Open Stack

Hi Gholt ,

1) Container based ACL  was working fine ,,

[shashi at shashi samples]$  curl -X GET -D - -H
'X-Auth-Token:AUTH_tk124a8a19ad7e49c5a04710716fd4f126'
http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1
HTTP/1.1 200 OK
X-Container-Object-Count: 1
X-Container-Read: test:tester3
X-Container-Bytes-Used: 29
Content-Length: 10
Content-Type: text/plain; charset=utf8
Date: Tue, 05 Apr 2011 12:57:49 GMT

testfile1
[shashi at shashi samples]$



2) How to create new accounts/users using the  admin "reseller" which was
created using the script "recreateaccounts" of SAIO


swift at test3:~/swift/trunk$ swauth-prep -K reseller
Auth subsystem prep failed: 403 Forbidden
swift at test3:~/swift/trunk$

swift at test3:~/swift/trunk$ swauth-add-user -U reseller:reseller -K reseller
-A http://192.168.62.63:8080/auth/v1.0 reseller user1 user1Account creation
failed: 400 Bad Request
User creation failed: 400 Bad Request

swift at test3:~/swift/trunk$ swauth-add-user -U reseller:reseller -K reseller
-A http://192.168.62.63:8080/v1/AUTH_a62419e4-7841-49d1-950f-521443c8a75dreseller
user1 password1
Account creation failed: 401 Unauthorized
User creation failed: 401 Unauthorized
swift at test3:~/swift/trunk$


3) Is it possible  to enforce the storage limit for a non admin account/user
in swift , if so how to set that storage limit for a user ? How to
distribute the  available storage among different users ?


Thanks & Regards,
shashi

On Tue, Apr 5, 2011 at 6:06 PM, Greg Holt <gholt at rackspace.com> wrote:

> You have to use the PUT or POST command when trying to set the headers on a
> container. Try adding -X POST to that curl command:
>
> curl -v *-X POST* -H 'X-Auth-Token:
> AUTH_tk64b46c28eda84a839b7ba10cc54f3525' -H 'X-Container-Read: test:tester3'
> -H 'X-Container-Write: test:tester3'
> http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1
>
> If you GET or the HEAD the container afterwards, you should see the two
> headers returned to you with the appropriate values.
>
> On Apr 5, 2011, at 5:32 AM, shashidhar v wrote:
>
> Hi Gholt,
>
> I tried to set the container based read and write acl to share the
> container with non admin user , but it is giving error as access denied
>
> [shashi at shashi samples]$  curl -v -H 'X-Storage-User: test:tester' -H
> 'X-Storage-Pass: testing' http://192.168.62.63:8080/auth/v1.0* About to
> connect() to 192.168.62.63 port 8080
> *   Trying 192.168.62.63... connected
> * Connected to 192.168.62.63 (192.168.62.63) port 8080
> > GET /auth/v1.0 HTTP/1.1
> > User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5
> OpenSSL/0.9.7a zlib/1.2.3 libidn/0.6.14
> > Host: 192.168.62.63:8080
> > Accept: */*
> > X-Storage-User: test:tester
> > X-Storage-Pass: testing
> >
> < HTTP/1.1 200 OK
> < X-Storage-Url:
> http://127.0.0.1:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a
> < X-Storage-Token: AUTH_tk64b46c28eda84a839b7ba10cc54f3525
> < X-Auth-Token: AUTH_tk64b46c28eda84a839b7ba10cc54f3525
> < Content-Length: 112
> < Date: Tue, 05 Apr 2011 10:18:31 GMT
> Connection #0 to host 192.168.62.63 left intact
> * Closing connection #0
> {"storage": {"default": "local", "local": "
> http://127.0.0.1:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a
> "}}[shashi at shashi samples]$
>
>
> [shashi at shashi samples]$  curl -X HEAD -D - -H 'X-Auth-Token:
> AUTH_tk64b46c28eda84a839b7ba10cc54f3525'
> http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a
> HTTP/1.1 204 No Content
> X-Account-Object-Count: 0
> X-Account-Bytes-Used: 0
> X-Account-Container-Count: 1
> Content-Length: 0
> Date: Tue, 05 Apr 2011 10:20:19 GMT
>
> [shashi at shashi samples]$
> [shashi at shashi samples]$  curl -X HEAD -D - -H 'X-Auth-Token:
> AUTH_tk64b46c28eda84a839b7ba10cc54f3525'
> http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1
> HTTP/1.1 204 No Content
> X-Container-Object-Count: 1
> X-Container-Bytes-Used: 29
> Content-Length: 0
> Date: Tue, 05 Apr 2011 10:20:40 GMT
>
> [shashi at shashi samples]$
>
>
>
> Initially I have created a container named as "container1" using the admin
> user "test:tester" and then trying to set read and write acl for the
> container1 to share it with non-admin user ..........
>
>
>
> [shashi at shashi samples]$  curl -v -H 'X-Auth-Token:
> AUTH_tk64b46c28eda84a839b7ba10cc54f3525' -H 'X-Container-Read: test:tester3'
> -H 'X-Container-Write: test:tester3'
> http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1
> * About to connect() to 192.168.62.63 port 8080
> *   Trying 192.168.62.63... connected
> * Connected to 192.168.62.63 (192.168.62.63) port 8080
> > GET /v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1 HTTP/1.1
> > User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5
> OpenSSL/0.9.7a zlib/1.2.3 libidn/0.6.14
> > Host: 192.168.62.63:8080
> > Accept: */*
> > X-Auth-Token: AUTH_tk64b46c28eda84a839b7ba10cc54f3525
> > X-Container-Read: test:tester3
> > X-Container-Write: test:tester3
> >
> < HTTP/1.1 200 OK
> < X-Container-Object-Count: 1
> < X-Container-Bytes-Used: 29
> < Content-Length: 10
> < Content-Type: text/plain; charset=utf8
> < Date: Tue, 05 Apr 2011 10:11:01 GMT
> testfile1
> * Connection #0 to host 192.168.62.63 left intact
> * Closing connection #0
> [shashi at shashi samples]$
>
> [shashi at shashi samples]$  curl -v -H 'X-Storage-User: test:tester3' -H
> 'X-Storage-Pass: testing3' http://192.168.62.63:8080/auth/v1.0* About to
> connect() to 192.168.62.63 port 8080
> *   Trying 192.168.62.63... connected
> * Connected to 192.168.62.63 (192.168.62.63) port 8080
> > GET /auth/v1.0 HTTP/1.1
> > User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5
> OpenSSL/0.9.7a zlib/1.2.3 libidn/0.6.14
> > Host: 192.168.62.63:8080
> > Accept: */*
> > X-Storage-User: test:tester3
> > X-Storage-Pass: testing3
> >
> < HTTP/1.1 200 OK
> < X-Storage-Url:
> http://127.0.0.1:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a
> < X-Storage-Token: AUTH_tk124a8a19ad7e49c5a04710716fd4f126
> < X-Auth-Token: AUTH_tk124a8a19ad7e49c5a04710716fd4f126
> < Content-Length: 112
> < Date: Tue, 05 Apr 2011 10:11:16 GMT
> Connection #0 to host 192.168.62.63 left intact
> * Closing connection #0
> {"storage": {"default": "local", "local": "
> http://127.0.0.1:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a
> "}}[shashi at shashi samples]$
>
> [shashi at shashi samples]$  curl  -s -D - -H 'X-Auth-Token:
> AUTH_tk124a8a19ad7e49c5a04710716fd4f126'
> http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1/testfile1
> HTTP/1.1 403 Forbidden
> Content-Length: 157
> Content-Type: text/html; charset=UTF-8
> Date: Tue, 05 Apr 2011 10:11:42 GMT
>
> <html>
>  <head>
>   <title>403 Forbidden</title>
>  </head>
>  <body>
>   <h1>403 Forbidden</h1>
>   Access was denied to this resource.<br /><br />
>
>
>
>  </body>
> </html>[shashi at shashi samples]$
> [shashi at shashi samples]$
>
> Thanks & Regards,
> shashi
>
>
>
>
>
> On Fri, Apr 1, 2011 at 6:32 PM, Greg Holt <gholt at rackspace.com> wrote:
>
>> On Apr 1, 2011, at 1:35 AM, shashidhar v wrote:
>>
>> > In the above script,  the third user is tester3 (non admin) which is not
>> allowed to create containers ? Then what's the role of non-admin users
>> created under swift , what operations they can perform ?
>> >
>> > Swift supports ACL or not and  the containers/objects created by a admin
>> user can be shared with non-admin user for atleast downloading the objects ?
>>
>> Non-admin users can only perform operations per container based on the
>> container’s X-Container-Read and X-Container-Write ACLs. With an admin
>> account you could create a container for that non-admin user and set
>> X-Container-Read: test:tester3 and X-Container-Write: test:tester3.
>>
>> These may explain more:
>>
>> http://swift.openstack.org/overview_auth.html
>> http://swift.openstack.org/misc.html#module-swift.common.middleware.acl
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20110405/ae592ae6/attachment-0002.html>