Comment 0 for bug 1100220

Hello!

We have some trouble with glance+swift storage.

After changing password for account, used for Keystone authentication in Glance and Swift, glance stops working with errors 500 (HTTPInternalServerError) and 401 (HTTPUnauthorized).

I investigated this issue and found that Glance stores image or snapshot location in database (mysql or sqlite) with _full_ swift URI with login and password.

Example:
swift+http://admin%3Aadmin:%PASSWORD%@%HOST%:5000/v2.0/glance/357a3fe7-313c-411c-b0b2-bcd6491d12a1

When we changed password in Keystone, this credentials are outdated BUT Glance STILL USE IT for authenticating in Swift, ingoring glance-api.conf and glance-api-paste. In result, we got HTTP500 error in reply to any request to glance (like glance image-download) and HTTP401 error in glance-api.log

I can find only one method to workaround this - I manually changed this credentials in MySQL. In out situation (5 images) whis way is idiotic, but real. But what if we have 500 or 5000 images and snapshots?

I think, glance MUST have any method to change credentials without manual changing thousands of DB records.