glance client return error unless using '-A token' option

Using debug option:

glance --username=glance --password=pass --tenant=service_tenant --auth_url=http://192.168.100.25:5000/v2.0 -d index
Traceback (most recent call last):
  File "/usr/bin/glance", line 1056, in <module>
    result = command(options, args)
  File "/usr/bin/glance", line 63, in wrapper
    ret = func(*args, **kwargs)
  File "/usr/bin/glance", line 549, in images_index
    print_header=True)
  File "/usr/bin/glance", line 495, in _images_index
    images = client.get_images(**parameters)
  File "/usr/lib/python2.7/dist-packages/glance/client.py", line 60, in get_images
    res = self.do_request("GET", "/images", params=params)
  File "/usr/lib/python2.7/dist-packages/glance/common/client.py", line 58, in wrapped
    return func(self, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/glance/common/client.py", line 390, in do_request
    headers=headers)
  File "/usr/lib/python2.7/dist-packages/glance/common/client.py", line 75, in wrapped
    return func(self, method, url, body, headers)
  File "/usr/lib/python2.7/dist-packages/glance/common/client.py", line 445, in _do_request
    c = connection_type(url.hostname, url.port, **self.connect_kwargs)
TypeError: __init__() takes at least 6 arguments (3 given)

Hi Rafael,

This looks like an SSL-aware connection is being created by the glance client, but without the expected key_file, cert_file and ca_file parameters being set.

Are you deliberately using SSL for your interactions with the glance API service?

Check the URLs configured for glance in the keystone service catalog:

$ sudo grep image /etc/keystone/default_catalog.templates
catalog.RegionOne.image.publicURL = http://localhost:9292/v1
catalog.RegionOne.image.adminURL = http://localhost:9292/v1
catalog.RegionOne.image.internalURL = http://localhost:9292/v1
catalog.RegionOne.image.name = 'Image Service'

If you really intended to use SSL, then set the following environment variables:

$ export GLANCE_CLIENT_KEY_FILE=/path/to/key/file
$ export GLANCE_CLIENT_CERT_FILE=/path/to/cert/file
$ export GLANCE_CLIENT_CA_FILE=/path/to/ca/file

Cheers,
Eoghan

Hi Eoghan,

On my current testing environment I'm working under SSL configuration:

catalog.RegionOne.image.publicURL = https://192.168.99.101:445/v1
catalog.RegionOne.image.adminURL = http://192.168.100.22:9292/v1
catalog.RegionOne.image.internalURL = http://192.168.100.22:9292/v1
catalog.RegionOne.image.name = 'Image Service'

However SSL keys aren't properly set(and under this testing environment I can't set it properly), so I'm trying --insecure option, which should ignore SSL keys. However I'm still getting the same error.

Bye

Hi Rafael,

As things stand, the --insecure option only frees up the glance client from validating the glance server's certificate.

The code is structured in such a way athat cert and key files are still currently required so that the client can authtenicate itself to the server.

So it seems we have two related issues:

- missing cert/key files should be handled more gracefully than an error indicating an unexpected number of args passed to __init__() on an internal implementation class

- a completely auth-free mode should be supported, such that the client is not obligated to authenticate itself to the server-side

I'm working on a patch.

Cheers,
Eoghan

Fix proposed to branch: master
Review: https://review.openstack.org/5238

Reviewed: https://review.openstack.org/5238
Committed: http://github.com/openstack/glance/commit/7125728d51adf0ded308f622913660f2d2ce2697
Submitter: Jenkins
Branch: master

commit 7125728d51adf0ded308f622913660f2d2ce2697
Author: Eoghan Glynn <email address hidden>
Date: Mon Mar 12 17:58:15 2012 +0000

    Refresh SSL cfg after parsing service catalog entry

    Fixes bug 949838

    Ensure connection kwargs are re-evaluated after the keystone service
    catalog publicURL for glance has been parsed for potential SSL usage.

    Otherwise the attempt to create a HTTPS connection will fail with
    missing __init__() args if the client is using auth-free SSL
    (i.e. is neither validating the server's cert, not authenticating
    itself to the server).

    Change-Id: I31c2083616297a64541cc6648d420e724baaf9f4