由于身份验证失败，glance 不起作用

Question

我正在一些机器上设置 Openstack。我一直在关注本指南http://docs.openstack.org/liberty/install-guide-ubuntu/，直到遇到这个问题：

当我在验证图像服务（Glance）时，我遇到了以下问题：

$ cat admin-openrc.sh 
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=passw0rd
export OS_AUTH_URL=http://Renaissance:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
$ source admin-openrc.sh
$ glance --debug image-create --name "cirros" \
>   --file cirros-0.3.4-x86_64-disk.img \
>   --disk-format qcow2 --container-format bare \
>   --visibility public --progress
curl -g -i -X GET -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'User-Agent: python-glanceclient' -H 'Connection: keep-alive' -H 'X-Auth-Token: {SHA1}7ce8d893ef6cdaca2ed5a876c8211a841455ba65' -H 'Content-Type: application/octet-stream' http://Renaissance:9292/v2/schemas/image
Request returned failure status 401.
Invalid OpenStack Identity credentials.

使用任何其他 Glance 功能（例如 Glance image-list）我都会得到同样的错误。

我认为我的配置正确，因为我遵循了指南。 这是我的 Openstack 服务、项目、用户、角色和端点

+----------------------------------+----------+----------+
| ID                               | Name     | Type     |
+----------------------------------+----------+----------+
| bf585630a5cb475b9e883493de3813fa | glance   | image    |
| fc29e468dae849e6afb97ecc3bf487f6 | keystone | identity |
+----------------------------------+----------+----------+
+----------------------------------+----------+
| ID                               | Name     |
+----------------------------------+----------+
| 0bc473b2e77a4a9bb7871ed2afacb995 | admin    |
| dcaf480621164c409b6704c3f42e0869 | service  |
| e9f709d860fe46e2819b6bf1c78ccd0f | nonadmin |
+----------------------------------+----------+
+----------------------------------+----------+
| ID                               | Name     |
+----------------------------------+----------+
| 485374adcbe54ce5b9ef465b84aa2c9f | admin    |
| 7447f4cd56f64ccfb111cba74f9a4b92 | nonadmin |
| d9ffc32240d24328b10af8b2550ec414 | glance   |
+----------------------------------+----------+
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 466fea231ef54d3ca4564fb42f51bb5c | admin |
| a36c726d27f04ebf92d336c3acfcd945 | user  |
+----------------------------------+-------+
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                           |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
| 01f62a7b9f7f4fa782e8bc695e74afc1 | RegionOne | glance       | image        | True    | internal  | http://Renaissance:9292       |
| abb7e5052d8646428e82ef58ca21b376 | RegionOne | keystone     | identity     | True    | public    | http://Renaissance:5000/v2.0  |
| d5b3180255b44a0eafe0810a20e104bc | RegionOne | glance       | image        | True    | public    | http://Renaissance:9292       |
| e0392842c6f64ac389a5688bc2581192 | RegionOne | keystone     | identity     | True    | internal  | http://Renaissance:5000/v2.0  |
| e0eb3dd0ed774669bce9a74dd3831c05 | RegionOne | keystone     | identity     | True    | admin     | http://Renaissance:35357/v2.0 |
| ec855dca8f87454e997fd55c47f17703 | RegionOne | glance       | image        | True    | admin     | http://Renaissance:9292       |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+

我的glance的auth配置（在glance-api.conf和glance-registry.conf中）如下：

...
[keystone_authtoken]
# Complete public Identity API endpoint. (string value)
auth_uri = http://Renaissance:5000
auth_uri = http://Renaissance:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = passw0rd
...

我可以使用 Openstack 获取令牌：

$ openstack token issue
+------------+----------------------------------+
| Field      | Value                            |
+------------+----------------------------------+
| expires    | 2016-10-01T01:16:48.482839Z      |
| id         | 2a4e052a2c4140a28f550158d95ecd3b |
| project_id | 0bc473b2e77a4a9bb7871ed2afacb995 |
| user_id    | 485374adcbe54ce5b9ef465b84aa2c9f |
+------------+----------------------------------+

我猜是api版本问题，但我一直在更改uri中的版本号，但它没有用。任何帮助表示赞赏。谢谢！

Answer 1

在您的 Glance 配置中，项目名称是 service，但您的 env var 项目名称是 admin。

解决方案：

• 确保 passw0rd 是要查看的真实密码：服务帐户
• 将 Glance 配置更改为使用管理项目