- Who we are
- What we know
- What we've created
- Hints and Kinks
- Checking Corosync cluster membership
- Configuring radosgw to behave like Amazon S3
- Downgrading to DRBD 8.3
- Fencing in Libvirt/KVM virtualized cluster nodes
- Fencing in VMware virtualized Pacemaker nodes
- GFS2 in Pacemaker (Debian/Ubuntu)
- Interleaving in Pacemaker clones
- Maintenance in active Pacemaker clusters
- Managing cron jobs with Pacemaker
- Mandatory and advisory ordering in Pacemaker
- Migrating virtual machines from block-based storage to RADOS/Ceph
- Network connectivity check in Pacemaker
- OCFS2 in Pacemaker (Debian/Ubuntu)
- Solid-state drives and Ceph OSD journals
- Solve a DRBD split-brain in 4 steps
- Testing Pacemaker clusters
- Totem "Retransmit List" in Corosync
- Turning Ceph RBD Images into SAN Storage Devices
- Which OSD stores a specific RADOS object?
- Presentations
- Ceph Tutorial (LCA 2013)
- Ceph: The Storage Stack for OpenStack (OpenStack Israel 2013)
- Die eigene Cloud mit OpenStack Essex (German, LinuxTag 2012)
- Fencing (LCE 2011)
- GlusterFS in HA Clusters (LCEU 2012)
- GlusterFS und Ceph (German, CeBIT 2012)
- Hands-On With Ceph (LCEU 2012)
- High Availability Update (OpenStack Summit Fall 2012)
- High Availability in OpenStack (CloudOpen 2012)
- High Availability in OpenStack (OpenStack Conference Spring 2012)
- Highly Available Cloud: Pacemaker integration with OpenStack (OSCON 2012)
- Mit OpenStack zur eigenen Cloud (German, CLT 2012)
- Mit OpenStack zur eigenen Cloud (German, OSDC 2012)
- More Reliable, More Resilient, More Redundant (OpenStack Summit April 2013)
- MySQL HA Deep Dive (MySQL Conference 2012)
- MySQL High Availability Deep Dive (PLUK 2012)
- MySQL High Availability Sprint (PLUK 2011)
- OpenStack Essex im Praxistest (German, Linuxwochen Wien 2012)
- OpenStack High Availability Update (Grizzly and Havana)
- Roll Your Own Cloud (LCA 2011)
- Storage Replication in HPHA (LCA 2012)
- Zen of Pacemaker (LCA 2012)
- hastexo in 100 Seconds
- Technical documentation
- News releases
- Hints and Kinks
- What we do
- What we charge
- What others say
Click to Enlarge
Disclaimer
Please note: this information is provided on an as-is basis, without warranty of any kind, to the extent permitted by applicable law. Use at your own discretion.
Step 4: Install and configure Glance
The next step on our way to OpenStack is its Image Service, codenamed Glance. First, install the packages necessary for it:
apt-get install glance glance-api glance-client glance-common glance-registry python-glance
When that is done, open /etc/glance/glance-api-paste.ini in an editor and scroll down to the end of the document. You'll see these three lines at its very end:
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%
Fill in values here appropriate for your setup. If you used the keystone_data.sh script from this site, then your admin_tenant_name will be service and your admin_user will be glance. admin_password is the password you defined for ADMIN_PASSWORD in keystone_data.sh, so use the same value here, too. In this example, we'll use hastexo.
After this, open /etc/glance/glance-registry-paste.ini and scroll to that file's end, too. Adapt it in the same way you adapted /etc/glance/glance-api-paste.ini earlier.
Please open /etc/glance/glance-registry.conf now and scroll down to the line starting with sql_connection. This is where we tell Glance to use MySQL; according to the MySQL configuration we created earlier, the sql_connection-line for this example would look like this:
sql_connection = mysql://glancedbadmin:ohC3teiv@10.42.0.6/glance
It's important to use the machine's actual IP in this example and not 127.0.0.1! After this, scroll down until the end of the document and add these two lines:
[paste_deploy]
flavor = keystone
These two lines instruct the Glance Registry to use Keystone for authentication, which is what we want. Now we need to do the same for the Glance API. Open /etc/glance/glance-api.conf and add these two lines at the end of the document:
[paste_deploy]
flavor = keystone
Afterwards, you need to initially synchronize the Glance database by running these commands:
glance-manage version_control 0
glance-manage db_sync
It's time to restart Glance now:
service glance-api restart && service glance-registry restart
Now what's the best method to verify that Glance is working as expected? The glance command line utilty can do that for us, but to work properly, it needs to know how we want to authenticate ourselves to Glance (and keystone, subsequently). This is a very good moment to define four environmental variables that we'll need continously when working with OpenStack: OS_TENANT_NAME, OS_USERNAME, OS_PASSWORD and OS_AUTH_URL. Here's what they should look like in our example scenario:
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=hastexo
export OS_AUTH_URL="http://localhost:5000/v2.0/"
The first three entries are identical with what you inserted into Glance's API configuration files earlier and the entry for OS_AUTH_URL is mostly generic and should just work. After exporting these variables, you should be able to do
glance index
and get no output at all in return (but the return code will be 0; check with echo $?). If that's the case, Glance is setup correctly and properly connects with Keystone. Now let's add our first image!
We'll be using a Ubuntu UEC image for this. Download one:
wget http://uec-images.ubuntu.com/releases/12.04/release/ubuntu-12.04-server-cloudimg-amd64-disk1.img
Then add this image to Glance:
glance add name="Ubuntu 12.04 cloudimg amd64" is_public=true container_format=ovf disk_format=qcow2 < ubuntu-12.04-server-cloudimg-amd64-disk1.img
After this, if you do
glance index
once more, you should be seeing the freshly added image.
Comments
Response from Keystone does not contain a Glance endpoint.
Greetings! Nice tutorial! Been following it without any issues. However, when I just ran "glance index" I am getting the below error. Any help in pointing me in the rigth direction to troubleshoot what I might have missed would be much appreciated :)
Failed to show index. Got error:
Response from Keystone does not contain a Glance endpoint.
Solved...
Ok - I solved my own problem. In the previous step when running endpoints.sh I mistakenly edited the script to adjust the mysql settings. Restoring to the original script solved the problem leaving everythign intact simply passing options via the command line as described solved the problem.
pipeline:glance-registry-keystone vs pipeline:glance-registry
in the file /etc/glance/glance-registry-paste.ini : section pipeline:glance-registry-keystone
here ar emy 2 question based on http://docs.openstack.org/essex/openstack-compute/install/apt/content/configure-glance-files.html
1. do we need an other section : pipeline:glance-registry ?
2. do we need to add auth-context as well?
glance index "Got error" result
After executing every steps up to export, when I run "glance index" I get the following error:
"Failed to show index. Got error:
The request returned 503 Service Unavilable. This generally occurs on service overload or other transient outage.
"tenant name, username and password are all correct.db is synced too. Please help me.
503
I'm having the same issue.
curl gives Unauthorised error
When I issue the below command
curl -d '{"auth": {"tenantName": "admin", "passwordCredentials":{"username": "admin", "password": "hastexo"}}}' -H "Content-type: application/json" http://10.114.10.26:35357/v2.0/tokens
to get a token, I get an error:
Your credentials could not be authenticated: "Credentials are missing.". You will not be permitted access until your credentials can be verified.
Can you please let me know how to fix this? I want to get a token in order to invoke the openstack APIs remotely.
hey martin... i have done
hey martin...
i have done everything exactly the same way mention in your document but whenever i run glass index i get "Failed to show index. Got error:
You are not authenticated."
the only thing i have changed is the ip address.
i have repeated the steps three times to find the mistake iam makin but i cunt find.
Hope you can help me out.
thanx in advance
check auth
You may have used the wrong 'export' values. If you followed the tutorial you used 'service' for the tenant, and 'glance' for the user, not 'admin' and 'admin' per the export part. Use the same export value as glance-registry-paste.ini, also if you ran the export as root and you are using sudo, you need to export the values under the regular user as well.
glance-manage db_sync error "Table 'images' already exists"
All went well until I tried `glance-manage db_sync` :-)
Any idea whether there is an issue or whether the script needs changing to check whether the table already exists. The exact error I have is:
sqlalchemy.exc.OperationalError: (OperationalError) (1050, "Table 'images' already exists") '\nCREATE TABLE images (\n\tid INTEGER NOT NULL AUTO_INCREMENT, \n\tname VARCHAR(255), \n\ttype VARCHAR(30), \n\tsize INTEGER, \n\tstatus VARCHAR(30) NOT NULL, \n\tis_public BOOL NOT NULL, \n\tlocation TEXT, \n\tcreated_at DATETIME NOT NULL, \n\tupdated_at DATETIME, \n\tdeleted_at DATETIME, \n\tdeleted BOOL NOT NULL, \n\tPRIMARY KEY (id), \n\tCHECK (is_public IN (0, 1)), \n\tCHECK (deleted IN (0, 1))\n)ENGINE=InnoDB\n\n' ()
be careful about the cloud image!!!
If you are using i386 machine like me, then download ubuntu-12.04-server-cloudimg-i386-disk1.img. I've spent a week to try figure out why ssh always returned "no route to host". The "nova boot" won't tell you it doesn't like the amd64 image and the instance is not really alive.
wget http://uec-images.ubuntu.com/releases/12.04/release/ubuntu-12.04-server-...
Regards,
David
ClientConnectionError
Hey, thanks for your post.
I did try to follow the instruction given in openstack manual which is quite similar to your. I encounter this error please kindly help me find a solution to it.
After running glance index:
File "/usr/lib/python2.7/dist-packages/glance/common/client.py", line 557, in _do_request
raise exception. clientconnectionError(e)
details. [Errono 111] econnrefused.
glance index returns 401,503
I followed the steps word by word so far and got no errors till I run
$ sudo glance index
Failed to show index. Got error:You are not authenticated.Details: 401 UnauthorizedThis server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.
My host machine is 10.66.67.111From : glance/api.log
Authentication required 2012-05-07 16:11:38 18210 WARNING [keystone.middleware.auth_token] Unable to find authentication token in headers: {'SCRIPT_NAME': '/v1', 'webob.adhoc_attrs': {'response': <Response at 0x2b0edd0 200 OK>}, 'REQUEST_METHOD': 'GET', 'PATH_INFO': '/images', 'SERVER_PROTOCOL': 'HTTP/1.0', 'QUERY_STRING': 'limit=10', 'eventlet.posthooks': [], 'SERVER_NAME': '127.0.0.1', 'REMOTE_ADDR': '127.0.0.1', 'eventlet.input': <eventlet.wsgi.Input object at 0x2b0e990>, 'wsgi.url_scheme': 'http', 'api.major_version': 1, 'SERVER_PORT': '9292', 'api.minor_version': 0, 'wsgi.input': <eventlet.wsgi.Input object at 0x2b0e990>, 'HTTP_HOST': '0.0.0.0:9292', 'wsgi.multithread': True, 'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once': False, 'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f6347ae4270>, 'wsgi.multiprocess': False, 'CONTENT_TYPE': 'text/plain', 'HTTP_ACCEPT_ENCODING': 'identity'}2012-05-07 16:11:38 18210 INFO [keystone.middleware.auth_token] Invalid user token - rejecting request
Can some one help please.
Thanks a lot.
A workaround for "glance index"
I got the same error. So, I tried an workaround for this..
# Try getting a new token from keystone. Use your configured user/password/tenant_name
# get the sqlite keystone.db location from /etc/keystone/keystone.conf
# Copy the token from the output above and run below command
# It works for me!
Please double-check that the
Please double-check that the token you entered in glance-api-paste.ini and glance-registry-paste.ini is identical to the admin token defined in keystone.conf :)
Please double-check that the
Hi Martin,
I did check , they are same and I still get 401. May be I am missing something else.
I have my files below. Apart from IP address I have not changed anything else. [All of my processes are running on same server].
Keystone.conf --> http://pastebin.com/4a7GxQwj
glance-registry-paste.ini --> http://pastebin.com/HuM4c6bP
glance-api-paste.ini --> http://pastebin.com/umYnuJcn
keystone_data.sh --> http://pastebin.com/FcGiJ1Pe
Log:- Changed ipaddress back to original.
2012-05-15 11:43:08 4937 WARNING [keystone.middleware.auth_token] Unable to find authentication token in headers: {'SCRIPT_NAME': '/v1', 'webob.adhoc_attrs': {'response': <Response at 0x3158e50 200 OK>}, 'REQUEST_METHOD': 'GET', 'PATH_INFO': '/images', 'SERVER_PROTOCOL': 'HTTP/1.0', 'QUERY_STRING': 'limit=10', 'eventlet.posthooks': [], 'SERVER_NAME': '127.0.0.1', 'REMOTE_ADDR': '127.0.0.1', 'eventlet.input': <eventlet.wsgi.Input object at 0x3158590>, 'wsgi.url_scheme': 'http', 'api.major_version': 1, 'SERVER_PORT': '9292', 'api.minor_version': 0, 'wsgi.input': <eventlet.wsgi.Input object at 0x3158590>, 'HTTP_HOST': '0.0.0.0:9292', 'wsgi.multithread': True, 'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once': False, 'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f816c34c270>, 'wsgi.multiprocess': False, 'CONTENT_TYPE': 'text/plain', 'HTTP_ACCEPT_ENCODING': 'identity'}2012-05-15 11:43:08 4937 INFO [keystone.middleware.auth_token] Invalid user token - rejecting request
Thanks a lot.
Arun
glance index returns 401,503
I used the script provided. keystone_data.sh.
so in glance-api-paste.ini file I have
admin_tenant_name=%admin%
admin_user=%admin%
admin_password=%hastexo%
From the file :
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_protocol = http
#service_host = 127.0.0.1
service_host = 10.66.67.111
service_port = 5000
#auth_host = 127.0.0.1
auth_host = 10.66.67.111
auth_port = 35357
auth_protocol = http
#auth_uri = http://127.0.0.1:5000/
auth_uri = http://10.66.67.111:5000/
admin_tenant_name = admin
admin_user = admin
admin_password = hastexo
Thanks
Arun
glance index returns 401,503
Are you sure you set the authentication token for keystone correctly in glance-registry-paste.ini and glance-api-paste.ini?
Glance index error
Hi Martin,
On running the glance index command after setting the OS_TENANT_NAME, OS_USERNAME, OS_PASSWORD & OS_AUTH_URL, I get the following error:
--------------------------------------------
Failed to show index. Got error:
You are not authenticated
Details: 401 Unauthorized
----------------------------------------------
I have run 'glance-manage version_control 0' 'glance-manage db_sync' prior to restatring the glance-api & glance-registry services. I have followed all the instructions with changes only in IP Addresses & passwords.
Links to the the conf files that I have edited are given below:
keystone.conf: http://pastebin.com/XEVsm2bH
keystone_data.sh: http://pastebin.com/DMc9u1KS
glance-api-paste.ini: http://pastebin.com/qj1puv1S
glance-api.conf: http://pastebin.com/rC6NEPHm
glance-registry-paste.ini: http://pastebin.com/xE2tWBBh
glance-registry.conf: http://pastebin.com/YJFFqZEY
Regards,
Roshan
Glance index error
Log file contents from /var/log/glace/api.log pasted @ http://pastebin.com/j5FRcfSi
glance-registry not running
Following the above instructions but glance registry not running.
From /var/log/glance/registry.log:
ERROR [glance.registry.db.api] (ProgrammingError) (1146, "Table 'glance.images' doesn't exist")
What creates this table?
I adopted the howto to
I adopted the howto to include these steps. They are:
This should get you going.
Martin
Works well. Thank you for
Works well. Thank you for the quick response.
glance-registry cannot run
root@790-2:~# service glance-registry startglance-registry start/running, process 2596root@790-2:~# ps -ef|grep glanceglance 969 1 0 17:11 ? 00:00:00 su -s /bin/sh -c exec glance-api glanceglance 1014 969 0 17:11 ? 00:00:00 /usr/bin/python /usr/bin/glance-apiroot 2674 1958 0 17:18 pts/1 00:00:00 grep --color=auto glanceroot@790-2:~# service glance-registry startglance-registry start/running, process 2678root@790-2:~# ps -ef|grep glanceglance 969 1 0 17:11 ? 00:00:00 su -s /bin/sh -c exec glance-api glanceglance 1014 969 0 17:11 ? 00:00:00 /usr/bin/python /usr/bin/glance-apiroot 2756 1958 0 17:18 pts/1 00:00:00 grep --color=auto glance
Can you retry after doing
Can you retry after doing this?
This should get you going.
Martin
glance-registry cannot run
Hi,
Please see the error below when i run the command..
deepa@ubuntu:/etc/keystone$ service glance-registry startstart: Rejected send message, 1 matched rules; type="method_call", sender=":1.45" (uid=1000 pid=20370 comm="start glance-registry ") interface="com.ubuntu.Upstart0_6.Job" member="Start" error name="(unset)" requested_reply="0" destination="com.ubuntu.Upstart" (uid=0 pid=1 comm="/sbin/init")deepa@ubuntu:/etc/keystone$
Pl help..
Glance index error..
Hi,
I have executed the same steps but when i run the glance index command i'm getting this below error.. Please help..
deepa@ubuntu:~$ sudo glance indexFailed to show index. Got error:You are not authenticated.Details: 401 Unauthorized
This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.
Authentication requireddeepa@ubuntu:~$
Can you retry after doing
Can you retry after doing this?
This should get you going.
Martin
glance index is wrong
I follow your stepes completely,but glance index's output is:
root@790-2:~# glance indexFailed to show index. Got error:The request returned 500 Internal Server Error
The response body:Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/eventlet/wsgi.py", line 336, in handle_one_response result = self.application(self.environ, start_response) File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 210, in call_func return self.func(req, *args, **kwargs) File "/usr/lib/python2.7/dist-packages/glance/common/wsgi.py", line 279, in __call__ response = req.get_response(self.application) File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1086, in get_response application, catch_exc_info=False) File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1055, in call_application app_iter = application(self.environ, start_response) File "/usr/lib/python2.7/dist-packages/keystone/middleware/auth_token.py", line 176, in __call__ return self.app(env, start_response) File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 210, in call_func return self.func(req, *args, **kwargs) File "/usr/lib/python2.7/dist-packages/glance/common/wsgi.py", line 279, in __call__ response = req.get_response(self.application) File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1086, in get_response application, catch_exc_info=False) File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1055, in call_application app_iter = application(self.environ, start_response) File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 159, in __call__ return resp(environ, start_response) File "/usr/lib/python2.7/dist-packages/routes/middleware.py", line 131, in __call__ response = self.app(environ, start_response) File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 159, in __call__ return resp(environ, start_response) File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in __call__ resp = self.call_func(req, *args, **self.kwargs) File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 210, in call_func return self.func(req, *args, **kwargs) File "/usr/lib/python2.7/dist-packages/glance/common/wsgi.py", line 477, in __call__ request, **action_args) File "/usr/lib/python2.7/dist-packages/glance/common/wsgi.py", line 494, in dispatch return method(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/glance/api/v1/images.py", line 134, in index images = registry.get_images_list(req.context, **params) File "/usr/lib/python2.7/dist-packages/glance/registry/__init__.py", line 129, in get_images_list return c.get_images(**kwargs) File "/usr/lib/python2.7/dist-packages/glance/registry/client.py", line 77, in get_images res = self.do_request("GET", "/images", params=params) File "/usr/lib/python2.7/dist-packages/glance/common/client.py", line 58, in wrapped return func(self, *args, **kwargs) File "/usr/lib/python2.7/dist-packages/glance/common/client.py", line 420, in do_request headers=headers) File "/usr/lib/python2.7/dist-packages/glance/common/client.py", line 75, in wrapped return func(self, method, url, body, headers) File "/usr/lib/python2.7/dist-packages/glance/common/client.py", line 557, in _do_request raise exception.ClientConnectionError(e)ClientConnectionError: There was an error connecting to a serverDetails: [Errno 111] ECONNREFUSED
How to resolve it? Thanks.
Can you retry after doing
Can you retry after doing this?
This should get you going.
Martin
Re: glance index is wrong
Hello there,
have you double-checked that glance-api and glance-registry (the daemons) are really running?
Best regards
Martin
Re..Glance index is wrong..
Hi Martin,
Using ps -A command i can see the glance-api is running but i could not see the glance-registry daemon.. When i run this run command "service glance-api restart && service glance-registry restart". Below is the output..
deepa@ubuntu:~$ sudo service glance-api restart && service glance-registry restartglance-api stop/waitingglance-api start/running, process 26706stop: Unknown instance:start: Rejected send message, 1 matched rules; type="method_call", sender=":1.44" (uid=1000 pid=26707 comm="start glance-registry ") interface="com.ubuntu.Upstart0_6.Job" member="Start" error name="(unset)" requested_reply="0" destination="com.ubuntu.Upstart" (uid=0 pid=1 comm="/sbin/init")deepa@ubuntu:~$
Please help...
don't forget "sudo"
I had this problem as I was using "sudo". If you use "service glance-api restart && service glance-registry restart", you probably need to add sudo after the && (in addition to at the beginning of the line).