The URL <a href="http://192.168.20.7:5000/auth/v1.0">http://192.168.20.7:5000/auth/v1.0</a> is not one supported by keystone; does that command work if you use <span style="color:rgb(35,48,45);font-family:Monaco,'Courier New','DejaVu Sans Mono','Bitstream Vera Sans Mono',monospace;font-size:12px">http://<</span><span class="highlight" style="color:rgb(35,48,45);font-family:Monaco,'Courier New','DejaVu Sans Mono','Bitstream Vera Sans Mono',monospace;font-size:12px;background-color:rgb(197,211,195)">AUTH</span><span style="color:rgb(35,48,45);font-family:Monaco,'Courier New','DejaVu Sans Mono','Bitstream Vera Sans Mono',monospace;font-size:12px">_HOSTNAME>:5</span><span class="highlight" style="color:rgb(35,48,45);font-family:Monaco,'Courier New','DejaVu Sans Mono','Bitstream Vera Sans Mono',monospace;font-size:12px;background-color:rgb(197,211,195)">0</span><span class="highlight" style="color:rgb(35,48,45);font-family:Monaco,'Courier New','DejaVu Sans Mono','Bitstream Vera Sans Mono',monospace;font-size:12px;background-color:rgb(197,211,195)">0</span><span class="highlight" style="color:rgb(35,48,45);font-family:Monaco,'Courier New','DejaVu Sans Mono','Bitstream Vera Sans Mono',monospace;font-size:12px;background-color:rgb(197,211,195)">0</span><span style="color:rgb(35,48,45);font-family:Monaco,'Courier New','DejaVu Sans Mono','Bitstream Vera Sans Mono',monospace;font-size:12px">/v2.</span><span class="highlight" style="color:rgb(35,48,45);font-family:Monaco,'Courier New','DejaVu Sans Mono','Bitstream Vera Sans Mono',monospace;font-size:12px;background-color:rgb(197,211,195)">0</span> instead?<br>
<div><br></div><div>For anyone interested, direct link to the doc in question: <a href="http://docs.openstack.org/essex/openstack-compute/install/apt/content/verify-swift-installation.html">http://docs.openstack.org/essex/openstack-compute/install/apt/content/verify-swift-installation.html</a></div>
<div><br></div><div>-Dolph<br><br><div class="gmail_quote">On Sat, Jun 16, 2012 at 6:04 AM, udit agarwal <span dir="ltr"><<a href="mailto:fzdudit@gmail.com" target="_blank">fzdudit@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br> I am setting up openstack in my lab. I followed the manual <a href="http://docs.openstack.org/essex/openstack-compute/install/apt/content/" target="_blank">http://docs.openstack.org/essex/openstack-compute/install/apt/content/</a> for installing & configuring it. I have already setup keystone, glance and swift all well on my system. But I am having problems in setting up swift. The command "swift -V 2.0 -A <a href="http://192.168.20.7:5000/v2.0" target="_blank">http://192.168.20.7:5000/v2.0</a> -U openstackDemo:adminUser -K 1234qwer stat" worked fine. But when I executed the command "curl -k -v -H 'X-Storage-User: openstackDemo:adminUser' -H 'X-Storage-Pass: 1234qwer' <a href="http://192.168.20.7:5000/auth/v1.0" target="_blank">http://192.168.20.7:5000/auth/v1.0</a>", I got the following output:<br>
<br>* About to connect() to 192.168.20.7 port 5000 (#0)<br>* Trying 192.168.20.7...<br>* connected<br>* Connected to 192.168.20.7 (192.168.20.7) port 5000 (#0)<br>> GET /auth/v1.0 HTTP/1.1<br>> User-Agent: curl/7.22.0 (x86_64-unknown-linux-gnu) libcurl/7.25.0 OpenSSL/1.0.1c zlib/1.2.5 libidn/1.22 libssh2/1.4.0<br>
> Host: <a href="http://192.168.20.7:5000" target="_blank">192.168.20.7:5000</a><br>> Accept: */*<br>> X-Storage-User: openstackDemo:adminUser<br>> X-Storage-Pass: 1234qwer<br>> <br>< HTTP/1.1 404 Not Found<br>
< Content-Length: 154<br>
< Content-Type: text/html; charset=UTF-8<br>< Date: Sat, 16 Jun 2012 08:04:57 GMT<br>< <br><html><br> <head><br> <title>404 Not Found</title><br> </head><br> <body><br> <h1>404 Not Found</h1><br>
The resource could not be found.<br /><br /><br><br><br><br> </body><br>* Connection #0 to host 192.168.20.7 left intact<br>* Closing connection #0<br><br>My proxy-server.conf file is as follows:<br><br>
[DEFAULT]<br># bind_ip = 0.0.0.0<br>bind_port = 8888<br># backlog = 4096<br># swift_dir = /etc/swift<br>#workers = 8<br>user = swift<br>#cert_file = /etc/swift/cert.crt<br>#key_file = /etc/swift/cert.key<br># expiring_objects_container_divisor = 86400<br>
# You can specify default log routing here if you want:<br># log_name = swift<br># log_facility = LOG_LOCAL0<br># log_level = INFO<br><br>[pipeline:main]<br>pipeline = catch_errors healthcheck cache authtoken keystone proxy-server<br>
<br>[app:proxy-server]<br>use = egg:swift#proxy<br># You can override the default log routing for this app here:<br># set log_name = proxy-server<br># set log_facility = LOG_LOCAL0<br># set log_level = INFO<br># set access_log_name = proxy-server<br>
# set access_log_facility = LOG_LOCAL0<br># set access_log_level = INFO<br># set log_headers = False<br># recheck_account_existence = 60<br># recheck_container_existence = 60<br># object_chunk_size = 8192<br># client_chunk_size = 8192<br>
# node_timeout = 10<br># client_timeout = 60<br># conn_timeout = 0.5<br># How long without an error before a node's error count is reset. This will<br># also be how long before a node is reenabled after suppression is triggered.<br>
# error_suppression_interval = 60<br># How many errors can accumulate before a node is temporarily ignored.<br># error_suppression_limit = 10<br># If set to 'true' any authorized user may create and delete accounts; if<br>
# 'false' no one, even authorized, can.<br>#allow_account_management = true<br># Set object_post_as_copy = false to turn on fast posts where only the metadata<br># changes are stored anew and the original data file is kept in place. This<br>
# makes for quicker posts; but since the container metadata isn't updated in<br># this mode, features like container sync won't be able to sync posts.<br># object_post_as_copy = true<br># If set to 'true' authorized accounts that do not yet exist within the Swift<br>
# cluster will be automatically created.<br>account_autocreate = true<br># If set to a positive value, trying to create a container when the account<br># already has at least this maximum containers will result in a 403 Forbidden.<br>
# Note: This is a soft limit, meaning a user might exceed the cap for<br># recheck_account_existence before the 403s kick in.<br># max_containers_per_account = 0<br># This is a comma separated list of account hashes that ignore the<br>
# max_containers_per_account cap.<br># max_containers_whitelist =<br><br># [filter:tempauth]<br># use = egg:swift#tempauth<br># You can override the default log routing for this filter here:<br># set log_name = tempauth<br>
# set log_facility = LOG_LOCAL0<br># set log_level = INFO<br># set log_headers = False<br># The reseller prefix will verify a token begins with this prefix before even<br># attempting to validate it. Also, with authorization, only Swift storage<br>
# accounts with this prefix will be authorized by this middleware. Useful if<br># multiple auth systems are in use for one Swift cluster.<br># reseller_prefix = AUTH<br># The auth prefix will cause requests beginning with this prefix to be routed<br>
# to the auth subsystem, for granting tokens, etc.<br># auth_prefix = /auth/<br># token_life = 86400<br># This is a comma separated list of hosts allowed to send X-Container-Sync-Key<br># requests.<br># allowed_sync_hosts = 127.0.0.1<br>
# This allows middleware higher in the WSGI pipeline to override auth<br># processing, useful for middleware such as tempurl and formpost. If you know<br># you're not going to use such middleware and you want a bit of extra security,<br>
# you can set this to false.<br># allow_overrides = true<br># Lastly, you need to list all the accounts/users you want here. The format is:<br># user_<account>_<user> = <key> [group] [group] [...] [storage_url]<br>
# There are special groups of:<br># .reseller_admin = can do anything to any account for this auth<br># .admin = can do anything within the account<br># If neither of these groups are specified, the user can only access containers<br>
# that have been explicitly allowed for them by a .admin or .reseller_admin.<br># The trailing optional storage_url allows you to specify an alternate url to<br># hand back to the user upon authentication. If not specified, this defaults to<br>
# http[s]://<ip>:<port>/v1/<reseller_prefix>_<account> where http or https<br># depends on whether cert_file is specified in the [DEFAULT] section, <ip> and<br># <port> are based on the [DEFAULT] section's bind_ip and bind_port (falling<br>
# back to 127.0.0.1 and 8080), <reseller_prefix> is from this section, and<br># <account> is from the user_<account>_<user> name.<br># Here are example entries, required for running the tests:<br>
# user_admin_admin = admin .admin .reseller_admin <a href="https://192.168.20.7:8080/v1/AUTH_admin" target="_blank">https://192.168.20.7:8080/v1/AUTH_admin</a> <br>
# user_test_tester = testing .admin <a href="https://192.168.20.7:8080/v1/AUTH_test" target="_blank">https://192.168.20.7:8080/v1/AUTH_test</a><br># user_test2_tester2 = testing2 .admin<br># user_test_tester3 = testing3<br>
<br><br># [filter:swauth]<br>
#use = egg:swauth#swauth<br>#super_admin_key = 1234qwer<br>#default_swift_cluster = local#<a href="https://192.168.20.7:8080/v1" target="_blank">https://192.168.20.7:8080/v1</a><br><br>[filter:keystone]<br>paste.filter_factory = keystone.middleware.swift_auth:filter_factory<br>
operator_roles = admin, swiftoperator<br>#default_swift_cluster = local#<a href="http://192.168.20.7:5000/v1" target="_blank">http://192.168.20.7:5000/v1</a><br><br>[filter:authtoken]<br>paste.filter_factory = keystone.middleware.auth_token:filter_factory<br>
delay_auth_decision = 10<br>service_port = 5000<br>service_host = 127.0.0.1<br>auth_port = 35357<br>auth_host = 127.0.0.1<br>auth_token = ADMIN<br>admin_token = ADMIN<br>#default_swift_cluster = local#<a href="http://192.168.20.7:5000/v1" target="_blank">http://192.168.20.7:5000/v1</a><br>
auth_protocol = http<br><br>[filter:healthcheck]<br>use = egg:swift#healthcheck<br># You can override the default log routing for this filter here:<br># set log_name = healthcheck<br># set log_facility = LOG_LOCAL0<br># set log_level = INFO<br>
# set log_headers = False<br><br>[filter:cache]<br>use = egg:swift#memcache<br># You can override the default log routing for this filter here:<br>set log_name = cache<br># set log_facility = LOG_LOCAL0<br># set log_level = INFO<br>
# set log_headers = False<br># Default for memcache_servers is to try to read the property from<br># memcache.conf (see memcache.conf-sample) or lacking that file, it will<br># default to the value below. You can specify multiple servers separated with<br>
# commas, as in: <a href="http://10.1.2.3:11211" target="_blank">10.1.2.3:11211</a>,<a href="http://10.1.2.4:11211" target="_blank">10.1.2.4:11211</a><br>#memcache_servers = <a href="http://192.168.20.7:11211" target="_blank">192.168.20.7:11211</a><br>
<br># [filter:ratelimit]<br>
# use = egg:swift#ratelimit<br># You can override the default log routing for this filter here:<br># set log_name = ratelimit<br># set log_facility = LOG_LOCAL0<br># set log_level = INFO<br># set log_headers = False<br># clock_accuracy should represent how accurate the proxy servers' system clocks<br>
# are with each other. 1000 means that all the proxies' clock are accurate to<br># each other within 1 millisecond. No ratelimit should be higher than the<br># clock accuracy.<br># clock_accuracy = 1000<br># max_sleep_time_seconds = 60<br>
# log_sleep_time_seconds of 0 means disabled<br># log_sleep_time_seconds = 0<br># allows for slow rates (e.g. running up to 5 sec's behind) to catch up.<br># rate_buffer_seconds = 5<br># account_ratelimit of 0 means disabled<br>
# account_ratelimit = 0<br><br># these are comma separated lists of account names<br># account_whitelist = a,b<br># account_blacklist = c,d<br><br># with container_limit_x = r<br># for containers of size x limit requests per second to r. The container<br>
# rate will be linearly interpolated from the values given. With the values<br># below, a container of size 5 will get a rate of 75.<br># container_ratelimit_0 = 100<br># container_ratelimit_10 = 50<br># container_ratelimit_50 = 20<br>
<br># [filter:domain_remap]<br># use = egg:swift#domain_remap<br># You can override the default log routing for this filter here:<br># set log_name = domain_remap<br># set log_facility = LOG_LOCAL0<br># set log_level = INFO<br>
# set log_headers = False<br># storage_domain = <a href="http://example.com" target="_blank">example.com</a><br># path_root = v1<br># reseller_prefixes = AUTH<br><br>[filter:catch_errors]<br>use = egg:swift#catch_errors<br>
# You can override the default log routing for this filter here:<br>
# set log_name = catch_errors<br># set log_facility = LOG_LOCAL0<br># set log_level = INFO<br># set log_headers = False<br><br># [filter:cname_lookup]<br># Note: this middleware requires python-dnspython<br># use = egg:swift#cname_lookup<br>
# You can override the default log routing for this filter here:<br># set log_name = cname_lookup<br># set log_facility = LOG_LOCAL0<br># set log_level = INFO<br># set log_headers = False<br># storage_domain = <a href="http://example.com" target="_blank">example.com</a><br>
# lookup_depth = 1<br><br># Note: Put staticweb just after your auth filter(s) in the pipeline<br># [filter:staticweb]<br># use = egg:swift#staticweb<br># Seconds to cache container x-container-meta-web-* header values.<br>
# cache_timeout = 300<br># You can override the default log routing for this filter here:<br># set log_name = staticweb<br># set log_facility = LOG_LOCAL0<br># set log_level = INFO<br># set access_log_name = staticweb<br>
# set access_log_facility = LOG_LOCAL0<br># set access_log_level = INFO<br># set log_headers = False<br><br># Note: Put tempurl just before your auth filter(s) in the pipeline<br># [filter:tempurl]<br># use = egg:swift#tempurl<br>
#<br># The headers to remove from incoming requests. Simply a whitespace delimited<br># list of header names and names can optionally end with '*' to indicate a<br># prefix match. incoming_allow_headers is a list of exceptions to these<br>
# removals.<br># incoming_remove_headers = x-timestamp<br>#<br># The headers allowed as exceptions to incoming_remove_headers. Simply a<br># whitespace delimited list of header names and names can optionally end with<br>
# '*' to indicate a prefix match.<br>
# incoming_allow_headers =<br>#<br># The headers to remove from outgoing responses. Simply a whitespace delimited<br># list of header names and names can optionally end with '*' to indicate a<br># prefix match. outgoing_allow_headers is a list of exceptions to these<br>
# removals.<br># outgoing_remove_headers = x-object-meta-*<br>#<br># The headers allowed as exceptions to outgoing_remove_headers. Simply a<br># whitespace delimited list of header names and names can optionally end with<br>
# '*' to indicate a prefix match.<br># outgoing_allow_headers = x-object-meta-public-*<br><br># Note: Put formpost just before your auth filter(s) in the pipeline<br># [filter:formpost]<br># use = egg:swift#formpost<br>
<br># Note: Just needs to be placed before the proxy-server in the pipeline.<br># [filter:name_check]<br># use = egg:swift#name_check<br># forbidden_chars = '"`<><br># maximum_length = 255<br><br>Can anybody help me with this??<br>
Thanks in advance.<span class="HOEnZb"><font color="#888888"><br><br>--Udit Agarwal<br>
</font></span><br>_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
<br></blockquote></div><br></div>