<div dir="ltr">To help with troubleshooting, here is what I've executed thus far on my proxy node...<div>Obvious problem/symptom = inability to verify a new Swift install from scratch due to 401 Unauthorized.<div><ul><li>
1x proxy node<br></li><li>5x storage nodes<br></li></ul></div><div><div>I'll continue working this but anyone have any thoughts? See email to -operators list for further history.</div>
<div><br></div><div>Thanks!</div><div>Adam</div><div><br></div><div><div>Below is a bash history/output of what is happening right now:</div><div style="font-family:arial,sans-serif;font-size:13px"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<font face="courier new, monospace" size="1">login as: c5201274<br></font><font face="courier new, monospace" size="1"><a href="mailto:c5201274@10.173.0.66" target="_blank">c5201274@10.173.0.66</a>'s password:<br></font><font face="courier new, monospace" size="1">Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.2.0-55-generic x86_64)</font><font face="courier new, monospace" size="1"><br>
</font><font face="courier new, monospace" size="1"> * Documentation: <a href="https://help.ubuntu.com/" target="_blank">https://help.ubuntu.com/</a><br></font><font face="courier new, monospace" size="1">Last login: Thu Feb 6 21:05:32 2014 from 10.7.106.110<br>
</font><font face="courier new, monospace" size="1"> Powered by Monsoon (Version 2.2.465) Platform: ubuntu 12.04<br></font><font face="courier new, monospace" size="1"> Hostname : mo-ad1469a10.mo.sap.corp Name : node0p<br>
</font><font face="courier new, monospace" size="1"> Organization : c5201274 Project : swift_poc<br></font><font face="courier new, monospace" size="1"> Url : <a href="https://monsoon.mo.sap.corp/instances/mo-ad1469a10" target="_blank">https://monsoon.mo.sap.corp/instances/mo-ad1469a10</a><br>
</font><font face="courier new, monospace" size="1">c5201274@mo-ad1469a10:~$ sudo su<br></font><font face="courier new, monospace" size="1">root@mo-ad1469a10:/home/c5201274# . credrc.sh<br></font><font face="courier new, monospace" size="1">root@mo-ad1469a10:/home/c5201274# swift-init proxy start<br>
</font><font face="courier new, monospace" size="1">proxy-server running (5502 - /etc/swift/proxy-server.conf)<br></font><font face="courier new, monospace" size="1">proxy-server already started...<br></font><font face="courier new, monospace" size="1">root@mo-ad1469a10:/home/c5201274# curl -k -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0<br>
</font><font face="courier new, monospace" size="1">* About to connect() to 10.173.0.66 port 8080 (#0)<br></font><font face="courier new, monospace" size="1">* Trying 10.173.0.66... connected<br></font><font face="courier new, monospace" size="1">* successfully set certificate verify locations:<br>
</font><font face="courier new, monospace" size="1">* CAfile: none<br></font><font face="courier new, monospace" size="1"> CApath: /etc/ssl/certs<br></font><font face="courier new, monospace" size="1">* SSLv3, TLS handshake, Client hello (1):<br>
</font><font face="courier new, monospace" size="1">* SSLv3, TLS handshake, Server hello (2):<br></font><font face="courier new, monospace" size="1">* SSLv3, TLS handshake, CERT (11):<br></font><font face="courier new, monospace" size="1">* SSLv3, TLS handshake, Server finished (14):<br>
</font><font face="courier new, monospace" size="1">* SSLv3, TLS handshake, Client key exchange (16):<br></font><font face="courier new, monospace" size="1">* SSLv3, TLS change cipher, Client hello (1):<br></font><font face="courier new, monospace" size="1">* SSLv3, TLS handshake, Finished (20):<br>
</font><font face="courier new, monospace" size="1">* SSLv3, TLS change cipher, Client hello (1):<br></font><font face="courier new, monospace" size="1">* SSLv3, TLS handshake, Finished (20):<br></font><font face="courier new, monospace" size="1">* SSL connection using AES256-SHA<br>
</font><font face="courier new, monospace" size="1">* Server certificate:<br></font><font face="courier new, monospace" size="1">* subject: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd<br></font><font face="courier new, monospace" size="1">* start date: 2014-01-29 00:34:55 GMT<br>
</font><font face="courier new, monospace" size="1">* expire date: 2014-02-28 00:34:55 GMT<br></font><font face="courier new, monospace" size="1">* SSL: unable to obtain common name from peer certificate<br></font><font face="courier new, monospace" size="1">> GET /auth/v1.0 HTTP/1.1<br>
</font><font face="courier new, monospace" size="1">> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/<a href="http://1.2.3.4/" target="_blank">1.2.3.4</a>libidn/1.23 librtmp/2.3<br></font><font face="courier new, monospace" size="1">> Host: <a href="http://10.173.0.66:8080/" target="_blank">10.173.0.66:8080</a><br>
</font><font face="courier new, monospace" size="1">> Accept: */*<br></font><font face="courier new, monospace" size="1">> X-Storage-User: test:tester<br></font><font face="courier new, monospace" size="1">> X-Storage-Pass: testing<br>
</font><font face="courier new, monospace" size="1">><br></font><font face="courier new, monospace" size="1">< HTTP/1.1 401 Unauthorized<br></font><font face="courier new, monospace" size="1">< Content-Length: 131<br>
</font><font face="courier new, monospace" size="1">< Content-Type: text/html; charset=UTF-8<br></font><font face="courier new, monospace" size="1">< Date: Fri, 07 Feb 2014 18:20:13 GMT<br></font><font face="courier new, monospace" size="1"><<br>
</font><font face="courier new, monospace" size="1">* Connection #0 to host 10.173.0.66 left intact<br></font><font face="courier new, monospace" size="1">* Closing connection #0<br></font><font face="courier new, monospace" size="1">* SSLv3, TLS alert, Client hello (1):<br>
</font><font face="courier new, monospace" size="1"><html><h1>Unauthorized</h1><p>This server could not verify that you are authorized to access the document you requested.</p></html>root@mo-ad1469a10:/home/c5201274#<br>
</font><font face="courier new, monospace" size="1">root@mo-ad1469a10:/home/c5201274# curl -k -v -H 'X-Auth-Token: AUTH_tkf85b7788c36143ac99e5a5b42d95d628' https://$PROXY_LOCAL_NET_IP:8080/v1/AUTH_system<br></font><font face="courier new, monospace" size="1">* About to connect() to 10.173.0.66 port 8080 (#0)<br>
</font><font face="courier new, monospace" size="1">* Trying 10.173.0.66... connected<br></font><font face="courier new, monospace" size="1">* successfully set certificate verify locations:<br></font><font face="courier new, monospace" size="1">* CAfile: none<br>
</font><font face="courier new, monospace" size="1"> CApath: /etc/ssl/certs<br></font><font face="courier new, monospace" size="1">* SSLv3, TLS handshake, Client hello (1):<br></font><font face="courier new, monospace" size="1">* SSLv3, TLS handshake, Server hello (2):<br>
</font><font face="courier new, monospace" size="1">* SSLv3, TLS handshake, CERT (11):<br></font><font face="courier new, monospace" size="1">* SSLv3, TLS handshake, Server finished (14):<br></font><font face="courier new, monospace" size="1">* SSLv3, TLS handshake, Client key exchange (16):<br>
</font><font face="courier new, monospace" size="1">* SSLv3, TLS change cipher, Client hello (1):<br></font><font face="courier new, monospace" size="1">* SSLv3, TLS handshake, Finished (20):<br></font><font face="courier new, monospace" size="1">* SSLv3, TLS change cipher, Client hello (1):<br>
</font><font face="courier new, monospace" size="1">* SSLv3, TLS handshake, Finished (20):<br></font><font face="courier new, monospace" size="1">* SSL connection using AES256-SHA<br></font><font face="courier new, monospace" size="1">* Server certificate:<br>
</font><font face="courier new, monospace" size="1">* subject: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd<br></font><font face="courier new, monospace" size="1">* start date: 2014-01-29 00:34:55 GMT<br>
</font><font face="courier new, monospace" size="1">* expire date: 2014-02-28 00:34:55 GMT<br></font><font face="courier new, monospace" size="1">* SSL: unable to obtain common name from peer certificate<br></font><font face="courier new, monospace" size="1">> GET /v1/AUTH_system HTTP/1.1<br>
</font><font face="courier new, monospace" size="1">> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/<a href="http://1.2.3.4/" target="_blank">1.2.3.4</a>libidn/1.23 librtmp/2.3<br></font><font face="courier new, monospace" size="1">> Host: <a href="http://10.173.0.66:8080/" target="_blank">10.173.0.66:8080</a><br>
</font><font face="courier new, monospace" size="1">> Accept: */*<br></font><font face="courier new, monospace" size="1">> X-Auth-Token: AUTH_tkf85b7788c36143ac99e5a5b42d95d628<br></font><font face="courier new, monospace" size="1">><br>
</font><font face="courier new, monospace" size="1">< HTTP/1.1 401 Unauthorized<br></font><font face="courier new, monospace" size="1">< Content-Length: 131<br></font><font face="courier new, monospace" size="1">< Content-Type: text/html; charset=UTF-8<br>
</font><font face="courier new, monospace" size="1">< Date: Fri, 07 Feb 2014 18:21:22 GMT<br></font><font face="courier new, monospace" size="1"><<br></font><font face="courier new, monospace" size="1">* Connection #0 to host 10.173.0.66 left intact<br>
</font><font face="courier new, monospace" size="1">* Closing connection #0<br></font><font face="courier new, monospace" size="1">* SSLv3, TLS alert, Client hello (1):<br></font><font face="courier new, monospace" size="1"><html><h1>Unauthorized</h1><p>This server could not verify that you are authorized to access the document you requested.</p></html>root@mo-ad1469a10:/home/c5201274# ^C<br>
</font><font face="courier new, monospace" size="1">root@mo-ad1469a10:/home/c5201274# ^C<br></font><font face="courier new, monospace" size="1">root@mo-ad1469a10:/home/c5201274# curl -k -v -H 'X-Auth-Token: AUTH_tkf85b7788c36143ac99e5a5b42d95d628' https://$PROXY_LOCAL_NET_IP:8080/v1/AUTH_system<br>
</font><font face="courier new, monospace" size="1">* About to connect() to 10.173.0.66 port 8080 (#0)<br></font><font face="courier new, monospace" size="1">* Trying 10.173.0.66... connected<br></font><font face="courier new, monospace" size="1">* successfully set certificate verify locations:<br>
</font><font face="courier new, monospace" size="1">* CAfile: none<br></font><font face="courier new, monospace" size="1"> CApath: /etc/ssl/certs<br></font><font face="courier new, monospace" size="1">* SSLv3, TLS handshake, Client hello (1):<br>
</font><font face="courier new, monospace" size="1">* SSLv3, TLS handshake, Server hello (2):<br></font><font face="courier new, monospace" size="1">* SSLv3, TLS handshake, CERT (11):<br></font><font face="courier new, monospace" size="1">* SSLv3, TLS handshake, Server finished (14):<br>
</font><font face="courier new, monospace" size="1">* SSLv3, TLS handshake, Client key exchange (16):<br></font><font face="courier new, monospace" size="1">* SSLv3, TLS change cipher, Client hello (1):<br></font><font face="courier new, monospace" size="1">* SSLv3, TLS handshake, Finished (20):<br>
</font><font face="courier new, monospace" size="1">* SSLv3, TLS change cipher, Client hello (1):<br></font><font face="courier new, monospace" size="1">* SSLv3, TLS handshake, Finished (20):<br></font><font face="courier new, monospace" size="1">* SSL connection using AES256-SHA<br>
</font><font face="courier new, monospace" size="1">* Server certificate:<br></font><font face="courier new, monospace" size="1">* subject: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd<br></font><font face="courier new, monospace" size="1">* start date: 2014-01-29 00:34:55 GMT<br>
</font><font face="courier new, monospace" size="1">* expire date: 2014-02-28 00:34:55 GMT<br></font><font face="courier new, monospace" size="1">* SSL: unable to obtain common name from peer certificate<br></font><font face="courier new, monospace" size="1">> GET /v1/AUTH_system HTTP/1.1<br>
</font><font face="courier new, monospace" size="1">> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/<a href="http://1.2.3.4/" target="_blank">1.2.3.4</a>libidn/1.23 librtmp/2.3<br></font><font face="courier new, monospace" size="1">> Host: <a href="http://10.173.0.66:8080/" target="_blank">10.173.0.66:8080</a><br>
</font><font face="courier new, monospace" size="1">> Accept: */*<br></font><font face="courier new, monospace" size="1">> X-Auth-Token: AUTH_tkf85b7788c36143ac99e5a5b42d95d628<br></font><font face="courier new, monospace" size="1">><br>
</font><font face="courier new, monospace" size="1">< HTTP/1.1 401 Unauthorized<br></font><font face="courier new, monospace" size="1">< Content-Length: 131<br></font><font face="courier new, monospace" size="1">< Content-Type: text/html; charset=UTF-8<br>
</font><font face="courier new, monospace" size="1">< Date: Fri, 07 Feb 2014 18:22:52 GMT<br></font><font face="courier new, monospace" size="1"><<br></font><font face="courier new, monospace" size="1">* Connection #0 to host 10.173.0.66 left intact<br>
</font><font face="courier new, monospace" size="1">* Closing connection #0<br></font><font face="courier new, monospace" size="1">* SSLv3, TLS alert, Client hello (1):<br></font><font face="courier new, monospace" size="1"><html><h1>Unauthorized</h1><p>This server could not verify that you are authorized to access the document you requ<br>
</font><font face="courier new, monospace" size="1">root@mo-ad1469a10:/home/c5201274# swift -A https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0 -U test:tester -K testing stat<br></font><font face="courier new, monospace" size="1">Auth GET failed: <a href="https://10.173.0.66:8080/auth/v1.0" target="_blank">https://10.173.0.66:8080/auth/v1.0</a> 401 Unauthorized<br>
</font><font face="courier new, monospace" size="1">root@mo-ad1469a10:/home/c5201274#</font></blockquote></div></div></div></div></div><div class="gmail_extra"><br clear="all"><div><div dir="ltr"><div><font><div style="font-family:arial;font-size:small">
<b><i><br>Adam Lawson</i></b></div><div><font><font color="#666666" size="1"><div style="font-family:arial;font-size:small">AQORN, Inc.</div><div style="font-family:arial;font-size:small">427 North Tatnall Street</div><div style="font-family:arial;font-size:small">
Ste. 58461</div><div style="font-family:arial;font-size:small">Wilmington, Delaware 19801-2230</div><div style="font-family:arial;font-size:small">Toll-free: (888) 406-7620</div></font></font></div></font></div><div style="font-family:arial;font-size:small">
<img src="http://www.aqorn.com/images/logo.png" width="96" height="39"><br></div></div></div>
<br><br><div class="gmail_quote">On Thu, Feb 6, 2014 at 1:57 PM, Adam Lawson <span dir="ltr"><<a href="mailto:alawson@aqorn.com" target="_blank">alawson@aqorn.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hey OpenStack peeps!<div><br></div><div>I'm trying to verify a Swift manual installation with 1x proxy and 5x storage nodes. I turned on all services with no errors (well, no errors I didn't fix anyway).</div>
<div>My problem is with trying to create an account and heading it. Below is what I'm scripting as I go along.</div><div><br></div><div>I executed Step1 successfully using system:root as the user. But when I executed Step2, I received a 401 Unauthorized reply.</div>
<div>Undaunted I executed Step3 which produced nothing. I then tried running Step1 again as shown below with test:tester as the user (thinking it was because I don't actually run as root but I run commands via sudo) and now it always gives me 401 unauthorized replies.</div>
<div><br></div><div>Is this an obvious problem with an easy remedy?</div><div><br></div><div><br></div><div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
# 1 Aqcuire X-Storage-Url and X-Auth-Token<br><font face="courier new, monospace" size="1">curl -k -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0</font></blockquote>
<div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"># 2 Test HEAD account process<br># SAMPLE: curl -k -v -H 'X-Auth-Token: <token-from-x-auth-token-above>' <url-from-x-storage-url-above><br>
<font face="courier new, monospace" size="1">curl -k -v -H 'X-Auth-Token: AUTH_tkf85b7788c36143ac99e5a5b42d95d628' https://$PROXY_LOCAL_NET_IP:8080/v1/AUTH_system</font></blockquote><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
# Test Swift is actually working<br><font face="courier new, monospace" size="1">swift -A https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0 -U system:testuser -K testpass stat</font></blockquote><div><br></div><div><div dir="ltr">
<div><font><div style="font-family:arial;font-size:small">Thoughts?</div><span class="HOEnZb"><font color="#888888"><div style="font-family:arial;font-size:small"><b><i><br>Adam Lawson</i></b></div><div><font><font color="#666666" size="1"><div style="font-family:arial;font-size:small">
AQORN, Inc.</div><div style="font-family:arial;font-size:small">427 North Tatnall Street</div><div style="font-family:arial;font-size:small">Ste. 58461</div><div style="font-family:arial;font-size:small">Wilmington, Delaware 19801-2230</div>
<div style="font-family:arial;font-size:small">Toll-free: <a href="tel:%28888%29%20406-7620" value="+18884067620" target="_blank">(888) 406-7620</a></div></font></font></div></font></span></font></div><span class="HOEnZb"><font color="#888888"><div style="font-family:arial;font-size:small">
<img src="http://www.aqorn.com/images/logo.png" width="96" height="39"><br>
</div></font></span></div></div>
</div></div>
</blockquote></div><br></div>