Bug 927929
Summary: | fetching certificates fails for PKI tokens | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Adam Young <ayoung> |
Component: | openstack-keystone | Assignee: | Adam Young <ayoung> |
Status: | CLOSED ERRATA | QA Contact: | Pavel Sedlák <psedlak> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 2.1 | CC: | afazekas, apevec, ayoung, psedlak, ykaul |
Target Milestone: | rc | Flags: | apevec:
internal-review+
|
Target Release: | 2.1 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | openstack-keystone-2012.2.3-8.el6ost | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-04-08 23:42:55 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Adam Young
2013-03-26 14:21:05 UTC
First part of verification - Reproduced with openstack-keystone-2012.2.3-7.el6ost. - keystone-manage pki_setup - updated keystone.conf - keystone restart $ glance --debug image-list 2>&1 |tail content-type: text/plain; charset=UTF-8 401 Unauthorized This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required. Request returned failure status. Invalid OpenStack Identity credentials. Verified with openstack-keystone-2012.2.3-8.el6ost. $ keystone token-get|grep ' id '|wc -c 4025 [root@os-r3 ~(keystone_admin)]$ glance --debug image-list curl -i -X GET -H 'X-Auth-Token: _LONG_KEY_HERE-REPLACED_' -H 'Content-Type: application/json' -H 'User-Agent: python-glanceclient' http://192.168.1.1:9292/v1/images/detail?sort_key=name&sort_dir=asc&limit=20 HTTP/1.1 200 OK date: Thu, 04 Apr 2013 18:02:04 GMT content-length: 915 content-type: application/json; charset=UTF-8 x-openstack-request-id: req-75fe78af-78b0-4a72-a264-6a545cf109aa {"images": [{"status": "active", "name": "MyAltImage", "deleted": false, "container_format": "bare", "created_at": "2013-04-04T17:59:20", "disk_format": "qcow2", "updated_at": "2013-04-04T17:59:20", "properties": {}, "min_disk": 0, "protected": false, "id": "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb", "checksum": "d972013792949d0d3ba628fbe8685bce", "owner": "87b806e965fe482398644fd8847359f8", "is_public": true, "deleted_at": null, "min_ram": 0, "size": 13147648}, {"status": "active", "name": "MyMainImage", "deleted": false, "container_format": "bare", "created_at": "2013-04-04T17:59:18", "disk_format": "qcow2", "updated_at": "2013-04-04T17:59:19", "properties": {}, "min_disk": 0, "protected": false, "id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", "checksum": "d972013792949d0d3ba628fbe8685bce", "owner": "87b806e965fe482398644fd8847359f8", "is_public": true, "deleted_at": null, "min_ram": 0, "size": 13147648}]} +--------------------------------------+-------------+-------------+------------------+----------+--------+ | ID | Name | Disk Format | Container Format | Size | Status | +--------------------------------------+-------------+-------------+------------------+----------+--------+ | bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb | MyAltImage | qcow2 | bare | 13147648 | active | | aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa | MyMainImage | qcow2 | bare | 13147648 | active | +--------------------------------------+-------------+-------------+------------------+----------+--------+ [root@os-r3 bin(keystone_admin)]$ ll /var/lib/glance/keystone-signing/ total 20K drwx------. 2 glance glance 4.0K Apr 4 20:02 . drwxr-xr-x. 5 glance glance 4.0K Apr 4 19:49 .. -rw-r-----. 1 glance glance 1.1K Apr 4 20:02 cacert.pem -rw-r-----. 1 glance glance 1.6K Apr 4 20:02 revoked.pem -rw-r-----. 1 glance glance 2.4K Apr 4 20:02 signing_cert.pem Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0717.html |