由于身份验证失败,一瞥不起作用

时间:2016-10-01 00:21:39

标签: openstack openstack-glance

我在某些机器上设置了Openstack。我正在遵循本指南http://docs.openstack.org/liberty/install-guide-ubuntu/,直到我遇到这个问题:

当我验证图像服务(Glance)时,我遇到了以下问题:

$ cat admin-openrc.sh 
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=passw0rd
export OS_AUTH_URL=http://Renaissance:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
$ source admin-openrc.sh
$ glance --debug image-create --name "cirros" \
>   --file cirros-0.3.4-x86_64-disk.img \
>   --disk-format qcow2 --container-format bare \
>   --visibility public --progress
curl -g -i -X GET -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'User-Agent: python-glanceclient' -H 'Connection: keep-alive' -H 'X-Auth-Token: {SHA1}7ce8d893ef6cdaca2ed5a876c8211a841455ba65' -H 'Content-Type: application/octet-stream' http://Renaissance:9292/v2/schemas/image
Request returned failure status 401.
Invalid OpenStack Identity credentials.

我会使用任何其他扫视功能(例如扫视图像列表)得到相同的错误。

我认为自从我按照指南操作后,我的配置正确无误。 这是我的Openstack服务,项目,用户,角色和端点

+----------------------------------+----------+----------+
| ID                               | Name     | Type     |
+----------------------------------+----------+----------+
| bf585630a5cb475b9e883493de3813fa | glance   | image    |
| fc29e468dae849e6afb97ecc3bf487f6 | keystone | identity |
+----------------------------------+----------+----------+
+----------------------------------+----------+
| ID                               | Name     |
+----------------------------------+----------+
| 0bc473b2e77a4a9bb7871ed2afacb995 | admin    |
| dcaf480621164c409b6704c3f42e0869 | service  |
| e9f709d860fe46e2819b6bf1c78ccd0f | nonadmin |
+----------------------------------+----------+
+----------------------------------+----------+
| ID                               | Name     |
+----------------------------------+----------+
| 485374adcbe54ce5b9ef465b84aa2c9f | admin    |
| 7447f4cd56f64ccfb111cba74f9a4b92 | nonadmin |
| d9ffc32240d24328b10af8b2550ec414 | glance   |
+----------------------------------+----------+
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 466fea231ef54d3ca4564fb42f51bb5c | admin |
| a36c726d27f04ebf92d336c3acfcd945 | user  |
+----------------------------------+-------+
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                           |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
| 01f62a7b9f7f4fa782e8bc695e74afc1 | RegionOne | glance       | image        | True    | internal  | http://Renaissance:9292       |
| abb7e5052d8646428e82ef58ca21b376 | RegionOne | keystone     | identity     | True    | public    | http://Renaissance:5000/v2.0  |
| d5b3180255b44a0eafe0810a20e104bc | RegionOne | glance       | image        | True    | public    | http://Renaissance:9292       |
| e0392842c6f64ac389a5688bc2581192 | RegionOne | keystone     | identity     | True    | internal  | http://Renaissance:5000/v2.0  |
| e0eb3dd0ed774669bce9a74dd3831c05 | RegionOne | keystone     | identity     | True    | admin     | http://Renaissance:35357/v2.0 |
| ec855dca8f87454e997fd55c47f17703 | RegionOne | glance       | image        | True    | admin     | http://Renaissance:9292       |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+

我的auth配置一览(在glance-api.conf和glance-registry.conf中)如下所示:

...
[keystone_authtoken]
# Complete public Identity API endpoint. (string value)
auth_uri = http://Renaissance:5000
auth_uri = http://Renaissance:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = passw0rd
...

我可以使用Openstack获取令牌:

$ openstack token issue
+------------+----------------------------------+
| Field      | Value                            |
+------------+----------------------------------+
| expires    | 2016-10-01T01:16:48.482839Z      |
| id         | 2a4e052a2c4140a28f550158d95ecd3b |
| project_id | 0bc473b2e77a4a9bb7871ed2afacb995 |
| user_id    | 485374adcbe54ce5b9ef465b84aa2c9f |
+------------+----------------------------------+

我猜它的api版本问题,但我一直在改变uri的版本号,但它没有用。任何帮助表示赞赏。谢谢!

1 个答案:

答案 0 :(得分:0)

在您的一瞥配置中,项目名称是service,但您的env var项目名称是admin。

解决方案:

  • 确保passw0rd是真正的pw:服务帐户
  • 改变一瞥conf以改为使用管理项目
相关问题
最新问题