[Openstack-operators] swauth 1.0.3 user create and access problem?

Judd Maltin openstack at newgoliath.com
Mon Dec 5 20:09:21 UTC 2011 

oops.. pasted too much with the x-storage-url, but still access denied.

On Mon, Dec 5, 2011 at 3:06 PM, Judd Maltin <openstack at newgoliath.com>wrote:

> No curl love either.
>
> Might have to remove the .auth database by hand or somehting??
>
> root at proxy01-c01:/etc/swift# curl  -i -H 'X-Auth-User: test1:tester1' -H
> 'X-Storage-Pass: testing1' http://127.0.0.1:8080/auth/v1.0
> HTTP/1.1 200 OK
> X-Storage-Url:
> http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74
> X-Storage-Token: AUTH_tkb44d649b7e2f4c8d9a4653a60de3f980
> X-Auth-Token: AUTH_tkb44d649b7e2f4c8d9a4653a60de3f980
> X-Trans-Id: tx9a8f99333ac44e0885b0b4c0ddb67c30
> Content-Length: 112
> Date: Mon, 05 Dec 2011 20:05:09 GMT
>
> {"storage": {"default": "local", "local": "
> http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74
> "}}root at proxy01-c01:/etc/swift#
>
> root at proxy01-c01:/etc/swift# curl -i -H 'X-Auth-Token:
> AUTH_tkb44d649b7e2f4c8d9a4653a60de3f980' X-Storage-Url:
> http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74/
> curl: (6) Couldn't resolve host 'X-Storage-Url:'
> HTTP/1.1 403 Forbidden
> Content-Length: 157
> Content-Type: text/html; charset=UTF-8
> X-Trans-Id: tx8d228af637ca40818a4fb4cae5e20e0e
> Date: Mon, 05 Dec 2011 20:05:35 GMT
>
> <html>
>  <head>
>   <title>403 Forbidden</title>
>  </head>
>  <body>
>   <h1>403 Forbidden</h1>
>   Access was denied to this resource.<br /><br />
>
>
>
>  </body>
>
>
>
>
> On Mon, Dec 5, 2011 at 2:26 PM, Jeff Kramer <jeffkramer at gmail.com> wrote:
>
>> Maybe drop the single quotes around the password?  Have you tried with
>> curl?  Something like this (ripped out of some docs I've got):
>>
>> We can also test this with curl, from this machine or another machine
>> (replace 127.0.0.1 with the servers IP address as appropriate):
>>
>> [code]
>> curl -v -H 'X-Storage-User: testaccount:testuser' -H 'X-Storage-Pass:
>> testpassword' http://127.0.0.1:8080/auth/v1.0
>> [/code]
>>
>> This should return an auth token like this:
>>
>> X-Auth-Token: AUTH_tk6c0e4a8829084a899d5742dd18a6b274
>>
>> And a URL like this:
>>
>> X-Storage-Url:
>> http://127.0.0.1:8080/v1/AUTH_18c08955-6ea1-41c8-b899-9d8b26063a87
>>
>> Which you can use to talk to storage:
>>
>> [code]
>> curl -v -H 'X-Auth-Token: AUTH_tk6c0e4a8829084a899d5742dd18a6b274'
>> http://127.0.0.1:8080/v1/AUTH_18c08955-6ea1-41c8-b899-9d8b26063a87
>> [/code]
>>
>> Which should show you something like this:
>>
>> [code]
>> < HTTP/1.1 204 No Content
>> < X-Account-Object-Count: 0
>> < X-Account-Bytes-Used: 0
>> < X-Account-Container-Count: 0
>> < Accept-Ranges: bytes
>> < Content-Length: 0
>> [/code]
>>
>>
>> On Mon, Dec 5, 2011 at 12:56 PM, Judd Maltin <openstack at newgoliath.com>
>> wrote:
>> > I create my user test1:tester1 testing1 using the swauth tools just
>> fine.
>> >
>> > root at proxy01-c01:/etc/swift# swauth-list -K swauthkey
>> > {"accounts": [{"name": "test1"}]}
>> > root at proxy01-c01:/etc/swift# swauth-list -K swauthkey test1
>> > {"services": {"storage": {"default": "local", "local":
>> > "http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74"}},
>> > "account_id": "AUTH_840f1320-2d45-4e62-92a5-71e448190c74", "users":
>> > [{"name": "tester1"}]}
>> > root at proxy01-c01:/etc/swift#
>> >
>> > But then when I try to stat the account: :(
>> >
>> > /etc/swift# swift -A http://127.0.0.1:8080/auth/v1.0 -U test1:tester1
>> -K
>> > 'testing1' stat -v
>> > Account HEAD failed:
>> > http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74 403
>> > Forbidden
>> >
>> > /var/log/syslog:
>> >
>> > Dec  5 13:45:30 proxy01-c01 proxy-server - - 05/Dec/2011/18/45/30 GET
>> > /v1/AUTH_.auth/test1/tester1 HTTP/1.0 200 - Swauth - - - -
>> > txb6f5ac66b1134c31814f1daf4192548b - 0.0440
>> > Dec  5 13:45:30 proxy01-c01 proxy-server - - 05/Dec/2011/18/45/30 GET
>> > /v1/AUTH_.auth/.token_2/AUTH_tk01423b7c65fc463394cf8ca3de8fef52
>> HTTP/1.0 200
>> > - Swauth - - - - txc70046f612ce4baca788ee49b20fba63 - 0.0291
>> > Dec  5 13:45:30 proxy01-c01 proxy-server - - 05/Dec/2011/18/45/30 GET
>> > /v1/AUTH_.auth/test1/.services HTTP/1.0 200 - Swauth - - - -
>> > tx0547130a2c444252a21a868785f68ebd - 0.0308
>> > Dec  5 13:45:30 proxy01-c01 swauth - 127.0.0.1 05/Dec/2011/18/45/30 GET
>> > /auth/v1.0 HTTP/1.0 200 - - - - - - - - 0.1095
>> > Dec  5 13:45:30 proxy01-c01 proxy-server 127.0.0.1 127.0.0.1
>> > 05/Dec/2011/18/45/30 HEAD /v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74
>> > HTTP/1.0 403 - -
>> test1%3Atester1%2CAUTH_tk01423b7c65fc463394cf8ca3de8fef52 -
>> > - - tx116c0dc81110402fa4f106feebe3c121 - 0.0006
>> >
>> > I'm using swift 1.4.4, swauth 1.0.3
>> >
>> > proxy-server.conf:
>> > [pipeline:main]
>> > pipeline = swift3 catch_errors healthcheck cache swauth proxy-server
>> >
>> > ...
>> >
>> > [filter:swauth]
>> > use = egg:swauth#swauth
>> > set default_swift_cluster =
>> > local#http://127.0.0.1:8080/v1#http://127.0.0.1:8080/v1
>> > set log_name = swauth
>> > super_admin_key = swauthkey
>> >
>> >
>> > Any ideas whats going on here?
>> >
>> > Thanks,
>> > -judd
>> >
>> > _______________________________________________
>> > Openstack-operators mailing list
>> > Openstack-operators at lists.openstack.org
>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>> >
>>
>>
>>
>> --
>> Jeff Kramer
>> jeffkramer at gmail.com
>> http://www.jeffkramer.org/
>> _______________________________________________
>> Openstack-operators mailing list
>> Openstack-operators at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20111205/2013193a/attachment-0002.html>

More information about the Openstack-operators mailing list