[Openstack-operators] swauth 1.0.3 user create and access problem?

andi abes andi.abes at gmail.com
Mon Dec 5 21:04:23 UTC 2011 

when you created the user did you add the -a param (to make the user an
admin for the account )?


On Mon, Dec 5, 2011 at 3:09 PM, Judd Maltin <openstack at newgoliath.com>wrote:

> oops.. pasted too much with the x-storage-url, but still access denied.
>
>
> On Mon, Dec 5, 2011 at 3:06 PM, Judd Maltin <openstack at newgoliath.com>wrote:
>
>> No curl love either.
>>
>> Might have to remove the .auth database by hand or somehting??
>>
>> root at proxy01-c01:/etc/swift# curl  -i -H 'X-Auth-User: test1:tester1' -H
>> 'X-Storage-Pass: testing1' http://127.0.0.1:8080/auth/v1.0
>> HTTP/1.1 200 OK
>> X-Storage-Url:
>> http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74
>> X-Storage-Token: AUTH_tkb44d649b7e2f4c8d9a4653a60de3f980
>> X-Auth-Token: AUTH_tkb44d649b7e2f4c8d9a4653a60de3f980
>> X-Trans-Id: tx9a8f99333ac44e0885b0b4c0ddb67c30
>> Content-Length: 112
>> Date: Mon, 05 Dec 2011 20:05:09 GMT
>>
>> {"storage": {"default": "local", "local": "
>> http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74
>> "}}root at proxy01-c01:/etc/swift#
>>
>> root at proxy01-c01:/etc/swift# curl -i -H 'X-Auth-Token:
>> AUTH_tkb44d649b7e2f4c8d9a4653a60de3f980' X-Storage-Url:
>> http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74/
>> curl: (6) Couldn't resolve host 'X-Storage-Url:'
>> HTTP/1.1 403 Forbidden
>> Content-Length: 157
>> Content-Type: text/html; charset=UTF-8
>> X-Trans-Id: tx8d228af637ca40818a4fb4cae5e20e0e
>> Date: Mon, 05 Dec 2011 20:05:35 GMT
>>
>> <html>
>>  <head>
>>   <title>403 Forbidden</title>
>>  </head>
>>  <body>
>>   <h1>403 Forbidden</h1>
>>   Access was denied to this resource.<br /><br />
>>
>>
>>
>>  </body>
>>
>>
>>
>>
>> On Mon, Dec 5, 2011 at 2:26 PM, Jeff Kramer <jeffkramer at gmail.com> wrote:
>>
>>> Maybe drop the single quotes around the password?  Have you tried with
>>> curl?  Something like this (ripped out of some docs I've got):
>>>
>>> We can also test this with curl, from this machine or another machine
>>> (replace 127.0.0.1 with the servers IP address as appropriate):
>>>
>>> [code]
>>> curl -v -H 'X-Storage-User: testaccount:testuser' -H 'X-Storage-Pass:
>>> testpassword' http://127.0.0.1:8080/auth/v1.0
>>> [/code]
>>>
>>> This should return an auth token like this:
>>>
>>> X-Auth-Token: AUTH_tk6c0e4a8829084a899d5742dd18a6b274
>>>
>>> And a URL like this:
>>>
>>> X-Storage-Url:
>>> http://127.0.0.1:8080/v1/AUTH_18c08955-6ea1-41c8-b899-9d8b26063a87
>>>
>>> Which you can use to talk to storage:
>>>
>>> [code]
>>> curl -v -H 'X-Auth-Token: AUTH_tk6c0e4a8829084a899d5742dd18a6b274'
>>> http://127.0.0.1:8080/v1/AUTH_18c08955-6ea1-41c8-b899-9d8b26063a87
>>> [/code]
>>>
>>> Which should show you something like this:
>>>
>>> [code]
>>> < HTTP/1.1 204 No Content
>>> < X-Account-Object-Count: 0
>>> < X-Account-Bytes-Used: 0
>>> < X-Account-Container-Count: 0
>>> < Accept-Ranges: bytes
>>> < Content-Length: 0
>>> [/code]
>>>
>>>
>>> On Mon, Dec 5, 2011 at 12:56 PM, Judd Maltin <openstack at newgoliath.com>
>>> wrote:
>>> > I create my user test1:tester1 testing1 using the swauth tools just
>>> fine.
>>> >
>>> > root at proxy01-c01:/etc/swift# swauth-list -K swauthkey
>>> > {"accounts": [{"name": "test1"}]}
>>> > root at proxy01-c01:/etc/swift# swauth-list -K swauthkey test1
>>> > {"services": {"storage": {"default": "local", "local":
>>> > "http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74
>>> "}},
>>> > "account_id": "AUTH_840f1320-2d45-4e62-92a5-71e448190c74", "users":
>>> > [{"name": "tester1"}]}
>>> > root at proxy01-c01:/etc/swift#
>>> >
>>> > But then when I try to stat the account: :(
>>> >
>>> > /etc/swift# swift -A http://127.0.0.1:8080/auth/v1.0 -U test1:tester1
>>> -K
>>> > 'testing1' stat -v
>>> > Account HEAD failed:
>>> > http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74 403
>>> > Forbidden
>>> >
>>> > /var/log/syslog:
>>> >
>>> > Dec  5 13:45:30 proxy01-c01 proxy-server - - 05/Dec/2011/18/45/30 GET
>>> > /v1/AUTH_.auth/test1/tester1 HTTP/1.0 200 - Swauth - - - -
>>> > txb6f5ac66b1134c31814f1daf4192548b - 0.0440
>>> > Dec  5 13:45:30 proxy01-c01 proxy-server - - 05/Dec/2011/18/45/30 GET
>>> > /v1/AUTH_.auth/.token_2/AUTH_tk01423b7c65fc463394cf8ca3de8fef52
>>> HTTP/1.0 200
>>> > - Swauth - - - - txc70046f612ce4baca788ee49b20fba63 - 0.0291
>>> > Dec  5 13:45:30 proxy01-c01 proxy-server - - 05/Dec/2011/18/45/30 GET
>>> > /v1/AUTH_.auth/test1/.services HTTP/1.0 200 - Swauth - - - -
>>> > tx0547130a2c444252a21a868785f68ebd - 0.0308
>>> > Dec  5 13:45:30 proxy01-c01 swauth - 127.0.0.1 05/Dec/2011/18/45/30 GET
>>> > /auth/v1.0 HTTP/1.0 200 - - - - - - - - 0.1095
>>> > Dec  5 13:45:30 proxy01-c01 proxy-server 127.0.0.1 127.0.0.1
>>> > 05/Dec/2011/18/45/30 HEAD /v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74
>>> > HTTP/1.0 403 - -
>>> test1%3Atester1%2CAUTH_tk01423b7c65fc463394cf8ca3de8fef52 -
>>> > - - tx116c0dc81110402fa4f106feebe3c121 - 0.0006
>>> >
>>> > I'm using swift 1.4.4, swauth 1.0.3
>>> >
>>> > proxy-server.conf:
>>> > [pipeline:main]
>>> > pipeline = swift3 catch_errors healthcheck cache swauth proxy-server
>>> >
>>> > ...
>>> >
>>> > [filter:swauth]
>>> > use = egg:swauth#swauth
>>> > set default_swift_cluster =
>>> > local#http://127.0.0.1:8080/v1#http://127.0.0.1:8080/v1
>>> > set log_name = swauth
>>> > super_admin_key = swauthkey
>>> >
>>> >
>>> > Any ideas whats going on here?
>>> >
>>> > Thanks,
>>> > -judd
>>> >
>>> > _______________________________________________
>>> > Openstack-operators mailing list
>>> > Openstack-operators at lists.openstack.org
>>> >
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>> >
>>>
>>>
>>>
>>> --
>>> Jeff Kramer
>>> jeffkramer at gmail.com
>>> http://www.jeffkramer.org/
>>> _______________________________________________
>>> Openstack-operators mailing list
>>> Openstack-operators at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>
>>
>>
>
> _______________________________________________
> Openstack-operators mailing list
> Openstack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20111205/04fc68ea/attachment-0002.html>

More information about the Openstack-operators mailing list