Keystone integration in glance
I've used these links to configurate glance and keystone:
http://
http://
I would like to upload an image, that other user cannot see it. (other user can't have permission)
I've uploaded an image with 'glance add', but owner attribute didn't get value. (in the database owner value is NULL)
The keystone gives the following message in debug mode:
AttributeError: 'NoneType' object has no attribute 'enabled'
Why doesn't get value the owner while uploading image?
If I upload with the following commands, I won't see anything in the keystone log file and the owner value will be NULL too.
euca-bundle-image -u 999888777666 -i natty-server-
euca-upload-bundle -b test -m /tmp/natty-
euca-register -a x86_64 -n natty-server-
Thanks for your help,
Thomas
- keystone from git (1.0)
- glance 2011.3~d4
# dpkg -l |grep glance
ii glance 2011.3~
ii python-glance 2011.3~
keystone.conf:
[DEFAULT]
# Show more verbose log output (sets INFO log level output)
verbose = False
# Show debugging output in logs (sets DEBUG log level output)
debug = True
# Which backend store should Keystone use by default.
# Default: 'sqlite'
# Available choices are 'sqlite' [future will include LDAP, PAM, etc]
default_store = sqlite
# Log to this file. Make sure you do not set the same log
# file for both the API and registry servers!
log_file = keystone.log
# List of backends to be configured
backends = keystone.
#For LDAP support, add: ,keystone.
# Dictionary Maps every service to a header.Missing services would get header
# X_(SERVICE_NAME) Key => Service Name, Value => Header Name
service-
'nova' : 'X-Server-
'swift' : 'X-Storage-Url',
'cdn' : 'X-CDN-
# Address to bind the API server
# TODO Properties defined within app not available via pipeline.
service_host = 0.0.0.0
# Port the bind the API server to
service_port = 5000
# Address to bind the Admin API server
admin_host = 0.0.0.0
# Port the bind the Admin API server to
admin_port = 5001
#Role that allows to perform admin operations.
keystone-admin-role = Admin
#Role that allows to perform service admin operations.
keystone-
[keystone.
# SQLAlchemy connection string for the reference implementation registry
# server. Any valid SQLAlchemy connection string is fine.
# See: http://
sql_connection = sqlite:
backend_entities = ['UserRoleAssoc
# Period in seconds after which SQLAlchemy should reestablish its connection
# to the database.
sql_idle_timeout = 30
[pipeline:admin]
pipeline =
admin_api
[pipeline:
pipeline =
legacy_auth
RS-
service_api
[app:service_api]
paste.app_factory = keystone.
[app:admin_api]
paste.app_factory = keystone.
[filter:
paste.filter_
[filter:
paste.filter_
[filter:
paste.filter_
glance-api.conf:
...
pipeline = versionnegotiation tokenauth context apiv1app
# To enable Image Cache Management API replace pipeline with below:
# pipeline = versionnegotiation context imagecache apiv1app
# NOTE: use the following pipeline for keystone auth (with caching)
#pipeline = versionnegotiation authtoken context imagecache apiv1app
[pipeline:versions]
pipeline = versionsapp
[app:versionsapp]
paste.app_factory = glance.
[app:apiv1app]
paste.app_factory = glance.
[filter:
paste.filter_
[filter:imagecache]
paste.filter_
[filter:context]
paste.filter_
[filter:tokenauth]
paste.filter_
service_protocol = http
service_host = 127.0.0.1
service_port = 5000
auth_host = 127.0.0.1
auth_port = 5001
auth_protocol = http
auth_uri = http://
admin_token = 999888777666
# Allows anonymous access
delay_auth_decision = 1
[filter:
paste.filter_
glance-
...
[pipeline:
#pipeline = context registryapp
# NOTE: use the following pipeline for keystone
pipeline = tokenauth keystone_shim context registryapp
[app:registryapp]
paste.app_factory = glance.
[filter:context]
context_class = glance.
paste.filter_
[filter:tokenauth]
paste.filter_
service_protocol = http
service_host = 127.0.0.1
service_port = 5000
auth_host = 127.0.0.1
auth_port = 5001
auth_protocol = http
auth_uri = http://
admin_token = 999888777666
# Allows anonymous access
delay_auth_decision = 1
[filter:
paste.filter_
api-paste.ini:
...
[pipeline:
#pipeline = faultwrap noauth ratelimit osapiapp10
# NOTE(vish): use the following pipeline for deprecated auth
# pipeline = faultwrap auth ratelimit osapiapp10
# NOTE(vish): use the following pipeline for keystone
pipeline = faultwrap tokenauth keystonecontext ratelimit osapiapp10
[pipeline:
#pipeline = faultwrap noauth ratelimit extensions osapiapp11
# NOTE(vish): use the following pipeline for deprecated auth
# pipeline = faultwrap auth ratelimit extensions osapiapp11
# NOTE(vish): use the following pipeline for keystone
pipeline = faultwrap tokenauth keystonecontext ratelimit extensions osapiapp11
[filter:faultwrap]
paste.filter_
[filter:auth]
paste.filter_
[filter:noauth]
paste.filter_
[filter:ratelimit]
paste.filter_
[filter:extensions]
paste.filter_
[app:osapiapp10]
paste.app_factory = nova.api.
[app:osapiapp11]
paste.app_factory = nova.api.
[pipeline:
pipeline = faultwrap osversionapp
[app:osversionapp]
paste.app_factory = nova.api.
##########
# Shared #
##########
[filter:
paste.filter_
[filter:tokenauth]
paste.filter_
service_protocol = http
service_host = 127.0.0.1
service_port = 5000
auth_host = 127.0.0.1
auth_port = 5001
auth_protocol = http
auth_uri = http://
admin_token = 999888777666
[filter:auth_shim]
paste.filter_
keystone start:
Starting the RS-KEY extension
Starting the Legacy Authentication component
admin : INFO *******
admin : INFO Configuration options gathered from config file:
admin : INFO /root/keystone/
admin : INFO =======
admin : INFO admin_host 0.0.0.0
admin : INFO admin_port 5001
admin : INFO backends keystone.
admin : INFO debug True
admin : INFO default_store sqlite
admin : INFO keystone-admin-role Admin
admin : INFO keystone-
admin : INFO log_file keystone.log
admin : INFO service-
'nova' : 'X-Server-
'swift' : 'X-Storage-Url',
'cdn' : 'X-CDN-
admin : INFO service_host 0.0.0.0
admin : INFO service_port 5000
admin : INFO verbose False
admin : INFO *******
Using config file: /root/keystone/
Service API listening on 0.0.0.0:5000
Admin API listening on 0.0.0.0:5001
eventlet.
eventlet.
./keystone-manage tenant add admin
./keystone-manage tenant add demo
./keystone-manage user add admin secrete 1
./keystone-manage user add demo secrete 2
./keystone-manage role add Admin
./keystone-manage role add Member
./keystone-manage role grant Admin admin
./keystone-manage endpointTemplates add RegionOne swift http://
./keystone-manage endpointTemplates add RegionOne nova_compat http://
./keystone-manage endpointTemplates add RegionOne nova http://
./keystone-manage endpointTemplates add RegionOne glance http://
./keystone-manage endpointTemplates add RegionOne identity http://
./keystone-manage token add 999888777666 1 1 2015-02-05T00:00
./keystone-manage endpoint add 1 1
./keystone-manage endpoint add 1 2
./keystone-manage endpoint add 1 3
./keystone-manage endpoint add 1 4
./keystone-manage endpoint add 1 5
./keystone-manage endpoint add 1 6
./keystone-manage endpoint add 2 1
./keystone-manage endpoint add 2 2
./keystone-manage endpoint add 2 3
./keystone-manage endpoint add 2 4
./keystone-manage endpoint add 2 5
./keystone-manage endpoint add 2 6
result:
SUCCESS: Tenant admin created.
SUCCESS: Tenant demo created.
SUCCESS: User admin created.
SUCCESS: User demo created.
SUCCESS: Role Admin created successfully.
SUCCESS: Role Member created successfully.
SUCCESS: Granted admin the Admin role on None.
SUCCESS: Created EndpointTemplates for swift pointing to http://
SUCCESS: Created EndpointTemplates for nova_compat pointing to http://
SUCCESS: Created EndpointTemplates for nova pointing to http://
SUCCESS: Created EndpointTemplates for glance pointing to http://
SUCCESS: Created EndpointTemplates for identity pointing to http://
SUCCESS: Token 999888777666 created.
SUCCESS: Endpoint 1 added to tenant 1.
SUCCESS: Endpoint 2 added to tenant 1.
SUCCESS: Endpoint 3 added to tenant 1.
SUCCESS: Endpoint 4 added to tenant 1.
SUCCESS: Endpoint 5 added to tenant 1.
SUCCESS: Endpoint 6 added to tenant 1.
SUCCESS: Endpoint 1 added to tenant 2.
SUCCESS: Endpoint 2 added to tenant 2.
SUCCESS: Endpoint 3 added to tenant 2.
SUCCESS: Endpoint 4 added to tenant 2.
SUCCESS: Endpoint 5 added to tenant 2.
SUCCESS: Endpoint 6 added to tenant 2.
# ./keystone-manage user list
id enabled tenant
-------
admin 1 1
demo 1 2
# ./keystone-manage tenant list
tenant enabled
-------
admin 1
demo 1
# ./keystone-manage token list
token user expiration tenant
-------
999888777666 1 2015-02-05 00:00:00 1
# export|grep NOVA_
declare -x NOVA_API_
declare -x NOVA_AUTH_
declare -x NOVA_CERT=
declare -x NOVA_PROJECT_ID="2"
declare -x NOVA_URL="http://
declare -x NOVA_USERNAME=
declare -x NOVA_VERSION="1.1"
# export|grep OS_
declare -x OS_AUTH_
declare -x OS_AUTH_
declare -x OS_AUTH_TENANT="2"
declare -x OS_AUTH_URL="http://
declare -x OS_AUTH_USER="demo"
# glance -v --host 127.0.0.1 -A 999888777666 add name="natty-
Added new image with ID: 6
Returned the following metadata for the new image:
Completed in 27.8087 sec.
mysql> select owner from images where id=6 ;
+-------+
| owner |
+-------+
| NULL |
+-------+
1 row in set (0.00 sec)
keystone.log:
eventlet.
eventlet.
sqlalchemy.
FROM token
WHERE token.id = ?
LIMIT 1 OFFSET 0
sqlalchemy.
sqlalchemy.
FROM users
WHERE users.id = ?
LIMIT 1 OFFSET 0
sqlalchemy.
root : ERROR 'NoneType' object has no attribute 'enabled'
Traceback (most recent call last):
File "/root/
return func(*args, **kwargs)
File "/root/
utils.
File "/root/
self.
File "/root/
(token, user) = self.__
File "/root/
if not user.enabled:
AttributeError: 'NoneType' object has no attribute 'enabled'
eventlet.
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Glance Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Can you help with this problem?
Provide an answer of your own, or ask Tamas Kapolnasi for more information if necessary.