[Openstack] grizzly swift keystone, http to 8080/8888 wont work
Simon Pasquier
simon.pasquier at bull.net
Tue Apr 16 10:41:22 UTC 2013
Hi,
I'm not sure to understand exactly your issue but since your setup
includes ceilometer, I can just give you a hint for the ceilometer/swift
integration.
You have to create a 'ResellerAdmin' role and assign that role to your
ceilometer user. Alternatively you can define the 'reseller_admin_role'
parameter (default value=ResellerAdmin) in the [filter:authtoken]
section of /etc/swift/proxy-server.conf.
Cheers,
Simon
Le 16/04/2013 12:04, Axel Christiansen a écrit :
> Dear List,
>
>
> i got stuck with a setup of openstack grizzly. This setup consists of:
>
> - swift proxy 1.0.8.1
> - swift storage nodes 1.0.8.1
> - keystone
> - ceilometer
>
>
> I kept browsing the web and reading openstack docs for days now and
> can't just get it working right. Because of openstacks diversity a
> wasn't able to find something really similar to my situation.
>
>
> The thing is, i changed swift-proxy from using swauth to keystone.
> Keystone and swift-proxy do interact all right as fare as i can say.
> What i can't get working is that simple webpage which gave the ability
> to log in as superuser, adding new user and so on. It is that webpart
> that connects to the proxy on port 8080, respectively port 8888.
>
>
> Thx o lot for taking a look into this.
> Axel
>
>
>
>
> Theses are the browser urls i try:
>
> (delay_auth_decision = 1)
> http://the.swift.proxy:8888/auth/
> bad url
> Apr 16 11:49:31 ns-proxy01 swift-proxy Calling Swift3 Middleware (txn:
> txcfde073b9ffe4f379da392056e2176de)
> Apr 16 11:49:31 ns-proxy01 swift-proxy {'headers': {'Accept-Language':
> 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip,
> deflate', 'Host': 'backend', 'Accept':
> 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
> 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0)
> Gecko/20100101 Firefox/20.0', 'Connection': 'close', 'Content-Type':
> None}, 'environ': {'SCRIPT_NAME': '', 'REQUEST_METHOD': 'GET',
> 'PATH_INFO': '/auth/', 'SERVER_PROTOCOL': 'HTTP/1.0', 'HTTP_USER_AGENT':
> 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101
> Firefox/20.0', 'HTTP_CONNECTION': 'close', 'eventlet.posthooks': [],
> 'SERVER_NAME': '10.42.44.101', 'REMOTE_ADDR': '10.42.44.5',
> 'eventlet.input': <eventlet.wsgi.Input object at 0x1d93f10>,
> 'wsgi.url_scheme': 'http', 'SERVER_PORT': '8888', 'wsgi.input':
> <swift.common.utils.InputProxy object at 0x2691050>, 'HTTP_HOST':
> 'backend', 'swift.cache': <swift.common.memcached.MemcacheRing object at
> 0x268a750>, 'wsgi.multithread': True, 'HTTP_ACCEPT':
> 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
> 'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once':
> False, 'wsgi.errors': <swift.common.utils.LoggerFileObject object at
> 0x1656190>, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE':
> 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'swift.trans_id':
> 'txcfde073b9ffe4f379da392056e2176de', 'CONTENT_TYPE': None,
> 'HTTP_ACCEPT_ENCODING': 'gzip, deflate'}}
> Apr 16 11:49:31 ns-proxy01 swift-proxy Authorizing as anonymous (txn:
> txcfde073b9ffe4f379da392056e2176de)
> Apr 16 11:49:31 ns-proxy01 swift-proxy 10.42.44.5 10.42.44.5
> 16/Apr/2013/09/49/31 GET /auth/ HTTP/1.0 412 -
> Mozilla/5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010.8%3B%20rv%3A20.0%29%20Gecko/20100101%20Firefox/20.0
> - - 7 - txcfde073b9ffe4f379da392056e2176de - 0.0003 -
>
>
> (delay_auth_decision = 0)
> http://the.swift.proxy:8888/auth/
> 401 Unauthorized
> Apr 16 11:56:35 ns-proxy01 swift-proxy Calling Swift3 Middleware (txn:
> tx508b08866bbc410399543d98cafa2856)
> Apr 16 11:56:35 ns-proxy01 swift-proxy {'headers': {'Accept-Language':
> 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip,
> deflate', 'Host': 'backend', 'Accept':
> 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
> 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0)
> Gecko/20100101 Firefox/20.0', 'Connection': 'close', 'Cache-Control':
> 'max-age=0', 'Content-Type': None}, 'environ': {'SCRIPT_NAME': '',
> 'REQUEST_METHOD': 'GET', 'PATH_INFO': '/auth/', 'SERVER_PROTOCOL':
> 'HTTP/1.0', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10.8; rv:20.0) Gecko/20100101 Firefox/20.0', 'HTTP_CONNECTION': 'close',
> 'eventlet.posthooks': [], 'SERVER_NAME': '10.42.44.101', 'REMOTE_ADDR':
> '10.42.44.5', 'eventlet.input': <eventlet.wsgi.Input object at
> 0x1fa41d0>, 'wsgi.url_scheme': 'http', 'SERVER_PORT': '8888',
> 'wsgi.input': <swift.common.utils.InputProxy object at 0x1fa40d0>,
> 'HTTP_HOST': 'backend', 'swift.cache':
> <swift.common.memcached.MemcacheRing object at 0x288e750>,
> 'wsgi.multithread': True, 'HTTP_CACHE_CONTROL': 'max-age=0',
> 'HTTP_ACCEPT':
> 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
> 'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once':
> False, 'wsgi.errors': <swift.common.utils.LoggerFileObject object at
> 0x185e190>, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE':
> 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'swift.trans_id':
> 'tx508b08866bbc410399543d98cafa2856', 'CONTENT_TYPE': None,
> 'HTTP_ACCEPT_ENCODING': 'gzip, deflate'}}
>
>
>
>
>
>
> export OS_SERVICE_TOKEN=XXX
> export OS_SERVICE_ENDPOINT=http://10.42.44.101:35357/v2.0
>
>
> root at ns-proxy01:/etc/swift# swift -V 2.0 -A
> http://10.42.44.101:5000/v2.0 -U admin -K XXX stat
> Account: AUTH_c2dc53651a73430db9e0551fca4200de
> Containers: 4354
> Objects: 2622
> Bytes: 114207
> Accept-Ranges: bytes
> X-Timestamp: 1365601461.87732
> X-Trans-Id: txa6273bb374d5468da6e4b6ad48929762
> Content-Type: text/plain; charset=utf-8
>
>
>
>
>
> root at ns-proxy01:/etc/swift# keystone --debug user-list
> REQ: curl -i http://10.42.44.101:35357/v2.0/users -X GET -H "User-Agent:
> python-keystoneclient" -H "X-Auth-Token: 6IHBKKwfVnHZf5ifGiQaRQL5u3hdYtPe"
> RESP: [200] {'date': 'Tue, 16 Apr 2013 09:39:37 GMT', 'content-type':
> 'application/json', 'content-length': '860', 'vary': 'X-Auth-Token'}
> RESP BODY: {"users": [{"name": "glance", "id":
> "03c928bae5ad4a9f90be425c1ff554dd", "tenantId":
> "054ca85bca2e44c29cf4730e1450517f", "enabled": true, "email": null},
> {"name": "nova", "id": "140239db8d0244fca7545b76b60ffacd", "tenantId":
> "054ca85bca2e44c29cf4730e1450517f", "enabled": true, "email": null},
> {"name": "swift", "id": "3bad84eee3b4432b915b469e1cfef628", "tenantId":
> "054ca85bca2e44c29cf4730e1450517f", "enabled": true, "email": null},
> {"name": "ec2", "id": "5f3a39c203b249d4ba003bba7fdca300", "tenantId":
> "054ca85bca2e44c29cf4730e1450517f", "enabled": true, "email": null},
> {"name": "admin", "id": "9d7d6509ffee4a82ad52fe5555e8733c", "tenantId":
> "c2dc53651a73430db9e0551fca4200de", "enabled": true, "email": null},
> {"name": "ceilometer", "id": "cde44fe9c6d446da99ea370b88ec7d63",
> "tenantId": "054ca85bca2e44c29cf4730e1450517f", "enabled": true,
> "email": null}]}
>
> +----------------------------------+------------+---------+-------+
> | id | name | enabled | email |
> +----------------------------------+------------+---------+-------+
> | 9d7d6509ffee4a82ad52fe5555e8733c | admin | True | |
> | cde44fe9c6d446da99ea370b88ec7d63 | ceilometer | True | |
> | 5f3a39c203b249d4ba003bba7fdca300 | ec2 | True | |
> | 03c928bae5ad4a9f90be425c1ff554dd | glance | True | |
> | 140239db8d0244fca7545b76b60ffacd | nova | True | |
> | 3bad84eee3b4432b915b469e1cfef628 | swift | True | |
> +----------------------------------+------------+---------+-------+
>
>
>
>
>
>
>
> root at ns-proxy01:/etc/swift# curl -k -v -H 'X-Storage-User: admin' -H
> 'X-Storage-Pass: XXX' -X 'POST' http://10.42.44.101:35357/v2.0/auth
> * About to connect() to 10.42.44.101 port 35357 (#0)
> * Trying 10.42.44.101... connected
>> POST /v2.0/auth HTTP/1.1
>> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0
> OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
>> Host: 10.42.44.101:35357
>> Accept: */*
>> X-Storage-User: admin
>> X-Storage-Pass: XXX
>>
> < HTTP/1.1 404 Not Found
> < Vary: X-Auth-Token
> < Content-Type: application/json
> < Content-Length: 93
> < Date: Tue, 16 Apr 2013 09:41:36 GMT
> <
> * Connection #0 to host 10.42.44.101 left intact
> * Closing connection #0
> {"error": {"message": "The resource could not be found.", "code": 404,
> "title": "Not Found"}}
>
>
>
>
>
>
>
>
>
> #############################################################
> swift-proxy.conf
>
> [DEFAULT]
> bind_port = 8888
> workers = 8
> user = swift
> log_name = swift-proxy
> log_facility = LOG_LOCAL0
> log_level = DEBUG
>
> [pipeline:main]
> pipeline = ceilometer catch_errors healthcheck cache tempurl swift3
> authtoken keystoneauth proxy-logging proxy-server
> [app:proxy-server]
>
> use = egg:swift#proxy
> allow_account_management = true
> account_autocreate = true
>
> [filter:swift3]
> use = egg:swift3#swift3
>
> [filter:authtoken]
> paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
> delay_auth_decision = 1
> service_port = 5000
> service_host = 127.0.0.1
> auth_protocol = http
> auth_host = 127.0.0.1
> auth_port = 35357
> auth_uri = http://127.0.0.1:5000/
> #auth_token = xxxxxxxxxxxxxxxxxxxx
> #admin_tenant_name = service
> #admin_user = swift
> #admin_password = xxxxxxxxxxxxxxxxxxxx
> admin_token = xxxxxxxxxxxxxxxxxxxx
> cache = swift.cache
> signing_dir = /tmp/keystone-signing-swift
>
> [filter:keystoneauth]
> use = egg:swift#keystoneauth
> operator_roles = admin, swiftoperator
> #default_swift_cluster =
> netstorage#https://netstorage-ham1-de.internet4you.com:444/v1#http://127.0.0.1:8888/v1
> allow_account_management = true
> allow_overrides = true
>
> [filter:healthcheck]
> use = egg:swift#healthcheck
>
> [filter:ceilometer]
> use = egg:ceilometer#swift
>
> [filter:cache]
> use = egg:swift#memcache
> memcache_servers = 10.42.44.101:11211,10.42.44.102:11211
>
> [filter:tempurl]
> use = egg:swift#tempurl
>
> [filter:catch_errors]
> use = egg:swift#catch_errors
>
> [filter:proxy-logging]
> use = egg:swift#proxy_logging
> #############################################################
>
>
>
>
>
> #############################################################
> keystone.conf
> [DEFAULT]
> admin_token = 6IHBKKwfVnHZf5ifGiQaRQL5u3hdYtPe
> bind_host = 0.0.0.0
> public_port = 5000
> admin_port = 35357
> compute_port = 8774
> debug = True
> verbose = True
> log_file = keystone.log
> log_dir = /var/log/keystone
> use_syslog = False
>
> [sql]
> connection = mysql://keystone:xxxxxxxxxxxxxxxx@123.123.123.123/keystone
> idle_timeout = 200
> min_pool_size = 5
> max_pool_size = 10
> pool_timeout = 200
>
> [identity]
> driver = keystone.identity.backends.sql.Identity
>
> [trust]
> [catalog]
> driver = keystone.catalog.backends.sql.Catalog
> [token]
> driver = keystone.token.backends.sql.Token
> expiration = 86400
> [policy]
> driver = keystone.policy.backends.sql.Policy
> [ec2]
> driver = keystone.contrib.ec2.backends.kvs.Ec2
> [ssl]
> [signing]
> token_format = UUID
> [ldap]
> [auth]
> methods = password,token
> password = keystone.auth.plugins.password.Password
> token = keystone.auth.plugins.token.Token
> [filter:debug]
> paste.filter_factory = keystone.common.wsgi:Debug.factory
> [filter:token_auth]
> paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
> [filter:admin_token_auth]
> paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
> [filter:xml_body]
> paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
> [filter:json_body]
> paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
> [filter:user_crud_extension]
> paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
> [filter:crud_extension]
> paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
> [filter:ec2_extension]
> paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
> [filter:s3_extension]
> paste.filter_factory = keystone.contrib.s3:S3Extension.factory
> [filter:url_normalize]
> paste.filter_factory = keystone.middleware:NormalizingFilter.factory
> [filter:sizelimit]
> paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory
> [filter:stats_monitoring]
> paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
> [filter:stats_reporting]
> paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
> [filter:access_log]
> paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory
> [app:public_service]
> paste.app_factory = keystone.service:public_app_factory
> [app:service_v3]
> paste.app_factory = keystone.service:v3_app_factory
> [app:admin_service]
> paste.app_factory = keystone.service:admin_app_factory
> [pipeline:public_api]
> pipeline = access_log sizelimit stats_monitoring url_normalize
> token_auth admin_token_auth xml_body json_body debug ec2_extension
> user_crud_extension public_service
> [pipeline:admin_api]
> pipeline = access_log sizelimit stats_monitoring url_normalize
> token_auth admin_token_auth xml_body json_body debug stats_reporting
> ec2_extension s3_extension crud_extension admin_service
> [pipeline:api_v3]
> pipeline = access_log sizelimit stats_monitoring url_normalize
> token_auth admin_token_auth xml_body json_body debug stats_reporting
> ec2_extension s3_extension service_v3
> [app:public_version_service]
> paste.app_factory = keystone.service:public_version_app_factory
> [app:admin_version_service]
> paste.app_factory = keystone.service:admin_version_app_factory
> [pipeline:public_version_api]
> pipeline = access_log sizelimit stats_monitoring url_normalize xml_body
> public_version_service
> [pipeline:admin_version_api]
> pipeline = access_log sizelimit stats_monitoring url_normalize xml_body
> admin_version_service
> [composite:main]
> use = egg:Paste#urlmap
> /v2.0 = public_api
> / = public_version_api
> [composite:admin]
> use = egg:Paste#urlmap
> /v2.0 = admin_api
> / = admin_version_api
> #############################################################
>
>
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
--
Simon Pasquier
Software Engineer
Bull, Architect of an Open World
Phone: + 33 4 76 29 71 49
http://www.bull.com
More information about the Openstack
mailing list