(Openstack)无法将图像上载到Image Service

时间:2015-07-03 09:50:34

标签: image authentication openstack credentials

我是Openstack的新手,并尝试构建自己的Openstack环境。 遵循" OpenStack安装指南,适用于Red Hat Enterprise Linux 7,CentOS 7和Fedora 20" (在Fedora 21上),我在将cirrOS上传到Image-Service时遇到了问题。

我的Openstack版本,参考这个命令:" [root @ localhost~] #keystone-manage --version"应该 2014年2月2日

尝试上传图片后,我得到了这个输出:

ADMIN-OPENRC.SH:

export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=MYPASS
export OS_AUTH_URL=http://controller:35357/v2.0
  

[root @ localhost~]#source admin-openrc.sh [root @ localhost~] #glance   --debug image-create --name" cirros-0.3.3-x86_64" --file /tmp/images/cirros-0.3.3-x86_64-disk.img --disk-format qcow2   --container-format bare --is-public True --progress curl -i -X POST -H' Accept-Encoding:gzip,deflate' -H' x-image-meta-container_format:   裸' -H'接受: / ' -H' X-Auth-Token:   {SHA1} 726116102202fa50ff0c064ca3cadb86b65fe997' -H' x-image-meta-size:   13200896' -H'连接:保持活力' -H' x-image-meta-is_public:   真正的' -H' User-Agent:python-glanceclient' -H'内容类型:   应用/八位字节流' -H' x-image-meta-disk_format:qcow2' -H   ' x-image-meta-name:cirros-0.3.3-x86_64'   http://controller:9292/v1/images [=============================>]   100%请求返回失败状态401.无效的OpenStack标识   凭证。

我必须提到我可以从keystone获得令牌而没有问题:

  

[root @ localhost~] #keystone token-get   
+ ----------- + --------------------------------- - +
|财产|   价值|   
+ ----------- + --------------------------------- - +
|到期|   2015-07-03T10:26:38Z |
| id |   96299e7c355d43a9b8e5b7f47a4d4cdd |
| tenant_id |   425de1784b644473b6f1cffe874992c5 |
| user_id |   0a85326e1c744d449327894b6a276b5d |   
+ ----------- + --------------------------------- - +

Here are my config files:

GLANCE-API.CONF & GLANCE-REGISTRY.CONF
connection=mysql://glance:MYPASS@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = glance
admin_password = MYPASS

KEYSTONE.CONF
connection=mysql://keystone:MYPASS@controller/keystone </b>


Here is my api.log:
/var/log/glance/api.log
2015-07-03 11:15:00.763 3447 WARNING keystonemiddleware.auth_token [-] Retrying on HTTP connection exception: Unable to establish connection to http://controller:35357/
2015-07-03 11:15:01.266 3447 WARNING keystonemiddleware.auth_token [-] Retrying on HTTP connection exception: Unable to establish connection to http://controller:35357/
2015-07-03 11:15:02.269 3447 WARNING keystonemiddleware.auth_token [-] Retrying on HTTP connection exception: Unable to establish connection to http://controller:35357/
2015-07-03 11:15:04.273 3447 ERROR keystonemiddleware.auth_token [-] HTTP connection exception: Unable to establish connection to http://controller:35357/
2015-07-03 11:15:04.274 3447 WARNING keystonemiddleware.auth_token [-] Authorization failed for token
2015-07-03 11:15:04.274 3447 INFO keystonemiddleware.auth_token [-] Invalid user token - deferring reject downstream
2015-07-03 11:15:04.327 3447 INFO glance.wsgi.server [-] 192.168.13.92 - - [03/Jul/2015 11:15:04] "POST /v1/images HTTP/1.1" 401 571 3.579172
2015-07-03 11:30:29.083 3446 WARNING keystonemiddleware.auth_token [-] Retrying on HTTP connection exception: Unable to establish connection to http://controller:35357/
2015-07-03 11:30:29.587 3446 WARNING keystonemiddleware.auth_token [-] Retrying on HTTP connection exception: Unable to establish connection to http://controller:35357/
2015-07-03 11:30:30.591 3446 WARNING keystonemiddleware.auth_token [-] Retrying on HTTP connection exception: Unable to establish connection to http://controller:35357/
2015-07-03 11:30:32.595 3446 ERROR keystonemiddleware.auth_token [-] HTTP connection exception: Unable to establish connection to http://controller:35357/
2015-07-03 11:30:32.595 3446 WARNING keystonemiddleware.auth_token [-] Authorization failed for token
2015-07-03 11:30:32.595 3446 INFO keystonemiddleware.auth_token [-] Invalid user token - deferring reject downstream
2015-07-03 11:30:32.649 3446 INFO glance.wsgi.server [-] 192.168.13.92 - - [03/Jul/2015 11:30:32] "POST /v1/images HTTP/1.1" 401 571 3.581761

感谢您的努力 凯文

-------------------------- EDIT -------------------- --------- 完整Glance-Registry.conf:

[DEFAULT]
# Show more verbose log output (sets INFO log level output)
verbose=True

# Show debugging output in logs (sets DEBUG log level output)
#debug=False

# Address to bind the registry server
#bind_host=0.0.0.0

# Port the bind the registry server to
#bind_port=9191

# Log to this file. Make sure you do not set the same log file for both the API
# and registry servers!
#
# If `log_file` is omitted and `use_syslog` is false, then log messages are
# sent to stdout as a fallback.
#log_file=/var/log/glance/registry.log

# Backlog requests when creating socket
#backlog=4096

# TCP_KEEPIDLE value in seconds when creating socket.
# Not supported on OS X.
#tcp_keepidle=600

# API to use for accessing data. Default value points to sqlalchemy
# package.
#data_api=glance.db.sqlalchemy.api

# The number of child process workers that will be
# created to service Registry requests. The default will be
# equal to the number of CPUs available. (integer value)
#workers=None

# Enable Registry API versions individually or simultaneously
#enable_v1_registry=True
#enable_v2_registry=True

# Limit the api to return `param_limit_max` items in a call to a container. If
# a larger `limit` query param is provided, it will be reduced to this value.
#api_limit_max=1000

# If a `limit` query param is not provided in an api request, it will
# default to `limit_param_default`
#limit_param_default=25

# Role used to identify an authenticated user as administrator
#admin_role=admin

# Whether to automatically create the database tables.
# Default: False
#db_auto_create=False

# Enable DEBUG log messages from sqlalchemy which prints every database
# query and response.
# Default: False
#sqlalchemy_debug=True

# ================= Syslog Options ============================

# Send logs to syslog (/dev/log) instead of to file specified
# by `log_file`
#use_syslog=False

# Facility to use. If unset defaults to LOG_USER.
#syslog_log_facility=LOG_LOCAL1

# ================= SSL Options ===============================

# Certificate file to use when starting registry server securely
#cert_file=/path/to/certfile

# Private key file to use when starting registry server securely
#key_file=/path/to/keyfile

# CA certificate file to use to verify connecting clients
#ca_file=/path/to/cafile

# ============ Notification System Options =====================

# Driver or drivers to handle sending notifications. Set to
# 'messaging' to send notifications to a message queue.
notification_driver = noop

# Default publisher_id for outgoing notifications.
# default_publisher_id = image.localhost

# Messaging driver used for 'messaging' notifications driver
# rpc_backend = 'rabbit'

# Configuration options if sending notifications via rabbitmq (these are
# the defaults)
#rabbit_host=localhost
#rabbit_port=5672
#rabbit_use_ssl=false
#rabbit_userid=guest
#rabbit_password=guest
#rabbit_virtual_host=/
#rabbit_notification_exchange=glance
#rabbit_notification_topic=notifications
#rabbit_durable_queues=False

# Configuration options if sending notifications via Qpid (these are
# the defaults)
#qpid_notification_exchange=glance
#qpid_notification_topic=notifications
#qpid_hostname=localhost
#qpid_port=5672
#qpid_username=
#qpid_password=
#qpid_sasl_mechanisms=
#qpid_reconnect_timeout=0
#qpid_reconnect_limit=0
#qpid_reconnect_interval_min=0
#qpid_reconnect_interval_max=0
#qpid_reconnect_interval=0
#qpid_heartbeat=5
# Set to 'ssl' to enable SSL
#qpid_protocol=tcp
#qpid_tcp_nodelay=True


# ================= Database Options ==========================

[database]
# The file name to use with SQLite (string value)
#sqlite_db=glance.sqlite

# If True, SQLite uses synchronous mode (boolean value)
#sqlite_synchronous=True

# The backend to use for db (string value)
# Deprecated group/name - [DEFAULT]/db_backend
#backend=sqlalchemy

# The SQLAlchemy connection string used to connect to the
# database (string value)
# Deprecated group/name - [DEFAULT]/sql_connection
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
connection = mysql://glance:MYPASS@controller/glance

# The SQL mode to be used for MySQL sessions. This option,
# including the default, overrides any server-set SQL mode. To
# use whatever SQL mode is set by the server configuration,
# set this to no value. Example: mysql_sql_mode= (string
# value)
#mysql_sql_mode=TRADITIONAL

# Timeout before idle sql connections are reaped (integer
# value)
# Deprecated group/name - [DEFAULT]/sql_idle_timeout
# Deprecated group/name - [DATABASE]/sql_idle_timeout
# Deprecated group/name - [sql]/idle_timeout
#idle_timeout=3600

# Minimum number of SQL connections to keep open in a pool
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_min_pool_size
# Deprecated group/name - [DATABASE]/sql_min_pool_size
#min_pool_size=1

# Maximum number of SQL connections to keep open in a pool
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_pool_size
# Deprecated group/name - [DATABASE]/sql_max_pool_size
#max_pool_size=<None>

# Maximum db connection retries during startup. (setting -1
# implies an infinite retry count) (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_retries
# Deprecated group/name - [DATABASE]/sql_max_retries
#max_retries=10

# Interval between retries of opening a sql connection
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_retry_interval
# Deprecated group/name - [DATABASE]/reconnect_interval
#retry_interval=10

# If set, use this value for max_overflow with sqlalchemy
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_overflow
# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
#max_overflow=<None>

# Verbosity of SQL debugging information. 0=None,
# 100=Everything (integer value)
# Deprecated group/name - [DEFAULT]/sql_connection_debug
#connection_debug=0

# Add python stack traces to SQL as comment strings (boolean
# value)
# Deprecated group/name - [DEFAULT]/sql_connection_trace
#connection_trace=False

# If set, use this value for pool_timeout with sqlalchemy
# (integer value)
# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
#pool_timeout=<None>

# Enable the experimental use of database reconnect on
# connection lost (boolean value)
#use_db_reconnect=False

# seconds between db connection retries (integer value)
#db_retry_interval=1

# Whether to increase interval between db connection retries,
# up to db_max_retry_interval (boolean value)
#db_inc_retry_interval=True

# max seconds between db connection retries, if
# db_inc_retry_interval is enabled (integer value)
#db_max_retry_interval=10

# maximum db connection retries before error is raised.
# (setting -1 implies an infinite retry count) (integer value)
#db_max_retries=20

[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = glance
admin_password = MYPASS

[paste_deploy]
# Name of the paste configuration file that defines the available pipelines
#config_file=/usr/share/glance/glance-registry-dist-paste.ini

# Partial name of a pipeline in your paste configuration file with the
# service name removed. For example, if your paste section name is
# [pipeline:glance-registry-keystone], you would configure the flavor below
# as 'keystone'.
flavor=keystone

[profiler]
# If False fully disable profiling feature.
#enabled=False

# If False doesn't trace SQL requests.
#trace_sqlalchemy=False

概览-Api.conf:

[paste_deploy]
# Name of the paste configuration file that defines the available pipelines
#config_file=/usr/share/glance/glance-api-dist-paste.ini

# Partial name of a pipeline in your paste configuration file with the
# service name removed. For example, if your paste section name is
# [pipeline:glance-api-keystone], you would configure the flavor below
# as 'keystone'.
flavor=keystone

1 个答案:

答案 0 :(得分:1)

凯文,

你所有的配置都很好看。以下是我建议你做的事情

1)运行扫视图像列表并查看是否有任何内容

2)您是否正确分配了管理员角色以浏览用户“keystone user-role-add --user glance --tenant service --role admin”?

3)你在运行glance create之前运行了source-openrc.sh吗?

HTH

此致 阿希什