[Openstack-operators] failed to run the auth-server deamon for SAIO setup
shashidhar v
shashidhar.velagandula at gmail.com
Tue Apr 5 10:32:24 UTC 2011
Hi Gholt,
I tried to set the container based read and write acl to share the container
with non admin user , but it is giving error as access denied
[shashi at shashi samples]$ curl -v -H 'X-Storage-User: test:tester' -H
'X-Storage-Pass: testing' http://192.168.62.63:8080/auth/v1.0* About to
connect() to 192.168.62.63 port 8080
* Trying 192.168.62.63... connected
* Connected to 192.168.62.63 (192.168.62.63) port 8080
> GET /auth/v1.0 HTTP/1.1
> User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5
OpenSSL/0.9.7a zlib/1.2.3 libidn/0.6.14
> Host: 192.168.62.63:8080
> Accept: */*
> X-Storage-User: test:tester
> X-Storage-Pass: testing
>
< HTTP/1.1 200 OK
< X-Storage-Url:
http://127.0.0.1:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a
< X-Storage-Token: AUTH_tk64b46c28eda84a839b7ba10cc54f3525
< X-Auth-Token: AUTH_tk64b46c28eda84a839b7ba10cc54f3525
< Content-Length: 112
< Date: Tue, 05 Apr 2011 10:18:31 GMT
Connection #0 to host 192.168.62.63 left intact
* Closing connection #0
{"storage": {"default": "local", "local": "
http://127.0.0.1:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a
"}}[shashi at shashi samples]$
[shashi at shashi samples]$ curl -X HEAD -D - -H 'X-Auth-Token:
AUTH_tk64b46c28eda84a839b7ba10cc54f3525'
http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a
HTTP/1.1 204 No Content
X-Account-Object-Count: 0
X-Account-Bytes-Used: 0
X-Account-Container-Count: 1
Content-Length: 0
Date: Tue, 05 Apr 2011 10:20:19 GMT
[shashi at shashi samples]$
[shashi at shashi samples]$ curl -X HEAD -D - -H 'X-Auth-Token:
AUTH_tk64b46c28eda84a839b7ba10cc54f3525'
http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1
HTTP/1.1 204 No Content
X-Container-Object-Count: 1
X-Container-Bytes-Used: 29
Content-Length: 0
Date: Tue, 05 Apr 2011 10:20:40 GMT
[shashi at shashi samples]$
Initially I have created a container named as "container1" using the admin
user "test:tester" and then trying to set read and write acl for the
container1 to share it with non-admin user ..........
[shashi at shashi samples]$ curl -v -H 'X-Auth-Token:
AUTH_tk64b46c28eda84a839b7ba10cc54f3525' -H 'X-Container-Read: test:tester3'
-H 'X-Container-Write: test:tester3'
http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1
* About to connect() to 192.168.62.63 port 8080
* Trying 192.168.62.63... connected
* Connected to 192.168.62.63 (192.168.62.63) port 8080
> GET /v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1 HTTP/1.1
> User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5
OpenSSL/0.9.7a zlib/1.2.3 libidn/0.6.14
> Host: 192.168.62.63:8080
> Accept: */*
> X-Auth-Token: AUTH_tk64b46c28eda84a839b7ba10cc54f3525
> X-Container-Read: test:tester3
> X-Container-Write: test:tester3
>
< HTTP/1.1 200 OK
< X-Container-Object-Count: 1
< X-Container-Bytes-Used: 29
< Content-Length: 10
< Content-Type: text/plain; charset=utf8
< Date: Tue, 05 Apr 2011 10:11:01 GMT
testfile1
* Connection #0 to host 192.168.62.63 left intact
* Closing connection #0
[shashi at shashi samples]$
[shashi at shashi samples]$ curl -v -H 'X-Storage-User: test:tester3' -H
'X-Storage-Pass: testing3' http://192.168.62.63:8080/auth/v1.0* About to
connect() to 192.168.62.63 port 8080
* Trying 192.168.62.63... connected
* Connected to 192.168.62.63 (192.168.62.63) port 8080
> GET /auth/v1.0 HTTP/1.1
> User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5
OpenSSL/0.9.7a zlib/1.2.3 libidn/0.6.14
> Host: 192.168.62.63:8080
> Accept: */*
> X-Storage-User: test:tester3
> X-Storage-Pass: testing3
>
< HTTP/1.1 200 OK
< X-Storage-Url:
http://127.0.0.1:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a
< X-Storage-Token: AUTH_tk124a8a19ad7e49c5a04710716fd4f126
< X-Auth-Token: AUTH_tk124a8a19ad7e49c5a04710716fd4f126
< Content-Length: 112
< Date: Tue, 05 Apr 2011 10:11:16 GMT
Connection #0 to host 192.168.62.63 left intact
* Closing connection #0
{"storage": {"default": "local", "local": "
http://127.0.0.1:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a
"}}[shashi at shashi samples]$
[shashi at shashi samples]$ curl -s -D - -H 'X-Auth-Token:
AUTH_tk124a8a19ad7e49c5a04710716fd4f126'
http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1/testfile1
HTTP/1.1 403 Forbidden
Content-Length: 157
Content-Type: text/html; charset=UTF-8
Date: Tue, 05 Apr 2011 10:11:42 GMT
<html>
<head>
<title>403 Forbidden</title>
</head>
<body>
<h1>403 Forbidden</h1>
Access was denied to this resource.<br /><br />
</body>
</html>[shashi at shashi samples]$
[shashi at shashi samples]$
Thanks & Regards,
shashi
On Fri, Apr 1, 2011 at 6:32 PM, Greg Holt <gholt at rackspace.com> wrote:
> On Apr 1, 2011, at 1:35 AM, shashidhar v wrote:
>
> > In the above script, the third user is tester3 (non admin) which is not
> allowed to create containers ? Then what's the role of non-admin users
> created under swift , what operations they can perform ?
> >
> > Swift supports ACL or not and the containers/objects created by a admin
> user can be shared with non-admin user for atleast downloading the objects ?
>
> Non-admin users can only perform operations per container based on the
> container’s X-Container-Read and X-Container-Write ACLs. With an admin
> account you could create a container for that non-admin user and set
> X-Container-Read: test:tester3 and X-Container-Write: test:tester3.
>
> These may explain more:
>
> http://swift.openstack.org/overview_auth.html
> http://swift.openstack.org/misc.html#module-swift.common.middleware.acl
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20110405/9182f04e/attachment-0002.html>
More information about the Openstack-operators
mailing list