[Openstack-operators] failed to run the auth-server deamon for SAIO setup

Greg Holt gholt at rackspace.com
Tue Apr 5 12:36:31 UTC 2011 

You have to use the PUT or POST command when trying to set the headers on a container. Try adding -X POST to that curl command:

curl -v -X POST -H 'X-Auth-Token: AUTH_tk64b46c28eda84a839b7ba10cc54f3525' -H 'X-Container-Read: test:tester3' -H 'X-Container-Write: test:tester3' http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1

If you GET or the HEAD the container afterwards, you should see the two headers returned to you with the appropriate values.

On Apr 5, 2011, at 5:32 AM, shashidhar v wrote:

> Hi Gholt,
> 
> I tried to set the container based read and write acl to share the container with non admin user , but it is giving error as access denied 
> 
> [shashi at shashi samples]$  curl -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' http://192.168.62.63:8080/auth/v1.0* About to connect() to 192.168.62.63 port 8080
> *   Trying 192.168.62.63... connected
> * Connected to 192.168.62.63 (192.168.62.63) port 8080
> > GET /auth/v1.0 HTTP/1.1
> > User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.7a zlib/1.2.3 libidn/0.6.14
> > Host: 192.168.62.63:8080
> > Accept: */*
> > X-Storage-User: test:tester
> > X-Storage-Pass: testing
> > 
> < HTTP/1.1 200 OK
> < X-Storage-Url: http://127.0.0.1:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a
> < X-Storage-Token: AUTH_tk64b46c28eda84a839b7ba10cc54f3525
> < X-Auth-Token: AUTH_tk64b46c28eda84a839b7ba10cc54f3525
> < Content-Length: 112
> < Date: Tue, 05 Apr 2011 10:18:31 GMT
> Connection #0 to host 192.168.62.63 left intact
> * Closing connection #0
> {"storage": {"default": "local", "local": "http://127.0.0.1:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a"}}[shashi at shashi samples]$ 
> 
> 
> [shashi at shashi samples]$  curl -X HEAD -D - -H 'X-Auth-Token: AUTH_tk64b46c28eda84a839b7ba10cc54f3525' http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a
> HTTP/1.1 204 No Content
> X-Account-Object-Count: 0
> X-Account-Bytes-Used: 0
> X-Account-Container-Count: 1
> Content-Length: 0
> Date: Tue, 05 Apr 2011 10:20:19 GMT
> 
> [shashi at shashi samples]$ 
> [shashi at shashi samples]$  curl -X HEAD -D - -H 'X-Auth-Token: AUTH_tk64b46c28eda84a839b7ba10cc54f3525' http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1
> HTTP/1.1 204 No Content
> X-Container-Object-Count: 1
> X-Container-Bytes-Used: 29
> Content-Length: 0
> Date: Tue, 05 Apr 2011 10:20:40 GMT
> 
> [shashi at shashi samples]$ 
> 
> 
> 
> Initially I have created a container named as "container1" using the admin user "test:tester" and then trying to set read and write acl for the container1 to share it with non-admin user ..........
> 
> 
> 
> [shashi at shashi samples]$  curl -v -H 'X-Auth-Token: AUTH_tk64b46c28eda84a839b7ba10cc54f3525' -H 'X-Container-Read: test:tester3' -H 'X-Container-Write: test:tester3' http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1
> * About to connect() to 192.168.62.63 port 8080
> *   Trying 192.168.62.63... connected
> * Connected to 192.168.62.63 (192.168.62.63) port 8080
> > GET /v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1 HTTP/1.1
> > User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.7a zlib/1.2.3 libidn/0.6.14
> > Host: 192.168.62.63:8080
> > Accept: */*
> > X-Auth-Token: AUTH_tk64b46c28eda84a839b7ba10cc54f3525
> > X-Container-Read: test:tester3
> > X-Container-Write: test:tester3
> > 
> < HTTP/1.1 200 OK
> < X-Container-Object-Count: 1
> < X-Container-Bytes-Used: 29
> < Content-Length: 10
> < Content-Type: text/plain; charset=utf8
> < Date: Tue, 05 Apr 2011 10:11:01 GMT
> testfile1
> * Connection #0 to host 192.168.62.63 left intact
> * Closing connection #0
> [shashi at shashi samples]$ 
> 
> [shashi at shashi samples]$  curl -v -H 'X-Storage-User: test:tester3' -H 'X-Storage-Pass: testing3' http://192.168.62.63:8080/auth/v1.0* About to connect() to 192.168.62.63 port 8080
> *   Trying 192.168.62.63... connected
> * Connected to 192.168.62.63 (192.168.62.63) port 8080
> > GET /auth/v1.0 HTTP/1.1
> > User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.7a zlib/1.2.3 libidn/0.6.14
> > Host: 192.168.62.63:8080
> > Accept: */*
> > X-Storage-User: test:tester3
> > X-Storage-Pass: testing3
> > 
> < HTTP/1.1 200 OK
> < X-Storage-Url: http://127.0.0.1:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a
> < X-Storage-Token: AUTH_tk124a8a19ad7e49c5a04710716fd4f126
> < X-Auth-Token: AUTH_tk124a8a19ad7e49c5a04710716fd4f126
> < Content-Length: 112
> < Date: Tue, 05 Apr 2011 10:11:16 GMT
> Connection #0 to host 192.168.62.63 left intact
> * Closing connection #0
> {"storage": {"default": "local", "local": "http://127.0.0.1:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a"}}[shashi at shashi samples]$ 
> 
> [shashi at shashi samples]$  curl  -s -D - -H 'X-Auth-Token: AUTH_tk124a8a19ad7e49c5a04710716fd4f126' http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1/testfile1
> HTTP/1.1 403 Forbidden
> Content-Length: 157
> Content-Type: text/html; charset=UTF-8
> Date: Tue, 05 Apr 2011 10:11:42 GMT
> 
> <html>
>  <head>
>   <title>403 Forbidden</title>
>  </head>
>  <body>
>   <h1>403 Forbidden</h1>
>   Access was denied to this resource.<br /><br />
> 
> 
> 
>  </body>
> </html>[shashi at shashi samples]$ 
> [shashi at shashi samples]$ 
> 
> Thanks & Regards,
> shashi
> 
> 
> 
> 
> 
> On Fri, Apr 1, 2011 at 6:32 PM, Greg Holt <gholt at rackspace.com> wrote:
> On Apr 1, 2011, at 1:35 AM, shashidhar v wrote:
> 
> > In the above script,  the third user is tester3 (non admin) which is not allowed to create containers ? Then what's the role of non-admin users created under swift , what operations they can perform ?
> >
> > Swift supports ACL or not and  the containers/objects created by a admin user can be shared with non-admin user for atleast downloading the objects ?
> 
> Non-admin users can only perform operations per container based on the container’s X-Container-Read and X-Container-Write ACLs. With an admin account you could create a container for that non-admin user and set X-Container-Read: test:tester3 and X-Container-Write: test:tester3.
> 
> These may explain more:
> 
> http://swift.openstack.org/overview_auth.html
> http://swift.openstack.org/misc.html#module-swift.common.middleware.acl
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20110405/9b34869a/attachment-0002.html>

More information about the Openstack-operators mailing list