<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<title></title>
</head>
<body text="#000000" bgcolor="#ffffff">
Hi Alberto,<br>
<br>
Sorry for the delay reply here. After checking your configs I see a
few things that don't add up. <br>
<br>
As Recap you have this setup ( please let me know if I'm incorrect)
<br>
-----------------<br>
|proxy/auth | = (ip: 192.168.8.106)
<br>
-----------------<br>
|<br>
|---------| storage1| (192.168.8.104)
<br>
|<br>
|----------|storage2| (192.168.8.103)
<br>
<br>
<br>
So, on this type of setup, the first thing I noticed is that for the
storage node configuration files you have the "bind_ip" pointing to
the proxy ip which is not correct. The bind_ip should be either
0.0.0.0 (all ips) or an ip of the box that you want the service
bound to. <br>
<br>
Also, on this type of setup (since you only have 2 storagenodes),
you would need 2 of each service running on each storage node. For
example:<br>
<br>
<b>storage1:</b><br>
/etc/swift/object-server/1-object-server.conf (bind_port = 6000)<br>
/etc/swift/container-server/1-container-server.conf (bind_port =
6001)<br>
/etc/swift/account-server/1-account-server.conf (bind_port = 6002)<br>
/etc/swift/object-server/2-object-server.conf (bind_port = 6010)<br>
/etc/swift/container-server/2-container-server.conf (bind_port =
6011)<br>
/etc/swift/account-server/2-account-server.conf (bind_port = 6012)<br>
<br>
<b>
storage2:</b><br>
/etc/swift/object-server/1-object-server.conf (bind_port = 6020)<br>
/etc/swift/container-server/1-container-server.conf (bind_port =
6021)<br>
/etc/swift/account-server/1-account-server.conf (bind_port = 6022)<br>
/etc/swift/object-server/2-object-server.conf (bind_port = 6030)<br>
/etc/swift/container-server/2-container-server.conf (bind_port =
6031)<br>
/etc/swift/account-server/2-account-server.conf (bind_port = 6032)<br>
<br>
In regards to your ring, each storage node service should be using
its own unique device/partition, so below is an example for storage1
server for just the object ring.<br>
<br>
-- swift-ring-builder object.builder <br>
Devices: id zone ip address port name weight
partitions balance meta<br>
0 1 192.168.8.103 6000 sda1 1.00
196608 0.00 <br>
1 2 192.168.8.103 6010 sda2 1.00
196608 0.00 <br>
2 3 192.168.8.104 6020 sda1 1.00
196608 0.00 <br>
3 4 192.168.8.104 6030 sda2 1.00
196608 0.00 <br>
<br>
<br>
I hope the above helps to give you some insight. I would also
recommend not setting up SSL at first. Get things working and then
you can add SSL to it. Avoid unnecessary troubleshooting when
possible. <br>
<br>
Also, when you get a change I would suggest looking over the wiki
docs for SAIO setups and multi node ones if you haven't do so yet.
I also have some howtos at <a class="moz-txt-link-abbreviated" href="http://www.zeroaccess.org">www.zeroaccess.org</a> that shows some swift
setups. I also have a SAIO script (<a
href="https://github.com/btorch/swift-saio.sh">https://github.com/btorch/swift-saio.sh</a>)
that you could install on a VM that will get you up and running with
swift 1.3 version and then you could look over the script code and
break down the steps that are performed.<br>
<br>
-<br>
<span class="Apple-style-span" style="border-collapse: separate;
color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: 2; text-indent: 0px; text-transform:
none; white-space: normal; widows: 2; word-spacing: 0px;
font-size: medium;">
<div style="word-wrap: break-word;"><span class="Apple-style-span"
style="border-collapse: separate; color: rgb(0, 0, 0);
font-family: Helvetica; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: 2; text-indent: 0px;
text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; font-size: medium;">
<div style="word-wrap: break-word;">
<div>Marcelo Martins</div>
<div>Openstack-swift</div>
<div><a href="mailto:btorch-os@zeroaccess.org">btorch-os@zeroaccess.org</a></div>
<div><a href="https://github.com/btorch">https://github.com/btorch</a></div>
<br>
<div><br>
</div>
</div>
</span></div>
</span><br>
On 05/06/2011 04:59 AM, e.testingcloud wrote:
<blockquote
cite="mid:8EE61BA0CAEDBD4E9DA928D1206463D2A184D0EED0@EXCLU2K7.hi.inet"
type="cite">
<pre wrap="">Hi Marcelo.
I will configure the swauth to replace auth, I will say you when change the auth server.
In this moment the configuration of my environtment is:
* Proxy and auth machine node. This node is not a storage node (ip: 192.168.8.106).
- Proxy-server.conf
[DEFAULT]
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key
bind_port = 8080
workers = 8
user = swift
[pipeline:main]
pipeline = healthcheck cache auth proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
[filter:auth]
use = egg:swift#auth
ssl = true
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:cache]
use = egg:swift#memcache
memcache_servers = 127.0.0.1:11211
- auth-server.conf
[DEFAULT]
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key
user = swift
[pipeline:main]
pipeline = auth-server
[app:auth-server]
use = egg:swift#auth
default_cluster_url = <a class="moz-txt-link-freetext" href="https://127.0.0.1:8080/v1">https://127.0.0.1:8080/v1</a>
# Highly recommended to change this key to something else!
super_admin_key = beto
- swift.conf
[swift-hash]
# random unique string that can never change (DO NOT LOSE)
swift_hash_path_suffix = beto
* Node storage (192.168.8.104)
- account-server.conf
[DEFAULT]
bind_ip = 192.168.8.106
workers = 2
[pipeline:main]
pipeline = account-server
[app:account-server]
use = egg:swift#account
[account-replicator]
[account-auditor]
[account-reaper]
- container-server.conf
[DEFAULT]
bind_ip = 192.168.8.106
workers = 2
[pipeline:main]
pipeline = container-server
[app:container-server]
use = egg:swift#container
[container-replicator]
[container-updater]
[container-auditor]
- object-server.conf
bind_ip = 192.168.8.106
workers = 2
[pipeline:main]
pipeline = object-server
[app:object-server]
use = egg:swift#object
[object-replicator]
[object-updater]
[object-auditor]
* Node storage (192.168.8.103)
- account-server.conf
[DEFAULT]
bind_ip = 192.168.8.106
workers = 2
[pipeline:main]
pipeline = account-server
[app:account-server]
use = egg:swift#account
[account-replicator]
[account-auditor]
[account-reaper]
- container-server.conf
[DEFAULT]
bind_ip = 192.168.8.106
workers = 2
[pipeline:main]
pipeline = container-server
[app:container-server]
use = egg:swift#container
[container-replicator]
[container-updater]
[container-auditor]
- object-server.conf
bind_ip = 192.168.8.106
workers = 2
[pipeline:main]
pipeline = object-server
[app:object-server]
use = egg:swift#object
[object-replicator]
[object-updater]
[object-auditor]
The creation of the account, container and object rings was with this script:
#!/bin/bash
cd /etc/swift
swift-ring-builder account.builder create 18 3 1
swift-ring-builder container.builder create 18 3 1
swift-ring-builder object.builder create 18 3 1
export ZONE=1 # set the zone number for that storage device
export STORAGE_LOCAL_NET_IP=192.168.8.103 # and the IP address
export WEIGHT=100 # relative weight (higher for bigger/faster disks)
export DEVICE=sdb1
swift-ring-builder account.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6002/$DEVICE $WEIGHT
swift-ring-builder container.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6001/$DEVICE $WEIGHT
swift-ring-builder object.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6000/$DEVICE $WEIGHT
export ZONE=2 # set the zone number for that storage device
export STORAGE_LOCAL_NET_IP=192.168.8.103 # and the IP address
export WEIGHT=100 # relative weight (higher for bigger/faster disks)
export DEVICE=sdb1
swift-ring-builder account.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6012/$DEVICE $WEIGHT
swift-ring-builder container.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6011/$DEVICE $WEIGHT
swift-ring-builder object.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6010/$DEVICE $WEIGHT
export ZONE=3 # set the zone number for that storage device
export STORAGE_LOCAL_NET_IP=192.168.8.103 # and the IP address
export WEIGHT=100 # relative weight (higher for bigger/faster disks)
export DEVICE=sdb1
swift-ring-builder account.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6022/$DEVICE $WEIGHT
swift-ring-builder container.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6021/$DEVICE $WEIGHT
swift-ring-builder object.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6020/$DEVICE $WEIGHT
Thanks in advance.
________________________________________
De: Marcelo Martins [<a class="moz-txt-link-abbreviated" href="mailto:btorch-os@zeroaccess.org">btorch-os@zeroaccess.org</a>]
Enviado el: jueves, 05 de mayo de 2011 16:48
Para: e.testingcloud
CC: <a class="moz-txt-link-abbreviated" href="mailto:openstack-operators@lists.openstack.org">openstack-operators@lists.openstack.org</a>
Asunto: Re: [Openstack-operators] Problem with swift-auth-add-usercommand in the Auth-Server
Hi Alberto,
Could you provide some more information about your setup.
- How does your object/account/container rings look like ?
- Can you provide an output of your auth-server.conf ?
Both auth-server and proxy server run on this Openstack1 node I assume from the log below
- Are you sure that your proxy node can indeed connect to the account server ?
Any reason you are using version 1.2 (I assume you are using 1.2 since the old auth-server, devAuth, has been deprecated in favor of swauth)
Marcelo Martins
Openstack-swift
<a class="moz-txt-link-abbreviated" href="mailto:btorch-os@zeroaccess.org">btorch-os@zeroaccess.org</a><a class="moz-txt-link-rfc2396E" href="mailto:btorch-os@zeroaccess.org"><mailto:btorch-os@zeroaccess.org></a>
<a class="moz-txt-link-freetext" href="https://github.com/btorch">https://github.com/btorch</a>
“Knowledge is the wings on which our aspirations take flight and soar. When it comes to surfing and life if you know what to do you can do it. If you desire anything become educated about it and succeed. “
On May 5, 2011, at 9:02 AM, e.testingcloud wrote:
Hi,
we have a problem with the Auth-server, in the next lines we describe the situation:
We have two storage node in two differentes servers (OS: Ubuntu 10.04.2 Server) and the Auth server in other machine (OS: Ubuntu 10.04.2 Server)
We configure the proxy node, the auth server node and the storage node without problem, but when we execute the following command to authorize an user, we receive the atach ERROR.
sudo swift-auth-add-user -K beto -a system root testpass
The error is in the /var/log/syslog file:
May 5 15:38:15 OpenStack1 auth-server validate_token('AUTH_tk03201438d45f49c2905454406efdb347', _, _) = (86399.978063821793, '.super_admin', '.single_use', '.reseller_admin') [0.01]
May 5 15:38:15 OpenStack1 auth-server 127.0.0.1 - - [05/May/2011:13:38:15 +0000] "GET /token/AUTH_tk03201438d45f49c2905454406efdb347 HTTP/1.0" 204 - "-" "-" - - - - - - - - - "-" "127.0.0.1" "-" 0.0077
May 5 15:38:15 OpenStack1 proxy-server ERROR with Account server 192.168.8.106:6002/sdb1 re: Trying to PUT to /v1/AUTH_e15d5a524bf44a469f876c6f3be2955c: Connection refused (txn: tx420de390-d209-4f0b-816a-f0062e2087cc)
May 5 15:38:15 OpenStack1 proxy-server ERROR with Account server 192.168.8.106:6012/sdb1 re: Trying to PUT to /v1/AUTH_e15d5a524bf44a469f876c6f3be2955c: Connection refused (txn: tx420de390-d209-4f0b-816a-f0062e2087cc)
May 5 15:38:15 OpenStack1 proxy-server ERROR with Account server 192.168.8.106:6022/sdb1 re: Trying to PUT to /v1/AUTH_e15d5a524bf44a469f876c6f3be2955c: Connection refused (txn: tx420de390-d209-4f0b-816a-f0062e2087cc)
May 5 15:38:15 OpenStack1 proxy-server Account PUT returning 503 for [503, 503, 503] (txn: tx420de390-d209-4f0b-816a-f0062e2087cc)
May 5 15:38:15 OpenStack1 auth-server ERROR attempting to create account <a class="moz-txt-link-freetext" href="https://127.0.0.1:8080/v1/AUTH_e15d5a524bf44a469f876c6f3be2955c:">https://127.0.0.1:8080/v1/AUTH_e15d5a524bf44a469f876c6f3be2955c:</a> 503 Internal Server Error
May 5 15:38:15 OpenStack1 auth-server FAILED create_user('system', 'root', _, True, False) [0.04]
May 5 15:38:15 OpenStack1 auth-server 127.0.0.1 - - [05/May/2011:13:38:15 +0000] "PUT /account/system/root HTTP/1.0" 503 - "-" "-" - - - - - - - - - "-" "127.0.0.1" "-" 0.0377
May 5 15:38:15 OpenStack1 proxy-server - 127.0.0.1 05/May/2011/13/38/15 PUT /v1/AUTH_e15d5a524bf44a469f876c6f3be2955c HTTP/1.0 503 - - .super_admin%3A.single_use%2CAUTH_tk03201438d45f49c2905454406efdb347 - - - tx420de390-d209-4f0b-816a-f0062e2087cc - 0.0053
Any idea about the problem ?
Thanks in advance,
Regards,
Alberto.
________________________________
Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo.
This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at.
<a class="moz-txt-link-freetext" href="http://www.tid.es/ES/PAGINAS/disclaimer.aspx">http://www.tid.es/ES/PAGINAS/disclaimer.aspx</a>
_______________________________________________
Openstack-operators mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openstack-operators@lists.openstack.org">Openstack-operators@lists.openstack.org</a><a class="moz-txt-link-rfc2396E" href="mailto:Openstack-operators@lists.openstack.org"><mailto:Openstack-operators@lists.openstack.org></a>
<a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a>
Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo.
This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at.
<a class="moz-txt-link-freetext" href="http://www.tid.es/ES/PAGINAS/disclaimer.aspx">http://www.tid.es/ES/PAGINAS/disclaimer.aspx</a>
</pre>
</blockquote>
<br>
</body>
</html>