Invalid OpenStack Identity credentials - Glance

Question

I installed Openstack on RedHad using RDO. Then I get the following error when I execute the glance commands.

glance image-list
    Request returned failure status.
    Invalid OpenStack Identity credentials.

Below is the backend error of api.log

2014-06-23 20:09:31.330 1262 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): 127.0.0.1
2014-06-23 20:09:31.408 1262 DEBUG urllib3.connectionpool [-] "POST /v2.0/tokens HTTP/1.1" 200 9128 _make_request /usr/lib/python2.6/site-packages/urllib3/connectionpool.py:295
2014-06-23 20:09:31.418 1262 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): 127.0.0.1
2014-06-23 20:09:31.435 1262 DEBUG urllib3.connectionpool [-] "GET /v2.0/tokens/revoked HTTP/1.1" 200 686 _make_request /usr/lib/python2.6/site-packages/urllib3/connectionpool.py:295
2014-06-23 20:09:31.443 1262 WARNING keystoneclient.middleware.auth_token [-] Verify error: Command 'openssl' returned non-zero exit status 4
2014-06-23 20:09:31.443 1262 DEBUG keystoneclient.middleware.auth_token [-] Token validation failure. _validate_user_token /usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py:943
2014-06-23 20:09:31.443 1262 TRACE keystoneclient.middleware.auth_token Traceback (most recent call last):
2014-06-23 20:09:31.443 1262 TRACE keystoneclient.middleware.auth_token   File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 930, in _validate_user_token
2014-06-23 20:09:31.443 1262 TRACE keystoneclient.middleware.auth_token     verified = self.verify_signed_token(user_token, token_ids)
2014-06-23 20:09:31.443 1262 TRACE keystoneclient.middleware.auth_token   File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 1347, in verify_signed_token
2014-06-23 20:09:31.443 1262 TRACE keystoneclient.middleware.auth_token     if self.is_signed_token_revoked(token_ids):
2014-06-23 20:09:31.443 1262 TRACE keystoneclient.middleware.auth_token   File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 1299, in is_signed_token_revoked
2014-06-23 20:09:31.443 1262 TRACE keystoneclient.middleware.auth_token     if self._is_token_id_in_revoked_list(token_id):
2014-06-23 20:09:31.443 1262 TRACE keystoneclient.middleware.auth_token   File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 1306, in _is_token_id_in_revoked_list
2014-06-23 20:09:31.443 1262 TRACE keystoneclient.middleware.auth_token     revocation_list = self.token_revocation_list
2014-06-23 20:09:31.443 1262 TRACE keystoneclient.middleware.auth_token   File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 1413, in token_revocation_list
2014-06-23 20:09:31.443 1262 TRACE keystoneclient.middleware.auth_token     self.token_revocation_list = self.fetch_revocation_list()
2014-06-23 20:09:31.443 1262 TRACE keystoneclient.middleware.auth_token   File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 1459, in fetch_revocation_list
2014-06-23 20:09:31.443 1262 TRACE keystoneclient.middleware.auth_token     return self.cms_verify(data['signed'])
2014-06-23 20:09:31.443 1262 TRACE keystoneclient.middleware.auth_token   File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 1330, in cms_verify
2014-06-23 20:09:31.443 1262 TRACE keystoneclient.middleware.auth_token     return verify()
2014-06-23 20:09:31.443 1262 TRACE keystoneclient.middleware.auth_token   File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 1324, in verify
2014-06-23 20:09:31.443 1262 TRACE keystoneclient.middleware.auth_token     inform=inform).decode('utf-8')
2014-06-23 20:09:31.443 1262 TRACE keystoneclient.middleware.auth_token   File "/usr/lib/python2.6/site-packages/keystoneclient/common/cms.py", line 167, in cms_verify
2014-06-23 20:09:31.443 1262 TRACE keystoneclient.middleware.auth_token     raise e
2014-06-23 20:09:31.443 1262 TRACE keystoneclient.middleware.auth_token CalledProcessError: Command 'openssl' returned non-zero exit status 4
2014-06-23 20:09:31.443 1262 TRACE keystoneclient.middleware.auth_token 
2014-06-23 20:09:31.444 1262 DEBUG keystoneclient.middleware.auth_token [-] Marking token as unauthorized in cache _cache_store_invalid /usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py:1239
2014-06-23 20:09:31.444 1262 WARNING keystoneclient.middleware.auth_token [-] Authorization failed for token
2014-06-23 20:09:31.444 1262 INFO keystoneclient.middleware.auth_

Answer 1

First, you need to source the file keystone_admin file located in /root

source keystone_admin

Then you can run any command like glance, nova, neutron, etc...

If you already did that, then change the following settings in keystone.conf and restart:

[signing]

token_format = UUID

I think disabling ssl is a bad idea, unless you are in a development environment.

Here you are great documentation: http://docs.openstack.org/admin-guide-cloud/content/ch-identity-mgmt-config.html

Answer 2

I don't think the source keystonerc_admin will solve this issue.

Try to change the token provider instead by doing this in "keystone.conf" :

[signing]
token_format=UUID

[token]
provider=keystone.token.providers.uuid.Provider

[ssl]
enable = False

You can always go there:

https://bugs.launchpad.net/python-keystoneclient/+bug/1176190

And not delete my replies ... :)