bf6c918b564dadbbf36242f067e16e 00000000000003228460960090160000 - - 
> -] Failed to upload image e0308ebe-693f-498e-979c-f599f4a4b137
> 2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils 
> Traceback (most recent call last):
> 2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils   File 
> "/usr/lib/python2.7/dist-packages/glance/api/v1/upload_utils.py", line 
> 113, in upload_data_to_store
> 2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils     
> context=req.context)
> 2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils   File 
> "/usr/lib/python2.7/dist-packages/glance_store/backend.py", line 339, 
> in store_add_to_backend
> 2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils     
> context=context)
> 2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils   File 
> "/usr/lib/python2.7/dist-packages/glance_store/capabilities.py", line 
> 226, in op_checker
> 2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils     
> return store_op_fun(store, *args, **kwargs)
> 2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils   File 
> "/usr/lib/python2.7/dist-packages/glance_store/_drivers/swift/store.py", 
> line 492, in add
> 2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils 
> self._create_container_if_missing(location.container, connection)
> 2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils   File 
> "/usr/lib/python2.7/dist-packages/glance_store/_drivers/swift/store.py", 
> line 680, in _create_container_if_missing
> 2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils 
> connection.head_container(container)
> 2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils   File 
> "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 1320, 
> in head_container
> 2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils     
> return self._retry(None, head_container, container)
> 2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils   File 
> "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 1253, 
> in _retry
> 2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils     
> self.url, self.token = self.get_auth()
> 2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils   File 
> "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 1227, 
> in get_auth
> 2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils     
> insecure=self.insecure)
> 2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils   File 
> "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 420, in 
> get_auth
> 2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils     
> auth_version=auth_version)
> 2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils   File 
> "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 349, in 
> get_auth_keystone
> 2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils     
> raise ClientException(msg)
> 2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils 
> ClientException: Unauthorized. Check username, password and tenant 
> name/id.
> ===============================================================================================================================================
>
> -- 
> Spyros Argyropoulos, Computer & Informatics Eng.
> Intelligent Systems Laboratory
> School of Electronic and Computer Engineering
> Technical University of Crete
> University Campus - Kounoupidiana
> 73100 Chania, Crete
> GREECE
> Phone: +3028210 37342
> Fax: +3028210 37542
> Bu mesaj ve ekleri gönderilen kişiye özeldir ve gizli bilgiler 
> içerebilir. Eğer mesajın gönderilmek istendiği kişi değilseniz lütfen 
> kopyalamayınız, başkalarına göndermeyiniz ve göndericiyi 
> bilgilendiriniz. Internet üzerinden gönderilen mesajların güvenli ve 
> hatasız olduğunun garantisi olmadığından Atos grubu mesajın 
> içeriğinden sorumlu tutulamaz. Göndericinin bilgisayarı anti-virüs 
> sistemleri tarafından taranmaktadır, ancak yine de mesajın virüs 
> içermediği garanti edilemez ve gönderici, meydana gelebilecek 
> zararlardan sorumlu tutulamaz.
>
> This e-mail and the documents attached are confidential and intended 
> solely for the addressee; it may also be privileged. If you receive 
> this e-mail in error, please notify the sender immediately and destroy 
> it. As its integrity cannot be secured on the Internet, the Atos group 
> liability cannot be triggered for the message content. Although the 
> sender endeavors to maintain a computer virus-free network, the sender 
> does not warrant that this transmission is virus-free and will not be 
> liable for any damages resulting from any virus transmitted.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/fiware-lab-federation-nodes/attachments/20160610/81aa31cc/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ConfigureyourFiware-LabNode-Giuseppe.pdf
Type: application/pdf
Size: 72013 bytes
Desc: not available
URL: <https://lists.fiware.org/private/fiware-lab-federation-nodes/attachments/20160610/81aa31cc/attachment.pdf>
Previous message: [Fiware-lab-federation-nodes] Your configurations with Glance & Swift on Kilo version to work with the central Keystone
Next message: [Fiware-lab-federation-nodes] Your configurations with Glance & Swift on Kilo version to work with the central Keystone
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Fiware-lab-federation-nodes mailing list
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy