[Openstack] swfit / keystone auth

andi abes andi.abes at gmail.com
Tue Dec 13 16:27:28 UTC 2011 

I'm getting really funny ( :( ) results trying to get swift to work w/
keystone.

A few questions (about keystone 2012.1)
a) does the  swift middleware work with v1.0 or 2.0 auth?
b) are folks using swift-keystone2 or the middleware bundled with keystone
(auth_token + swift_auth).
c) when trying to use auth_token and swift_auth, I see the keystone log
below trying to stat an account. This request fails with unauthorized. What
is a bit weird are the last 2 get operations - one returning 200 and the
other 401 for the same token
( 889783596547 - is the admin token.  c38c23cd-4280-4f32-9c1e-eca483a55c47
is the user's token that I get when authenticating with curl directly).

This was triggered with:
 swift -A http://192.168.124.82:5000/v2.0/ -V 2.0 -U openstack:user -K
password stat


Any thoughts will be highly appreciated.



sqlalchemy.engine.base.Engine.0x...30d0: INFO     ('889783596547',)
sqlalchemy.engine.base.Engine.0x...30d0: INFO     SELECT users.id AS
users_id, users.name AS users_name, users.password AS users_password,
users.email AS users_email, users.enabled AS users_enabled, users.tenant_id
AS users_tenant_id
FROM users
WHERE users.id = %s
 LIMIT 0, 1
sqlalchemy.engine.base.Engine.0x...30d0: INFO     (1L,)
sqlalchemy.engine.base.Engine.0x...30d0: INFO     SELECT tenants.id AS
tenants_id, tenants.name AS tenants_name, tenants.`desc` AS tenants_desc,
tenants.enabled AS tenants_enabled
FROM tenants
WHERE tenants.id = %s
 LIMIT 0, 1
sqlalchemy.engine.base.Engine.0x...30d0: INFO     (1L,)
sqlalchemy.engine.base.Engine.0x...30d0: INFO     SELECT tenants.id AS
tenants_id, tenants.name AS tenants_name, tenants.`desc` AS tenants_desc,
tenants.enabled AS tenants_enabled
FROM tenants
WHERE tenants.id = %s
 LIMIT 0, 1
sqlalchemy.engine.base.Engine.0x...30d0: INFO     (1L,)
sqlalchemy.engine.base.Engine.0x...30d0: INFO     SELECT roles.id AS
roles_id, roles.name AS roles_name, roles.`desc` AS roles_desc,
roles.service_id AS roles_service_id
FROM roles
WHERE roles.name = %s
 LIMIT 0, 1
sqlalchemy.engine.base.Engine.0x...30d0: INFO     ('KeystoneServiceAdmin',)
keystone.logic.service: WARNING  No service admin role is defined.
sqlalchemy.engine.base.Engine.0x...30d0: INFO     SELECT user_roles.id AS
user_roles_id, user_roles.user_id AS user_roles_user_id, user_roles.role_id
AS user_roles_role_id, user_roles.tenant_id AS user_roles_tenant_id
FROM user_roles
WHERE user_roles.user_id = %s AND tenant_id is null
sqlalchemy.engine.base.Engine.0x...30d0: INFO     (1L,)
sqlalchemy.engine.base.Engine.0x...30d0: INFO     SELECT token.id AS
token_id, token.user_id AS token_user_id, token.tenant_id AS
token_tenant_id, token.expires AS token_expires
FROM token
WHERE token.id = %s
 LIMIT 0, 1
sqlalchemy.engine.base.Engine.0x...30d0: INFO
(u'c38c23cd-4280-4f32-9c1e-eca483a55c47',)
sqlalchemy.engine.base.Engine.0x...30d0: INFO     SELECT users.id AS
users_id, users.name AS users_name, users.password AS users_password,
users.email AS users_email, users.enabled AS users_enabled, users.tenant_id
AS users_tenant_id
FROM users
WHERE users.id = %s
 LIMIT 0, 1
sqlalchemy.engine.base.Engine.0x...30d0: INFO     (3L,)
sqlalchemy.engine.base.Engine.0x...30d0: INFO     SELECT user_roles.id AS
user_roles_id, user_roles.user_id AS user_roles_user_id, user_roles.role_id
AS user_roles_role_id, user_roles.tenant_id AS user_roles_tenant_id
FROM user_roles
WHERE user_roles.user_id = %s AND tenant_id is null
sqlalchemy.engine.base.Engine.0x...30d0: INFO     (3L,)
eventlet.wsgi.server: DEBUG    192.168.124.83 - - [13/Dec/2011 09:07:51]
"GET /v2.0/tokens/c38c23cd-4280-4f32-9c1e-eca483a55c47 HTTP/1.1" 200 286
0.019196
sqlalchemy.engine.base.Engine.0x...30d0: INFO     SELECT token.id AS
token_id, token.user_id AS token_user_id, token.tenant_id AS
token_tenant_id, token.expires AS token_expires
FROM token
WHERE token.id = %s
 LIMIT 0, 1
sqlalchemy.engine.base.Engine.0x...30d0: INFO     ('None',)
eventlet.wsgi.server: DEBUG    192.168.124.83 - - [13/Dec/2011 09:07:51]
"GET /v2.0/tokens/c38c23cd-4280-4f32-9c1e-eca483a55c47 HTTP/1.1" 401 213
0.003294
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20111213/2ff3dff1/attachment.html>

More information about the Openstack mailing list