Glance installation does not appear to detect admin role

Bug #1641842 reported by Suman Saurabh on 2016-11-15
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Glance
Undecided
Unassigned

Bug Description

Issue seen on Openstack Newton on Ubuntu 16.04
openstack --debug image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
START with options: [u'--debug', u'image', u'create', u'cirros', u'--file', u'cirros-0.3.4-x86_64-disk.img', u'--disk-format', u'qcow2', u'--container-format', u'bare', u'--public']
options: Namespace(access_key='', access_secret='***', access_token='***', access_token_endpoint='', access_token_type='', auth_type='', auth_url='http://controller:35357/v3', authorization_code='', cacert=None, cert='', client_id='', client_secret='***', cloud='', consumer_key='', consumer_secret='***', debug=True, default_domain='default', default_domain_id='', default_domain_name='', deferred_help=False, discovery_endpoint='', domain_id='', domain_name='', endpoint='', identity_provider='', identity_provider_url='', insecure=None, interface='', key='', log_file=None, old_profile=None, openid_scope='', os_beta_command=False, os_compute_api_version='', os_identity_api_version='3', os_image_api_version='2', os_network_api_version='', os_object_api_version='', os_project_id=None, os_project_name=None, os_volume_api_version='', passcode='', password='***', profile=None, project_domain_id='', project_domain_name='default', project_id='', project_name='admin', protocol='', redirect_uri='', region_name='', timing=False, token='***', trust_id='', url='', user_domain_id='', user_domain_name='default', user_id='', username='admin', verbose_level=3, verify=None)
Auth plugin password selected
auth_config_hook(): {'auth_type': 'password', 'beta_command': False, u'compute_api_version': u'2', 'key': None, u'database_api_version': u'1.0', u'interface': None, 'auth_url': 'http://controller:35357/v3', u'network_api_version': u'2', u'image_format': u'qcow2', 'networks': [], u'image_api_version': '2', 'verify': True, u'dns_api_version': u'2', u'object_store_api_version': u'1', 'username': 'admin', 'verbose_level': 3, 'region_name': '', 'api_timeout': None, u'baremetal_api_version': u'1', 'auth': {'user_domain_name': 'default', 'project_name': 'admin', 'project_domain_name': 'default'}, 'default_domain': 'default', 'debug': True, u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', u'orchestration_api_version': u'1', 'timing': False, 'password': 'smn@1234', 'cacert': None, u'key_manager_api_version': u'v1', u'metering_api_version': u'2', 'deferred_help': False, u'identity_api_version': '3', u'volume_api_version': u'2', 'cert': None, u'secgroup_source': u'neutron', u'container_api_version': u'1', u'disable_vendor_agent': {}}
defaults: {u'auth_type': 'password', u'compute_api_version': u'2', 'key': None, u'database_api_version': u'1.0', 'api_timeout': None, u'baremetal_api_version': u'1', u'image_api_version': u'2', 'cacert': None, u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', u'orchestration_api_version': u'1', u'interface': None, u'network_api_version': u'2', u'image_format': u'qcow2', u'key_manager_api_version': u'v1', u'metering_api_version': u'2', 'verify': True, u'identity_api_version': u'2.0', u'volume_api_version': u'2', 'cert': None, u'secgroup_source': u'neutron', u'container_api_version': u'1', u'dns_api_version': u'2', u'object_store_api_version': u'1', u'disable_vendor_agent': {}}
cloud cfg: {'auth_type': 'password', 'beta_command': False, u'compute_api_version': u'2', u'orchestration_api_version': u'1', u'database_api_version': u'1.0', 'timing': False, 'auth_url': 'http://controller:35357/v3', u'network_api_version': u'2', u'image_format': u'qcow2', 'networks': [], u'image_api_version': '2', 'verify': True, u'dns_api_version': u'2', u'object_store_api_version': u'1', 'username': 'admin', 'verbose_level': 3, 'region_name': '', 'api_timeout': None, u'baremetal_api_version': u'1', 'auth': {'username': 'admin', 'project_name': 'admin', 'user_domain_name': 'default', 'auth_url': 'http://controller:35357/v3', 'password': '***', 'project_domain_name': 'default'}, 'default_domain': 'default', u'container_api_version': u'1', u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', 'key': None, u'interface': None, 'password': '***', 'cacert': None, u'key_manager_api_version': u'v1', u'metering_api_version': u'2', 'deferred_help': False, u'identity_api_version': '3', u'volume_api_version': u'2', 'cert': None, u'secgroup_source': u'neutron', 'debug': True, u'disable_vendor_agent': {}}
compute API version 2, cmd group openstack.compute.v2
network API version 2, cmd group openstack.network.v2
image API version 2, cmd group openstack.image.v2
volume API version 2, cmd group openstack.volume.v2
identity API version 3, cmd group openstack.identity.v3
object_store API version 1, cmd group openstack.object_store.v1
neutronclient API version 2, cmd group openstack.neutronclient.v2
Auth plugin password selected
auth_config_hook(): {'auth_type': 'password', 'beta_command': False, u'compute_api_version': u'2', 'key': None, u'database_api_version': u'1.0', u'interface': None, 'auth_url': 'http://controller:35357/v3', u'network_api_version': u'2', u'image_format': u'qcow2', 'networks': [], u'image_api_version': '2', 'verify': True, u'dns_api_version': u'2', u'object_store_api_version': u'1', 'username': 'admin', 'verbose_level': 3, 'region_name': '', 'api_timeout': None, u'baremetal_api_version': u'1', 'auth': {'user_domain_name': 'default', 'project_name': 'admin', 'project_domain_name': 'default'}, 'default_domain': 'default', 'debug': True, u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', u'orchestration_api_version': u'1', 'timing': False, 'password': 'smn@1234', 'cacert': None, u'key_manager_api_version': u'v1', u'metering_api_version': u'2', 'deferred_help': False, u'identity_api_version': '3', u'volume_api_version': u'2', 'cert': None, u'secgroup_source': u'neutron', u'container_api_version': u'1', u'disable_vendor_agent': {}}
command: image create -> openstackclient.image.v2.image.CreateImage
Using auth plugin: password
Using parameters {'username': 'admin', 'project_name': 'admin', 'user_domain_name': 'default', 'auth_url': 'http://controller:35357/v3', 'password': '***', 'project_domain_name': 'default'}
Get auth_ref
REQ: curl -g -i -X GET http://controller:35357/v3 -H "Accept: application/json" -H "User-Agent: osc-lib keystoneauth1/2.12.1 python-requests/2.10.0 CPython/2.7.12"
Starting new HTTP connection (1): controller
"GET /v3 HTTP/1.1" 200 250
RESP: [200] Date: Tue, 15 Nov 2016 06:46:10 GMT Server: Apache/2.4.18 (Ubuntu) Vary: X-Auth-Token X-Distribution: Ubuntu x-openstack-request-id: req-50e79ca7-6a33-40b5-acea-a6247c8d307b Content-Length: 250 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/json
RESP BODY: {"version": {"status": "stable", "updated": "2016-10-06T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.7", "links": [{"href": "http://controller:35357/v3/", "rel": "self"}]}}

Making authentication request to http://controller:35357/v3/auth/tokens
"POST /v3/auth/tokens HTTP/1.1" 201 1611
{"token": {"is_domain": false, "methods": ["password"], "roles": [{"id": "7479f742d51d4755810dab5bebec4ef8", "name": "admin"}], "expires_at": "2016-11-15T07:46:10.000000Z", "project": {"domain": {"id": "default", "name": "Default"}, "id": "c3620ddd457a4f0689bcf92f2d95b004", "name": "admin"}, "catalog": [{"endpoints": [{"url": "http://controller:35357/v3/", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "007b4890076445f0a26bfdf7e049f104"}, {"url": "http://controller:5000/v3/", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "133a98919e7e457587c55975c17fb003"}, {"url": "http://controller:35357/v3/", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "6c2497ad76fd40f28487195e8070a9f1"}], "type": "identity", "id": "48fe0e2efece441d831ca68c63380ce2", "name": "keystone"}, {"endpoints": [{"url": "http://controller:9292", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "10725b92ff7d4467ac44aaf059d4aa2e"}, {"url": "http://controller:9292", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "28cebbbba2174d71882b02493e5f37f3"}, {"url": "http://controller:9292", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "39c0cb24746d4ec59ffd21bb5a76c7fc"}], "type": "image", "id": "f418f7859272464bb475ec87c17ea8f9", "name": "glance"}], "user": {"domain": {"id": "default", "name": "Default"}, "id": "d8ee4c114ec741ecaf3cd744ea12f394", "name": "admin"}, "audit_ids": ["Ovr_Q89hR4e5wD_V4ytWDg"], "issued_at": "2016-11-15T06:46:10.000000Z"}}
run(Namespace(checksum=None, columns=[], container_format=u'bare', copy_from=None, disk_format=u'qcow2', file=u'cirros-0.3.4-x86_64-disk.img', force=False, formatter='table', id=None, location=None, max_width=0, min_disk=None, min_ram=None, name=u'cirros', noindent=False, owner=None, prefix='', private=False, project=None, project_domain=None, properties=None, protected=False, public=True, size=None, store=None, tags=None, unprotected=False, variables=[], volume=None))
Instantiating identity client: <class 'keystoneclient.v3.client.Client'>
Instantiating image client: <class 'glanceclient.v2.client.Client'>
Making authentication request to http://controller:35357/v3/auth/tokens
"POST /v3/auth/tokens HTTP/1.1" 201 1611
{"token": {"is_domain": false, "methods": ["password"], "roles": [{"id": "7479f742d51d4755810dab5bebec4ef8", "name": "admin"}], "expires_at": "2016-11-15T07:46:10.000000Z", "project": {"domain": {"id": "default", "name": "Default"}, "id": "c3620ddd457a4f0689bcf92f2d95b004", "name": "admin"}, "catalog": [{"endpoints": [{"url": "http://controller:35357/v3/", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "007b4890076445f0a26bfdf7e049f104"}, {"url": "http://controller:5000/v3/", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "133a98919e7e457587c55975c17fb003"}, {"url": "http://controller:35357/v3/", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "6c2497ad76fd40f28487195e8070a9f1"}], "type": "identity", "id": "48fe0e2efece441d831ca68c63380ce2", "name": "keystone"}, {"endpoints": [{"url": "http://controller:9292", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "10725b92ff7d4467ac44aaf059d4aa2e"}, {"url": "http://controller:9292", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "28cebbbba2174d71882b02493e5f37f3"}, {"url": "http://controller:9292", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "39c0cb24746d4ec59ffd21bb5a76c7fc"}], "type": "image", "id": "f418f7859272464bb475ec87c17ea8f9", "name": "glance"}], "user": {"domain": {"id": "default", "name": "Default"}, "id": "d8ee4c114ec741ecaf3cd744ea12f394", "name": "admin"}, "audit_ids": ["IIlsceaOQ-WZ1YWT_acQug"], "issued_at": "2016-11-15T06:46:10.000000Z"}}
Instantiating image api: <class 'openstackclient.api.image_v2.APIv2'>
curl -g -i -X GET -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'User-Agent: python-glanceclient' -H 'Connection: keep-alive' -H 'X-Auth-Token: {SHA1}a6b0b7b06308d28b20fdd67fa58cf528a2fef34e' -H 'Content-Type: application/octet-stream' http://controller:9292/v2/schemas/image
Starting new HTTP connection (1): controller
"GET /v2/schemas/image HTTP/1.1" 200 4149
GET call to glance-api for http://controller:9292/v2/schemas/image used request id req-8e193531-8cf3-4667-97dd-8a2a6d578d0a

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 4149
X-Openstack-Request-Id: req-8e193531-8cf3-4667-97dd-8a2a6d578d0a
Date: Tue, 15 Nov 2016 06:46:10 GMT
Connection: keep-alive

{"additionalProperties": {"type": "string"}, "name": "image", "links": [{"href": "{self}", "rel": "self"}, {"href": "{file}", "rel": "enclosure"}, {"href": "{schema}", "rel": "describedby"}], "properties": {"status": {"readOnly": true, "enum": ["queued", "saving", "active", "killed", "deleted", "pending_delete", "deactivated"], "type": "string", "description": "Status of the image"}, "tags": {"items": {"type": "string", "maxLength": 255}, "type": "array", "description": "List of strings related to the image"}, "kernel_id": {"pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$", "type": ["null", "string"], "description": "ID of image stored in Glance that should be used as the kernel when booting an AMI-style image.", "is_base": false}, "container_format": {"enum": [null, "ami", "ari", "aki", "bare", "ovf", "ova", "docker"], "type": ["null", "string"], "description": "Format of the container"}, "min_ram": {"type": "integer", "description": "Amount of ram (in MB) required to boot image."}, "ramdisk_id": {"pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$", "type": ["null", "string"], "description": "ID of image stored in Glance that should be used as the ramdisk when booting an AMI-style image.", "is_base": false}, "locations": {"items": {"required": ["url", "metadata"], "type": "object", "properties": {"url": {"type": "string", "maxLength": 255}, "metadata": {"type": "object"}}}, "type": "array", "description": "A set of URLs to access the image file kept in external store"}, "visibility": {"enum": ["public", "private"], "type": "string", "description": "Scope of image accessibility"}, "updated_at": {"readOnly": true, "type": "string", "description": "Date and time of the last image modification"}, "owner": {"type": ["null", "string"], "description": "Owner of the image", "maxLength": 255}, "file": {"readOnly": true, "type": "string", "description": "An image file url"}, "min_disk": {"type": "integer", "description": "Amount of disk space (in GB) required to boot image."}, "virtual_size": {"readOnly": true, "type": ["null", "integer"], "description": "Virtual size of image in bytes"}, "id": {"pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$", "type": "string", "description": "An identifier for the image"}, "size": {"readOnly": true, "type": ["null", "integer"], "description": "Size of image file in bytes"}, "instance_uuid": {"type": "string", "description": "Metadata which can be used to record which instance this image is associated with. (Informational only, does not create an instance snapshot.)", "is_base": false}, "os_distro": {"type": "string", "description": "Common name of operating system distribution as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html", "is_base": false}, "name": {"type": ["null", "string"], "description": "Descriptive name for the image", "maxLength": 255}, "checksum": {"readOnly": true, "type": ["null", "string"], "description": "md5 hash of image contents.", "maxLength": 32}, "created_at": {"readOnly": true, "type": "string", "description": "Date and time of image registration"}, "disk_format": {"enum": [null, "ami", "ari", "aki", "vhd", "vhdx", "vmdk", "raw", "qcow2", "vdi", "iso", "root-tar"], "type": ["null", "string"], "description": "Format of the disk"}, "os_version": {"type": "string", "description": "Operating system version as specified by the distributor", "is_base": false}, "protected": {"type": "boolean", "description": "If true, image will not be deletable."}, "architecture": {"type": "string", "description": "Operating system architecture as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html", "is_base": false}, "direct_url": {"readOnly": true, "type": "string", "description": "URL to access the image file kept in external store"}, "self": {"readOnly": true, "type": "string", "description": "An image self url"}, "schema": {"readOnly": true, "type": "string", "description": "An image schema url"}}}

curl -g -i -X POST -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'User-Agent: python-glanceclient' -H 'Connection: keep-alive' -H 'X-Auth-Token: {SHA1}a6b0b7b06308d28b20fdd67fa58cf528a2fef34e' -H 'Content-Type: application/json' -d '{"container_format": "bare", "disk_format": "qcow2", "name": "cirros", "visibility": "public"}' http://controller:9292/v2/images
"POST /v2/images HTTP/1.1" 403 78
POST call to glance-api for http://controller:9292/v2/images used request id req-8fdf2716-f4a1-49ea-956e-76d2e1068e0b
Request returned failure status 403.
403 Forbidden
You are not authorized to complete publicize_image action.
    (HTTP 403)
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 387, in run_subcommand
    result = cmd.run(parsed_args)
  File "/usr/lib/python2.7/dist-packages/osc_lib/command/command.py", line 41, in run
    return super(Command, self).run(parsed_args)
  File "/usr/lib/python2.7/dist-packages/cliff/display.py", line 100, in run
    column_names, data = self.take_action(parsed_args)
  File "/usr/lib/python2.7/dist-packages/openstackclient/image/v2/image.py", line 336, in take_action
    image = image_client.images.create(**kwargs)
  File "/usr/lib/python2.7/dist-packages/glanceclient/v2/images.py", line 235, in create
    resp, body = self.http_client.post(url, data=image)
  File "/usr/lib/python2.7/dist-packages/glanceclient/common/http.py", line 290, in post
    return self._request('POST', url, **kwargs)
  File "/usr/lib/python2.7/dist-packages/glanceclient/common/http.py", line 279, in _request
    resp, body_iter = self._handle_response(resp)
  File "/usr/lib/python2.7/dist-packages/glanceclient/common/http.py", line 107, in _handle_response
    raise exc.from_response(resp, resp.content)
HTTPForbidden: 403 Forbidden
You are not authorized to complete publicize_image action.
    (HTTP 403)
clean_up CreateImage: 403 Forbidden
You are not authorized to complete publicize_image action.
    (HTTP 403)
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/osc_lib/shell.py", line 135, in run
    ret_val = super(OpenStackShell, self).run(argv)
  File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 267, in run
    result = self.run_subcommand(remainder)
  File "/usr/lib/python2.7/dist-packages/osc_lib/shell.py", line 180, in run_subcommand
    ret_value = super(OpenStackShell, self).run_subcommand(argv)
  File "/usr/lib/python2.7/dist-packages/cliff/app.py", line 387, in run_subcommand
    result = cmd.run(parsed_args)
  File "/usr/lib/python2.7/dist-packages/osc_lib/command/command.py", line 41, in run
    return super(Command, self).run(parsed_args)
  File "/usr/lib/python2.7/dist-packages/cliff/display.py", line 100, in run
    column_names, data = self.take_action(parsed_args)
  File "/usr/lib/python2.7/dist-packages/openstackclient/image/v2/image.py", line 336, in take_action
    image = image_client.images.create(**kwargs)
  File "/usr/lib/python2.7/dist-packages/glanceclient/v2/images.py", line 235, in create
    resp, body = self.http_client.post(url, data=image)
  File "/usr/lib/python2.7/dist-packages/glanceclient/common/http.py", line 290, in post
    return self._request('POST', url, **kwargs)
  File "/usr/lib/python2.7/dist-packages/glanceclient/common/http.py", line 279, in _request
    resp, body_iter = self._handle_response(resp)
  File "/usr/lib/python2.7/dist-packages/glanceclient/common/http.py", line 107, in _handle_response
    raise exc.from_response(resp, resp.content)
HTTPForbidden: 403 Forbidden
You are not authorized to complete publicize_image action.
    (HTTP 403)

END return value: 1

affects: openstack-manuals → glance
Trent Lloyd (lathiat) on 2019-03-12
Changed in glance:
status: New → Incomplete
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers