[Fiware-lab-federation-nodes] R: Your configurations with Glance & Swift on Kilo version to work with the central Keystone

[Pecetti Mauro]

In my proxy-server.conf (swift) file I have the following configuration:
operator_roles = admin, SwiftOperator, member, owner
I had a similar problem and it was resolved by Alvaro by checking the roles.

BR
Mauro

Da: fiware-lab-federation-nodes-bounces at lists.fiware.org [mailto:fiware-lab-federation-nodes-bounces at lists.fiware.org] Per conto di José Ignacio Carretero
Inviato: venerdì 10 giugno 2016 14:27
A: fiware-lab-federation-nodes at lists.fiware.org
Oggetto: Re: [Fiware-lab-federation-nodes] Your configurations with Glance & Swift on Kilo version to work with the central Keystone

That makes sense to me. Although I hadn't configured Glance to store on Swift -- This is an excerpt from my proxy-server.conf (swift):

# The user must have at least one role named by operator_roles on a
# project in order to create, delete and modify containers and objects
# and to set and read privileged headers such as ACLs.
# If there are several reseller prefix items, you can prefix the
# parameter so it applies only to those accounts (for example
# the parameter SERVICE_operator_roles applies to the /v1/SERVICE_<project>
# path). If you omit the prefix, the option applies to all reseller
# prefix items. For the blank/empty prefix, prefix with '' (do not put
# underscore after the two single quote characters).
operator_roles = member, owner, swiftoperator

Maybe you should add "admin" role to that file?

Regards,
José Ignacio.

El 10/06/16 a las 10:43, Spyros Argyropoulos escribió:
Hi all,

We still have this problem with uploading images in our Kilo installation. Among the changes Giuseppe have sent us (see attached fie) we have additionally changed

/etc/glance/glance-swift.conf:
auth_address=http://cloud.lab.fiware.org:4730/v2.0/
key=<glance-crete password>

Our installation is using Swift as a Glance backend, which means that glance admin user (in our case 'glance-crete') is asking swift service to store an image.

Every time we are trying to upload an image we get the same ERROR message:
2016-06-02 09:00:31.140 39151 ERROR swiftclient [req-c82868f7-3a87-41c3-a243-41d8f656196e b3bf6c918b564dadbbf36242f067e16e 00000000000003228460960090160000 - - -] Unauthorized. Check username, password and tenant name/id.


I wonder if glance admin user should have an additional role in order to have permissions to store an image through the swiftclient.


Thank you in advance,


Spyros.



Spyros Argyropoulos, Computer & Informatics Eng.

Intelligent Systems Laboratory

School of Electronic and Computer Engineering

Technical University of Crete

University Campus - Kounoupidiana

73100 Chania, Crete

GREECE

Phone: +3028210 37342

Fax: +3028210 37542
On 10/6/2016 11:25 πμ, Chulani, Ilknur wrote:
Dear all,

Has any of you successfully configured Glance images over Swift on Kilo version with the central Keystone? If so, could you kindly share with us an example configuration?

The reason for my asking is,  we have the exact same problem as the Crete node on the SpainTenerife node. Everything works fine with Glance and Swift when we use the local keystone. But once we switch to the central Keystone, we start getting authorization errors.

So if any of you were able to get this configuration with the Central Keystone/Swift/Glance (Kilo) without issues, could you share with us some tips? Or how you did the configuration, etc.?

Thanks in advance for your help,

ilknur

From: fiware-lab-federation-nodes-bounces at lists.fiware.org<mailto:fiware-lab-federation-nodes-bounces at lists.fiware.org> [mailto:fiware-lab-federation-nodes-bounces at lists.fiware.org] On Behalf Of Spyros Argyropoulos
Sent: Thursday, June 02, 2016 2:02 PM
To: fiware-lab-federation-nodes at lists.fiware.org<mailto:fiware-lab-federation-nodes at lists.fiware.org>
Subject: [Fiware-lab-federation-nodes] Crete Node: Problem with glance image-create

Hi all,

I would like to have an opinion for a problem we face, especially from the nodes that have already successfully established an openstack deployment in Kilo federated in FiwareLab.

We have already established connection with keystone proxy.
All services look to work fine in Crete Node, except of one thing (which was working before federated to FiwareLab):
When we try to make a snapshot from FiwareLab Portal (Region:Crete) or when we try to create an image from CLI with our admin account (glance image_create ....) we get an Authorization ERROR in the glance-api.log (please see below). It seems to be a problem between glance and swift services.

Has anybody faced a similar problem?
(We have already triple-checked the changes we have made in services configuration files and also cross-checked changes with other nodes).

Thank you in advance,

Spyros.
glance-api.log:
=========================================================================================
2016-06-02 09:00:30.920 39151 DEBUG keystoneclient.auth.identity.v2 [req-c82868f7-3a87-41c3-a243-41d8f656196e b3bf6c918b564dadbbf36242f067e16e 00000000000003228460960090160000 - - -] Making authentication request to http://cloud.lab.fiware.org:4730/v2.0/tokens get_auth_ref /usr/lib/python2.7/dist-packages/keystoneclient/auth/identity/v2.py:76
2016-06-02 09:00:31.139 39151 DEBUG keystoneclient.session [req-c82868f7-3a87-41c3-a243-41d8f656196e b3bf6c918b564dadbbf36242f067e16e 00000000000003228460960090160000 - - -] Request returned failure status: 401 request /usr/lib/python2.7/dist-packages/keystoneclient/session.py:398
2016-06-02 09:00:31.139 39151 DEBUG keystoneclient.v2_0.client [req-c82868f7-3a87-41c3-a243-41d8f656196e b3bf6c918b564dadbbf36242f067e16e 00000000000003228460960090160000 - - -] Authorization Failed. get_raw_token_from_identity_service /usr/lib/python2.7/dist-packages/keystoneclient/v2_0/client.py:188
2016-06-02 09:00:31.140 39151 ERROR swiftclient [req-c82868f7-3a87-41c3-a243-41d8f656196e b3bf6c918b564dadbbf36242f067e16e 00000000000003228460960090160000 - - -] Unauthorized. Check username, password and tenant name/id.
2016-06-02 09:00:31.140 39151 TRACE swiftclient Traceback (most recent call last):
2016-06-02 09:00:31.140 39151 TRACE swiftclient   File "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 1253, in _retry
2016-06-02 09:00:31.140 39151 TRACE swiftclient     self.url, self.token = self.get_auth()
2016-06-02 09:00:31.140 39151 TRACE swiftclient   File "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 1227, in get_auth
2016-06-02 09:00:31.140 39151 TRACE swiftclient     insecure=self.insecure)
2016-06-02 09:00:31.140 39151 TRACE swiftclient   File "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 420, in get_auth
2016-06-02 09:00:31.140 39151 TRACE swiftclient     auth_version=auth_version)
2016-06-02 09:00:31.140 39151 TRACE swiftclient   File "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 349, in get_auth_keystone
2016-06-02 09:00:31.140 39151 TRACE swiftclient     raise ClientException(msg)
2016-06-02 09:00:31.140 39151 TRACE swiftclient ClientException: Unauthorized. Check username, password and tenant name/id.
2016-06-02 09:00:31.140 39151 TRACE swiftclient
2016-06-02 09:00:31.141 39151 ERROR glance.api.v1.upload_utils [req-c82868f7-3a87-41c3-a243-41d8f656196e b3bf6c918b564dadbbf36242f067e16e 00000000000003228460960090160000 - - -] Failed to upload image e0308ebe-693f-498e-979c-f599f4a4b137
2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils Traceback (most recent call last):
2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils   File "/usr/lib/python2.7/dist-packages/glance/api/v1/upload_utils.py", line 113, in upload_data_to_store
2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils     context=req.context)
2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils   File "/usr/lib/python2.7/dist-packages/glance_store/backend.py", line 339, in store_add_to_backend
2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils     context=context)
2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils   File "/usr/lib/python2.7/dist-packages/glance_store/capabilities.py", line 226, in op_checker
2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils     return store_op_fun(store, *args, **kwargs)
2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils   File "/usr/lib/python2.7/dist-packages/glance_store/_drivers/swift/store.py", line 492, in add
2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils     self._create_container_if_missing(location.container, connection)
2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils   File "/usr/lib/python2.7/dist-packages/glance_store/_drivers/swift/store.py", line 680, in _create_container_if_missing
2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils     connection.head_container(container)
2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils   File "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 1320, in head_container
2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils     return self._retry(None, head_container, container)
2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils   File "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 1253, in _retry
2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils     self.url, self.token = self.get_auth()
2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils   File "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 1227, in get_auth
2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils     insecure=self.insecure)
2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils   File "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 420, in get_auth
2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils     auth_version=auth_version)
2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils   File "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 349, in get_auth_keystone
2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils     raise ClientException(msg)
2016-06-02 09:00:31.141 39151 TRACE glance.api.v1.upload_utils ClientException: Unauthorized. Check username, password and tenant name/id.
===============================================================================================================================================



--

Spyros Argyropoulos, Computer & Informatics Eng.

Intelligent Systems Laboratory

School of Electronic and Computer Engineering

Technical University of Crete

University Campus - Kounoupidiana

73100 Chania, Crete

GREECE

Phone: +3028210 37342

Fax: +3028210 37542
Bu mesaj ve ekleri gönderilen kişiye özeldir ve gizli bilgiler içerebilir. Eğer mesajın gönderilmek istendiği kişi değilseniz lütfen kopyalamayınız, başkalarına göndermeyiniz ve göndericiyi bilgilendiriniz. Internet üzerinden gönderilen mesajların güvenli ve hatasız olduğunun garantisi olmadığından Atos grubu mesajın içeriğinden sorumlu tutulamaz. Göndericinin bilgisayarı anti-virüs sistemleri tarafından taranmaktadır, ancak yine de mesajın virüs içermediği garanti edilemez ve gönderici, meydana gelebilecek zararlardan sorumlu tutulamaz.

This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos group liability cannot be triggered for the message content. Although the sender endeavors to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.





_______________________________________________

Fiware-lab-federation-nodes mailing list

Fiware-lab-federation-nodes at lists.fiware.org<mailto:Fiware-lab-federation-nodes at lists.fiware.org>

https://lists.fiware.org/listinfo/fiware-lab-federation-nodes

________________________________

Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/fiware-lab-federation-nodes/attachments/20160610/bdb71874/attachment.html>