glance storage init pod throwing unaothorized error
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openstack-helm |
Invalid
|
Undecided
|
Unassigned |
Bug Description
output of openstack-
++ openstack domain create --or-show --enable -f value -c id '--description=
+ PROJECT_
+ openstack domain show default
+------
| Field | Value |
+------
| description | The default domain |
| enabled | True |
| id | default |
| name | Default |
| tags | [] |
+------
+ USER_PROJECT_
++ openstack project create --or-show --enable -f value -c id --domain=default '--description=
+ USER_PROJECT_
+ openstack project show c27a05211aa84a8
+------
| Field | Value |
+------
| description | Service Project for RegionOne/default |
| domain_id | default |
| enabled | True |
| id | c27a05211aa84a8
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+------
++ openstack domain create --or-show --enable -f value -c id '--description=
+ USER_DOMAIN_
+ openstack domain show default
+------
| Field | Value |
+------
| description | The default domain |
| enabled | True |
| id | default |
| name | Default |
| tags | [] |
+------
+ USER_DESC='Service User for RegionOne/
++ openstack user create --or-show --enable -f value -c id --domain=default --project-
+ USER_ID=
+ openstack user set --password=dummy 77302c5908594e9
+ openstack user show 77302c5908594e9
+------
| Field | Value |
+------
| default_project_id | c27a05211aa84a8
| description | Service User for RegionOne/
| domain_id | default |
| enabled | True |
| id | 77302c5908594e9
| name | swift |
| options | {} |
| password_expires_at | 2018-11-
+------
+ IFS=,
+ for SERVICE_OS_ROLE in '${SERVICE_
+ ks_assign_user_role
++ openstack role create --or-show -f value -c id admin
+ USER_ROLE_
+ openstack role add --user=
+ openstack role assignment list --role=
+------
| Role | User | Group | Project | Domain | Inherited |
+------
| ca78e5b86f8b482
+------
+ : member
++ openstack role create --or-show -f value -c id member
+ export USER_ROLE_
+ USER_ROLE_
+ ks_assign_user_role
++ openstack role create --or-show -f value -c id admin
+ USER_ROLE_
+ openstack role add --user=
+ openstack role assignment list --role=
+------
| Role | User | Group | Project | Domain | Inherited |
+------
| ca78e5b86f8b482
+------
When glance storage init pods hit curl command to swift endpoint. It gives unauthorized. Below is the log:
kubectl logs -n openstack glance-
+ '[' xswift == xrbd ']'
+ set -ex
+ '[' xswift == xpvc ']'
+ '[' xswift == xswift ']'
+ : internal
++ openstack token issue -f value -c id
+ OS_TOKEN=
++ openstack project show service -f value -c id
+ OS_PROJECT_
++ openstack endpoint list --service swift --interface internal -f value -c URL
++ awk -F '$' '{ print $1 }'
+ OS_SWIFT_
+ OS_SWIFT_
+ curl --fail -i -X POST http://
% Total % Received % Xferd Average Speed Time Time Time Current
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (22) The requested URL returned error: 401 Unauthorized
When I tried to generate token using swift credentials I see following issue:
The password is expired and needs to be changed for user: 77302c5908594e9
Changed in openstack-helm: | |
assignee: | nobody → Nowsheene Sayyad (nowsheene) |
This looks like an invalid keystone setting, or system clock misconfiguration.