[Openstack-operators] [Openstack] Verifying Swift - X-Auth problem
John Dickinson
me at not.mn
Sat Feb 8 02:19:17 UTC 2014
In the output you pasted, you don't have any successful response. I'd suggest looking at the tempauth stanza in the proxy server conf to make sure the users are set up correctly.
--John
On Feb 7, 2014, at 4:55 PM, Adam Lawson <alawson at aqorn.com> wrote:
> To help with troubleshooting, here is what I've executed thus far on my proxy node...
> Obvious problem/symptom = inability to verify a new Swift install from scratch due to 401 Unauthorized.
> • 1x proxy node
> • 5x storage nodes
> I'll continue working this but anyone have any thoughts? See email to -operators list for further history.
>
> Thanks!
> Adam
>
> Below is a bash history/output of what is happening right now:
> login as: c5201274
> c5201274 at 10.173.0.66's password:
> Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.2.0-55-generic x86_64)
> * Documentation: https://help.ubuntu.com/
> Last login: Thu Feb 6 21:05:32 2014 from 10.7.106.110
> Powered by Monsoon (Version 2.2.465) Platform: ubuntu 12.04
> Hostname : mo-ad1469a10.mo.sap.corp Name : node0p
> Organization : c5201274 Project : swift_poc
> Url : https://monsoon.mo.sap.corp/instances/mo-ad1469a10
> c5201274 at mo-ad1469a10:~$ sudo su
> root at mo-ad1469a10:/home/c5201274# . credrc.sh
> root at mo-ad1469a10:/home/c5201274# swift-init proxy start
> proxy-server running (5502 - /etc/swift/proxy-server.conf)
> proxy-server already started...
> root at mo-ad1469a10:/home/c5201274# curl -k -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0
> * About to connect() to 10.173.0.66 port 8080 (#0)
> * Trying 10.173.0.66... connected
> * successfully set certificate verify locations:
> * CAfile: none
> CApath: /etc/ssl/certs
> * SSLv3, TLS handshake, Client hello (1):
> * SSLv3, TLS handshake, Server hello (2):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv3, TLS handshake, Server finished (14):
> * SSLv3, TLS handshake, Client key exchange (16):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSL connection using AES256-SHA
> * Server certificate:
> * subject: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd
> * start date: 2014-01-29 00:34:55 GMT
> * expire date: 2014-02-28 00:34:55 GMT
> * SSL: unable to obtain common name from peer certificate
> > GET /auth/v1.0 HTTP/1.1
> > User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4libidn/1.23 librtmp/2.3
> > Host: 10.173.0.66:8080
> > Accept: */*
> > X-Storage-User: test:tester
> > X-Storage-Pass: testing
> >
> < HTTP/1.1 401 Unauthorized
> < Content-Length: 131
> < Content-Type: text/html; charset=UTF-8
> < Date: Fri, 07 Feb 2014 18:20:13 GMT
> <
> * Connection #0 to host 10.173.0.66 left intact
> * Closing connection #0
> * SSLv3, TLS alert, Client hello (1):
> <html><h1>Unauthorized</h1><p>This server could not verify that you are authorized to access the document you requested.</p></html>root at mo-ad1469a10:/home/c5201274#
> root at mo-ad1469a10:/home/c5201274# curl -k -v -H 'X-Auth-Token: AUTH_tkf85b7788c36143ac99e5a5b42d95d628' https://$PROXY_LOCAL_NET_IP:8080/v1/AUTH_system
> * About to connect() to 10.173.0.66 port 8080 (#0)
> * Trying 10.173.0.66... connected
> * successfully set certificate verify locations:
> * CAfile: none
> CApath: /etc/ssl/certs
> * SSLv3, TLS handshake, Client hello (1):
> * SSLv3, TLS handshake, Server hello (2):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv3, TLS handshake, Server finished (14):
> * SSLv3, TLS handshake, Client key exchange (16):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSL connection using AES256-SHA
> * Server certificate:
> * subject: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd
> * start date: 2014-01-29 00:34:55 GMT
> * expire date: 2014-02-28 00:34:55 GMT
> * SSL: unable to obtain common name from peer certificate
> > GET /v1/AUTH_system HTTP/1.1
> > User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4libidn/1.23 librtmp/2.3
> > Host: 10.173.0.66:8080
> > Accept: */*
> > X-Auth-Token: AUTH_tkf85b7788c36143ac99e5a5b42d95d628
> >
> < HTTP/1.1 401 Unauthorized
> < Content-Length: 131
> < Content-Type: text/html; charset=UTF-8
> < Date: Fri, 07 Feb 2014 18:21:22 GMT
> <
> * Connection #0 to host 10.173.0.66 left intact
> * Closing connection #0
> * SSLv3, TLS alert, Client hello (1):
> <html><h1>Unauthorized</h1><p>This server could not verify that you are authorized to access the document you requested.</p></html>root at mo-ad1469a10:/home/c5201274# ^C
> root at mo-ad1469a10:/home/c5201274# ^C
> root at mo-ad1469a10:/home/c5201274# curl -k -v -H 'X-Auth-Token: AUTH_tkf85b7788c36143ac99e5a5b42d95d628' https://$PROXY_LOCAL_NET_IP:8080/v1/AUTH_system
> * About to connect() to 10.173.0.66 port 8080 (#0)
> * Trying 10.173.0.66... connected
> * successfully set certificate verify locations:
> * CAfile: none
> CApath: /etc/ssl/certs
> * SSLv3, TLS handshake, Client hello (1):
> * SSLv3, TLS handshake, Server hello (2):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv3, TLS handshake, Server finished (14):
> * SSLv3, TLS handshake, Client key exchange (16):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSL connection using AES256-SHA
> * Server certificate:
> * subject: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd
> * start date: 2014-01-29 00:34:55 GMT
> * expire date: 2014-02-28 00:34:55 GMT
> * SSL: unable to obtain common name from peer certificate
> > GET /v1/AUTH_system HTTP/1.1
> > User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4libidn/1.23 librtmp/2.3
> > Host: 10.173.0.66:8080
> > Accept: */*
> > X-Auth-Token: AUTH_tkf85b7788c36143ac99e5a5b42d95d628
> >
> < HTTP/1.1 401 Unauthorized
> < Content-Length: 131
> < Content-Type: text/html; charset=UTF-8
> < Date: Fri, 07 Feb 2014 18:22:52 GMT
> <
> * Connection #0 to host 10.173.0.66 left intact
> * Closing connection #0
> * SSLv3, TLS alert, Client hello (1):
> <html><h1>Unauthorized</h1><p>This server could not verify that you are authorized to access the document you requ
> root at mo-ad1469a10:/home/c5201274# swift -A https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0 -U test:tester -K testing stat
> Auth GET failed: https://10.173.0.66:8080/auth/v1.0 401 Unauthorized
> root at mo-ad1469a10:/home/c5201274#
>
>
> Adam Lawson
> AQORN, Inc.
> 427 North Tatnall Street
> Ste. 58461
> Wilmington, Delaware 19801-2230
> Toll-free: (888) 406-7620
>
>
>
> On Thu, Feb 6, 2014 at 1:57 PM, Adam Lawson <alawson at aqorn.com> wrote:
> Hey OpenStack peeps!
>
> I'm trying to verify a Swift manual installation with 1x proxy and 5x storage nodes. I turned on all services with no errors (well, no errors I didn't fix anyway).
> My problem is with trying to create an account and heading it. Below is what I'm scripting as I go along.
>
> I executed Step1 successfully using system:root as the user. But when I executed Step2, I received a 401 Unauthorized reply.
> Undaunted I executed Step3 which produced nothing. I then tried running Step1 again as shown below with test:tester as the user (thinking it was because I don't actually run as root but I run commands via sudo) and now it always gives me 401 unauthorized replies.
>
> Is this an obvious problem with an easy remedy?
>
>
> # 1 Aqcuire X-Storage-Url and X-Auth-Token
> curl -k -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0
>
> # 2 Test HEAD account process
> # SAMPLE: curl -k -v -H 'X-Auth-Token: <token-from-x-auth-token-above>' <url-from-x-storage-url-above>
> curl -k -v -H 'X-Auth-Token: AUTH_tkf85b7788c36143ac99e5a5b42d95d628' https://$PROXY_LOCAL_NET_IP:8080/v1/AUTH_system
>
> # Test Swift is actually working
> swift -A https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0 -U system:testuser -K testpass stat
>
> Thoughts?
>
> Adam Lawson
> AQORN, Inc.
> 427 North Tatnall Street
> Ste. 58461
> Wilmington, Delaware 19801-2230
> Toll-free: (888) 406-7620
>
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20140207/91373357/attachment.pgp>
More information about the OpenStack-operators
mailing list