I have set up Openstack 4.0.2 (Train release). I'm trying to provide APIs to my client for building a web application. Everything works on the command line as well as on Horizon Dashboard. However, through API right from the token generation to flavor creation, server (VM) creation works except for Image Upload!
Below is the cURL command for Token Generation:
export TOKEN=`curl --silent -X POST -H "Content-Type: application/json" -d '{ "auth": { "identity": { "methods": ["password"], "password": { "user": { "name": "admin", "domain": { "id": "default" }, "password": "MYPASS123" } } }, "scope": { "project": { "name": "admin", "domain": { "id": "default" } } } } }' -i "http://controller:5000/v3/auth/tokens" | grep X-Subject-Token | cut -d ":" -f 2`
The token is generated based on project scope.
echo $TOKEN
gAAAAABh1tudXXtt............3J-1E3KCMR7tlq-gacOmo8
Below is the cURL command to create an Image
curl -X POST -s http://controller:8774/v2.1/servers -d '{"server": { "name": "API1", "imageRef":"a62daa1b-2fba-47ad-8008-538cd88f306c", "flavorRef":"54eb939a-a39a-40ae-b50c-ed69b9f565ba ", "OS-DCF:diskConfig": "AUTO", "security_groups": [ { "name": "sg2" } ], "networks": [ { "uuid": "1c4d7023-4d3e-4d4a-aacc-deba1e9f9b98" } ], "user_data":" I2Nsb3VkLWNvbmZpZwpwYXNzd29yZDogY2VudG9zCmNocGFzc3dkOiB7IGV4cGlyZTogRmFsc2UgfQpzc2hfcHdhdXRoOiBUcnVlCgo=" }}' -H "Content-Type: application/json" -H "X-Auth-Token: $TOKEN" | python -m json.tool
glance-api.log
2022-01-05 14:08:09.687 26227 DEBUG eventlet.wsgi.server [-] (26227) accepted ('controller', 53108) server /usr/lib/python2.7/site-packages/eventlet/wsgi.py:985
2022-01-05 14:08:09.695 26227 DEBUG glance.api.middleware.version_negotiation [-] Determining version of request: GET /v2/images Accept: */* process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:45
2022-01-05 14:08:09.697 26227 DEBUG glance.api.middleware.version_negotiation [-] Using url versioning process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:57
2022-01-05 14:08:09.699 26227 DEBUG glance.api.middleware.version_negotiation [-] Matched version: v2 process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:69
2022-01-05 14:08:09.700 26227 DEBUG glance.api.middleware.version_negotiation [-] new path /v2/images process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:70
2022-01-05 14:08:11.592 26227 WARNING keystonemiddleware.auth_token [-] Authorization failed for token: InvalidToken: Token authorization failed
Keystone.log
2022-01-05 14:08:11.584 492 WARNING keystone.server.flask.application [req-cecd6824-2faf-453b-8772-e2d0f67573c5 ba62aab1541c47fe8c59aeecb82c71d1 4d2a479d2d544c0c994bf55405f83d64 - default default] Could not recognize Fernet token: TokenNotFound: Could not recognize Fernet token
keystone.conf
[cache]
memcache_servers = controller:11211
[database]
connection = mysql+pymysql://keystone:MYPASS123@controller/keystone
[token]
provider = fernet
glance-api.conf
[DEFAULT]
bind_host = 0.0.0.0
[database]
connection = mysql+pymysql://glance:glancepass123@controller/glance
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance123
[paste_deploy]
flavor = keystone
glance policy.json
{
"context_is_admin": "role:admin",
"default": "role:admin",
"add_image": "role:admin",
"delete_image": "role:admin",
"get_image": "",
"get_images": "",
"modify_image": "",
"publicize_image": "role:admin",
"communitize_image": "",
"copy_from": "",
"download_image": "",
"upload_image": "role:admin",
"delete_image_location": "",
"get_image_location": "",
"set_image_location": "",
"add_member": "",
"delete_member": "",
"get_member": "",
"get_members": "",
"modify_member": "",
"manage_image_cache": "role:admin",
"get_task": "",
"get_tasks": "",
"add_task": "",
"modify_task": "",
"tasks_api_access": "role:admin",
"deactivate": "",
"reactivate": "",
"get_metadef_namespace": "",
"get_metadef_namespaces":"",
"modify_metadef_namespace":"",
"add_metadef_namespace":"",
"get_metadef_object":"",
"get_metadef_objects":"",
"modify_metadef_object":"",
"add_metadef_object":"",
"list_metadef_resource_types":"",
"get_metadef_resource_type":"",
"add_metadef_resource_type_association":"",
"get_metadef_property":"",
"get_metadef_properties":"",
"modify_metadef_property":"",
"add_metadef_property":"",
"get_metadef_tag":"",
"get_metadef_tags":"",
"modify_metadef_tag":"",
"add_metadef_tag":"",
"add_metadef_tags":""
}
Openstack role assignment list:
[root@controller glance]# openstack role assignment list --names --role admin
+-------+-----------------------+-------+-----------------+---------+--------+-----------+
| Role | User | Group | Project | Domain | System | Inherited |
+-------+-----------------------+-------+-----------------+---------+--------+-----------+
| admin | neutron@Default | | service@Default | | | False |
| admin | cinder@Default | | service@Default | | | False |
| admin | admin@Default | | admin@Default | | | False |
| admin | placement@Default | | service@Default | | | False |
| admin | glance@Default | | service@Default | | | False |
| admin | glance@Default | | admin@Default | | | False |
| admin | nova@Default | | service@Default | | | False |
| admin | demouser@Default | | admin@Default | | | False |
| admin | admin@Default | | | | all | False |
+-------+-----------------------+-------+-----------------+---------+--------+-----------+
Please help me to figure out what am I missing? Thanks in advance
