<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Hello Team,<div><br></div><div>I am unable to login to Swift using the Keystone integration. Here is sample output when I try to get swift status:</div><div><br></div><div>vagrant@swift:~$ swift -A <a href="http://172.16.0.201:5000/v2.0">http://172.16.0.201:5000/v2.0</a> -U service:swift -K swift stat</div><div>Auth GET failed: <a href="http://172.16.0.201:5000/v2.0">http://172.16.0.201:5000/v2.0</a> 200 OK</div><div><br></div><div>I tried adding TempAuth entries to the Proxy config as well, but that is not working for me either. Please see my Proxy Config file contents below:</div><div><br></div><div>172.16.0.203 is my Swift Server</div><div>172.16.0.201 is my Controller Node, which runs Keystone</div><div><br></div><div><div>[DEFAULT]</div><div>bind_port = 443</div><div>cert_file = /etc/swift/cert.crt</div><div>key_file = /etc/swift/cert.key</div><div>user = swift</div><div>log_facility = LOG_LOCAL1</div><div><br></div><div>[pipeline:main] </div><div>pipeline = catch_errors healthcheck cache authtoken keystoneauth proxy-server </div><div><br></div><div>[app:proxy-server] </div><div>use = egg:swift#proxy </div><div>account_autocreate = true</div><div>allow_account_management = true</div><div><br></div><div>[filter:tempauth]</div><div>use = egg:swift#tempauth</div><div>user_admin_admin = admin .admin .rseller_admin</div><div><br></div><div>[filter:healthcheck]</div><div>use = egg:swift#healthcheck</div><div><br></div><div>[filter:cache]</div><div>use = egg:swift#memcache</div><div><br></div><div>[filter:keystone]</div><div>paste.filter_factory = keystoneclient.middleware.swift_auth:filter_factory</div><div>operator_roles = Member,admin</div><div><br></div><div>[filter:authtoken]</div><div>paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory</div><div>service_port = 5000</div><div>service_host = 172.16.0.201 </div><div>auth_port = 35357</div><div>auth_host = 172.16.0.201</div><div>auth_protocol = http</div><div>auth_token = ADMIN</div><div>admin_token = ADMIN</div><div>admin_tenant_name = service</div><div>admin_user = swift</div><div>admin_password = swift</div><div>cache = swift.cache</div><div><br></div><div>[filter:catch_errors] </div><div>use = egg:swift#catch_errors</div><div><br></div><div>[filter:swift3]</div><div>use = egg:swift#swift3</div><div><br></div><div>[filter:keystoneauth]</div><div>use = egg:swift#keystoneauth</div><div>operator_roles = admin, swiftoperator</div><div><br></div><div>[filter:swiftauth]</div><div>use = egg:keystone#swiftauth</div><div>keystone_url = <a href="http://172.16.0.201:5000/v2.0">http://172.16.0.201:5000/v2.0</a></div><div>keystone_admin_token = 999888777666</div><div>keystone_swift_operator_roles = Admin, SwiftOperator</div><div>keystone_tenant_user_admin = true</div><div><br></div><div>[filter:tokenauth]</div><div>paste.filter_factory = keystone.middleware.auth_token:filter_factory</div><div>auth_protocol = http</div><div>auth_host = 172.16.0.201</div><div>auth_port = 35357</div><div>auth_uri = <a href="http://172.16.0.201:5000/">http://172.16.0.201:5000/</a></div><div>admin_token = 999888777666</div><div>delay_auth_decision = 0</div><div>memecache_host = 172.16.0.203:11211</div></div><div><br></div><div>The keystone endpoint was successfully created:</div><div><div>+----------------------------------+-----------+------------------------------------------------+------------------------------------------------+-------------------------------------------+----------------------------------+</div><div>| id | region | publicurl | internalurl | adminurl | service_id |</div><div>+----------------------------------+-----------+------------------------------------------------+------------------------------------------------+-------------------------------------------+----------------------------------+</div><div>| 3bb430404e1f4da0a8f22fdfa8b906a2 | RegionOne | <a href="http://172.16.0.201:8773/services/Cloud">http://172.16.0.201:8773/services/Cloud</a> | <a href="http://172.16.0.201:8773/services/Cloud">http://172.16.0.201:8773/services/Cloud</a> | <a href="http://172.16.0.201:8773/services/Admin">http://172.16.0.201:8773/services/Admin</a> | fcfddafdc36b4708a3bfddd39cd5bd57 |</div><div>| 6cc1aedc3e154344922b34100a0a5c95 | RegionOne | <a href="https://172.16.0.203:443/v1/AUTH_$(tenant_id)s">https://172.16.0.203:443/v1/AUTH_$(tenant_id)s</a> | <a href="https://172.16.0.203:443/v1/AUTH_$(tenant_id)s">https://172.16.0.203:443/v1/AUTH_$(tenant_id)s</a> | <a href="https://172.16.0.203:443/v1">https://172.16.0.203:443/v1</a> | 0c342438b82a461f98494ef7f7d3abb7 |</div><div>| 78fda6ce75034e8b821aadaef72b3a8b | RegionOne | <a href="http://172.16.0.201:8776/v1/%(tenant_id)s">http://172.16.0.201:8776/v1/%(tenant_id)s</a> | <a href="http://172.16.0.201:8776/v1/%(tenant_id)s">http://172.16.0.201:8776/v1/%(tenant_id)s</a> | <a href="http://172.16.0.201:8776/v1/%(tenant_id)s">http://172.16.0.201:8776/v1/%(tenant_id)s</a> | 2410a1924e764513805b9d6f62639226 |</div><div>| 9bf69ed68d404a959521f1099e0aae5b | RegionOne | <a href="http://172.16.0.201:5000/v2.0">http://172.16.0.201:5000/v2.0</a> | <a href="http://172.16.0.201:5000/v2.0">http://172.16.0.201:5000/v2.0</a> | <a href="http://172.16.0.201:35357/v2.0">http://172.16.0.201:35357/v2.0</a> | 839a2b67a6f1450fa8666507e49476d3 |</div><div>| b4d2945af5d24e50aae51c935452f36d | RegionOne | <a href="http://172.16.0.201:9292/v1">http://172.16.0.201:9292/v1</a> | <a href="http://172.16.0.201:9292/v1">http://172.16.0.201:9292/v1</a> | <a href="http://172.16.0.201:9292/v1">http://172.16.0.201:9292/v1</a> | 3a172fa1190a40ddb8bedafdffc26e08 |</div><div>| e5e3664088be4295942bce38e611f420 | RegionOne | <a href="http://172.16.0.201:8774/v2/$(tenant_id)s">http://172.16.0.201:8774/v2/$(tenant_id)s</a> | <a href="http://172.16.0.201:8774/v2/$(tenant_id)s">http://172.16.0.201:8774/v2/$(tenant_id)s</a> | <a href="http://172.16.0.201:8774/v2/$(tenant_id)s">http://172.16.0.201:8774/v2/$(tenant_id)s</a> | d3b23588d58e4f7f9563a8e8af650128 |</div><div>+----------------------------------+-----------+------------------------------------------------+------------------------------------------------+-------------------------------------------+----------------------------------+</div></div><div><br></div><div>Also, the swift user is an admin in the service tenant:</div><div><div>vagrant@swift:~$ keystone tenant-list</div><div>+----------------------------------+----------+---------+</div><div>| id | name | enabled |</div><div>+----------------------------------+----------+---------+</div><div>| 9106c2e5f44840f39bac59be3c9d4e12 | cookbook | True |</div><div>| <b>b334b98cc9f241d59367e848e253e3cf </b>| service | True |</div><div>+----------------------------------+----------+---------+</div></div><div><br></div><div><br></div><div><div>vagrant@swift:~$ keystone user-role-list --user swift --tenant_id b334b98cc9f241d59367e848e253e3cf</div><div>+----------------------------------+----------+----------------------------------+----------------------------------+</div><div>| id | name | user_id | tenant_id |</div><div>+----------------------------------+----------+----------------------------------+----------------------------------+</div><div>| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | ac30c7cd0d234f7baa95d2cf9032d38b | <b>b334b98cc9f241d59367e848e253e3cf </b>|</div><div>| fb981f22fd5d4cf39a558e13eabbca91 | admin | ac30c7cd0d234f7baa95d2cf9032d38b | <b>b334b98cc9f241d59367e848e253e3cf </b>|</div><div>+----------------------------------+----------+----------------------------------+----------------------------------+</div></div><div><br></div><div>Any advice would be appreciated</div></body></html>