[Openstack-operators] Problem with swift-auth-add-usercommand in the Auth-Server

e.testingcloud e.testingcloud at tid.es
Fri May 6 09:59:17 UTC 2011


Hi Marcelo.

I will configure the swauth to replace auth, I will say you when change the auth server.

In this moment the configuration of my environtment is:

* Proxy and auth machine node. This node is not a storage node (ip: 192.168.8.106).

- Proxy-server.conf
[DEFAULT]
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key
bind_port = 8080
workers = 8
user = swift

[pipeline:main]
pipeline = healthcheck cache auth proxy-server

[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true

[filter:auth]
use = egg:swift#auth
ssl = true

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:cache]
use = egg:swift#memcache
memcache_servers = 127.0.0.1:11211


- auth-server.conf
[DEFAULT]
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key
user = swift

[pipeline:main]
pipeline = auth-server

[app:auth-server]
use = egg:swift#auth
default_cluster_url = https://127.0.0.1:8080/v1

# Highly recommended to change this key to something else!
super_admin_key = beto


- swift.conf
[swift-hash]
# random unique string that can never change (DO NOT LOSE)
swift_hash_path_suffix = beto


* Node storage (192.168.8.104)
- account-server.conf
[DEFAULT]
bind_ip = 192.168.8.106
workers = 2
[pipeline:main]
pipeline = account-server
[app:account-server]
use = egg:swift#account
[account-replicator]
[account-auditor]
[account-reaper]

- container-server.conf
[DEFAULT]
bind_ip = 192.168.8.106
workers = 2
[pipeline:main]
pipeline = container-server
[app:container-server]
use = egg:swift#container
[container-replicator]
[container-updater]
[container-auditor]

- object-server.conf
bind_ip = 192.168.8.106
workers = 2
[pipeline:main]
pipeline = object-server
[app:object-server]
use = egg:swift#object
[object-replicator]
[object-updater]
[object-auditor]


* Node storage (192.168.8.103)
- account-server.conf
[DEFAULT]
bind_ip = 192.168.8.106
workers = 2
[pipeline:main]
pipeline = account-server
[app:account-server]
use = egg:swift#account
[account-replicator]
[account-auditor]
[account-reaper]

- container-server.conf
[DEFAULT]
bind_ip = 192.168.8.106
workers = 2
[pipeline:main]
pipeline = container-server
[app:container-server]
use = egg:swift#container
[container-replicator]
[container-updater]
[container-auditor]

- object-server.conf
bind_ip = 192.168.8.106
workers = 2
[pipeline:main]
pipeline = object-server
[app:object-server]
use = egg:swift#object
[object-replicator]
[object-updater]
[object-auditor]

The creation of the account, container and object rings was with this script:

#!/bin/bash
cd /etc/swift
swift-ring-builder account.builder create 18 3 1
swift-ring-builder container.builder create 18 3 1
swift-ring-builder object.builder create 18 3 1

export ZONE=1                    # set the zone number for that storage device
export STORAGE_LOCAL_NET_IP=192.168.8.103    # and the IP address
export WEIGHT=100               # relative weight (higher for bigger/faster disks)
export DEVICE=sdb1
swift-ring-builder account.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6002/$DEVICE $WEIGHT
swift-ring-builder container.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6001/$DEVICE $WEIGHT
swift-ring-builder object.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6000/$DEVICE $WEIGHT
export ZONE=2                    # set the zone number for that storage device
export STORAGE_LOCAL_NET_IP=192.168.8.103    # and the IP address
export WEIGHT=100               # relative weight (higher for bigger/faster disks)
export DEVICE=sdb1
swift-ring-builder account.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6012/$DEVICE $WEIGHT
swift-ring-builder container.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6011/$DEVICE $WEIGHT
swift-ring-builder object.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6010/$DEVICE $WEIGHT
export ZONE=3                    # set the zone number for that storage device
export STORAGE_LOCAL_NET_IP=192.168.8.103    # and the IP address
export WEIGHT=100               # relative weight (higher for bigger/faster disks)
export DEVICE=sdb1
swift-ring-builder account.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6022/$DEVICE $WEIGHT
swift-ring-builder container.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6021/$DEVICE $WEIGHT
swift-ring-builder object.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6020/$DEVICE $WEIGHT

Thanks in advance.

________________________________________
De: Marcelo Martins [btorch-os at zeroaccess.org]
Enviado el: jueves, 05 de mayo de 2011 16:48
Para: e.testingcloud
CC: openstack-operators at lists.openstack.org
Asunto: Re: [Openstack-operators] Problem with swift-auth-add-usercommand in the Auth-Server

Hi Alberto,

Could you provide some more information about your setup.
- How does your object/account/container rings look like ?
- Can you provide an output of your auth-server.conf ?
   Both auth-server and proxy server run on this Openstack1 node I assume from the log below

- Are you sure that your proxy node can indeed connect to the account server ?

Any reason you are using version 1.2 (I assume you are using 1.2 since the old auth-server, devAuth, has been deprecated in favor of swauth)


Marcelo Martins
Openstack-swift
btorch-os at zeroaccess.org<mailto:btorch-os at zeroaccess.org>
https://github.com/btorch

“Knowledge is the wings on which our aspirations take flight and soar. When it comes to surfing and life if you know what to do you can do it. If you desire anything become educated about it and succeed. “




On May 5, 2011, at 9:02 AM, e.testingcloud wrote:

Hi,

we have a problem with the Auth-server, in the next lines we describe the situation:

We have two storage node in two differentes servers (OS: Ubuntu 10.04.2 Server) and the Auth server in other machine (OS: Ubuntu 10.04.2 Server)

We configure the proxy node, the auth server node and the storage node without problem, but when we execute the following command to authorize an user, we receive the atach ERROR.

sudo swift-auth-add-user -K beto -a system root testpass

The error is in the /var/log/syslog file:

May  5 15:38:15 OpenStack1 auth-server validate_token('AUTH_tk03201438d45f49c2905454406efdb347', _, _) = (86399.978063821793, '.super_admin', '.single_use', '.reseller_admin') [0.01]
May  5 15:38:15 OpenStack1 auth-server 127.0.0.1 - - [05/May/2011:13:38:15 +0000] "GET /token/AUTH_tk03201438d45f49c2905454406efdb347 HTTP/1.0" 204 - "-" "-" - - - - - - - - - "-" "127.0.0.1" "-" 0.0077
May  5 15:38:15 OpenStack1 proxy-server ERROR with Account server 192.168.8.106:6002/sdb1 re: Trying to PUT to /v1/AUTH_e15d5a524bf44a469f876c6f3be2955c: Connection refused (txn: tx420de390-d209-4f0b-816a-f0062e2087cc)
May  5 15:38:15 OpenStack1 proxy-server ERROR with Account server 192.168.8.106:6012/sdb1 re: Trying to PUT to /v1/AUTH_e15d5a524bf44a469f876c6f3be2955c: Connection refused (txn: tx420de390-d209-4f0b-816a-f0062e2087cc)
May  5 15:38:15 OpenStack1 proxy-server ERROR with Account server 192.168.8.106:6022/sdb1 re: Trying to PUT to /v1/AUTH_e15d5a524bf44a469f876c6f3be2955c: Connection refused (txn: tx420de390-d209-4f0b-816a-f0062e2087cc)
May  5 15:38:15 OpenStack1 proxy-server Account PUT returning 503 for [503, 503, 503] (txn: tx420de390-d209-4f0b-816a-f0062e2087cc)
May  5 15:38:15 OpenStack1 auth-server ERROR attempting to create account https://127.0.0.1:8080/v1/AUTH_e15d5a524bf44a469f876c6f3be2955c: 503 Internal Server Error
May  5 15:38:15 OpenStack1 auth-server FAILED create_user('system', 'root', _, True, False) [0.04]
May  5 15:38:15 OpenStack1 auth-server 127.0.0.1 - - [05/May/2011:13:38:15 +0000] "PUT /account/system/root HTTP/1.0" 503 - "-" "-" - - - - - - - - - "-" "127.0.0.1" "-" 0.0377
May  5 15:38:15 OpenStack1 proxy-server - 127.0.0.1 05/May/2011/13/38/15 PUT /v1/AUTH_e15d5a524bf44a469f876c6f3be2955c HTTP/1.0 503 - - .super_admin%3A.single_use%2CAUTH_tk03201438d45f49c2905454406efdb347 - - - tx420de390-d209-4f0b-816a-f0062e2087cc - 0.0053
Any idea about the problem ?



Thanks in advance,

Regards,

Alberto.


________________________________
Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo.
This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at.
http://www.tid.es/ES/PAGINAS/disclaimer.aspx
_______________________________________________
Openstack-operators mailing list
Openstack-operators at lists.openstack.org<mailto:Openstack-operators at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators


Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo.
This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at.
http://www.tid.es/ES/PAGINAS/disclaimer.aspx



More information about the Openstack-operators mailing list