[Openstack-operators] swauth 1.0.3 user create and access problem?

Judd Maltin openstack at newgoliath.com
Mon Dec 5 21:30:19 UTC 2011


And Andi Abes AGAIN gets the "correct answer" award.  Well done, Andi.


On Mon, Dec 5, 2011 at 4:04 PM, andi abes <andi.abes at gmail.com> wrote:

> when you created the user did you add the -a param (to make the user an
> admin for the account )?
>
>
> On Mon, Dec 5, 2011 at 3:09 PM, Judd Maltin <openstack at newgoliath.com>wrote:
>
>> oops.. pasted too much with the x-storage-url, but still access denied.
>>
>>
>> On Mon, Dec 5, 2011 at 3:06 PM, Judd Maltin <openstack at newgoliath.com>wrote:
>>
>>> No curl love either.
>>>
>>> Might have to remove the .auth database by hand or somehting??
>>>
>>> root at proxy01-c01:/etc/swift# curl  -i -H 'X-Auth-User: test1:tester1'
>>> -H 'X-Storage-Pass: testing1' http://127.0.0.1:8080/auth/v1.0
>>> HTTP/1.1 200 OK
>>> X-Storage-Url:
>>> http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74
>>> X-Storage-Token: AUTH_tkb44d649b7e2f4c8d9a4653a60de3f980
>>> X-Auth-Token: AUTH_tkb44d649b7e2f4c8d9a4653a60de3f980
>>> X-Trans-Id: tx9a8f99333ac44e0885b0b4c0ddb67c30
>>> Content-Length: 112
>>> Date: Mon, 05 Dec 2011 20:05:09 GMT
>>>
>>> {"storage": {"default": "local", "local": "
>>> http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74
>>> "}}root at proxy01-c01:/etc/swift#
>>>
>>> root at proxy01-c01:/etc/swift# curl -i -H 'X-Auth-Token:
>>> AUTH_tkb44d649b7e2f4c8d9a4653a60de3f980' X-Storage-Url:
>>> http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74/
>>> curl: (6) Couldn't resolve host 'X-Storage-Url:'
>>> HTTP/1.1 403 Forbidden
>>> Content-Length: 157
>>> Content-Type: text/html; charset=UTF-8
>>> X-Trans-Id: tx8d228af637ca40818a4fb4cae5e20e0e
>>> Date: Mon, 05 Dec 2011 20:05:35 GMT
>>>
>>> <html>
>>>  <head>
>>>   <title>403 Forbidden</title>
>>>  </head>
>>>  <body>
>>>   <h1>403 Forbidden</h1>
>>>   Access was denied to this resource.<br /><br />
>>>
>>>
>>>
>>>  </body>
>>>
>>>
>>>
>>>
>>> On Mon, Dec 5, 2011 at 2:26 PM, Jeff Kramer <jeffkramer at gmail.com>wrote:
>>>
>>>> Maybe drop the single quotes around the password?  Have you tried with
>>>> curl?  Something like this (ripped out of some docs I've got):
>>>>
>>>> We can also test this with curl, from this machine or another machine
>>>> (replace 127.0.0.1 with the servers IP address as appropriate):
>>>>
>>>> [code]
>>>> curl -v -H 'X-Storage-User: testaccount:testuser' -H 'X-Storage-Pass:
>>>> testpassword' http://127.0.0.1:8080/auth/v1.0
>>>> [/code]
>>>>
>>>> This should return an auth token like this:
>>>>
>>>> X-Auth-Token: AUTH_tk6c0e4a8829084a899d5742dd18a6b274
>>>>
>>>> And a URL like this:
>>>>
>>>> X-Storage-Url:
>>>> http://127.0.0.1:8080/v1/AUTH_18c08955-6ea1-41c8-b899-9d8b26063a87
>>>>
>>>> Which you can use to talk to storage:
>>>>
>>>> [code]
>>>> curl -v -H 'X-Auth-Token: AUTH_tk6c0e4a8829084a899d5742dd18a6b274'
>>>> http://127.0.0.1:8080/v1/AUTH_18c08955-6ea1-41c8-b899-9d8b26063a87
>>>> [/code]
>>>>
>>>> Which should show you something like this:
>>>>
>>>> [code]
>>>> < HTTP/1.1 204 No Content
>>>> < X-Account-Object-Count: 0
>>>> < X-Account-Bytes-Used: 0
>>>> < X-Account-Container-Count: 0
>>>> < Accept-Ranges: bytes
>>>> < Content-Length: 0
>>>> [/code]
>>>>
>>>>
>>>> On Mon, Dec 5, 2011 at 12:56 PM, Judd Maltin <openstack at newgoliath.com>
>>>> wrote:
>>>> > I create my user test1:tester1 testing1 using the swauth tools just
>>>> fine.
>>>> >
>>>> > root at proxy01-c01:/etc/swift# swauth-list -K swauthkey
>>>> > {"accounts": [{"name": "test1"}]}
>>>> > root at proxy01-c01:/etc/swift# swauth-list -K swauthkey test1
>>>> > {"services": {"storage": {"default": "local", "local":
>>>> > "http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74
>>>> "}},
>>>> > "account_id": "AUTH_840f1320-2d45-4e62-92a5-71e448190c74", "users":
>>>> > [{"name": "tester1"}]}
>>>> > root at proxy01-c01:/etc/swift#
>>>> >
>>>> > But then when I try to stat the account: :(
>>>> >
>>>> > /etc/swift# swift -A http://127.0.0.1:8080/auth/v1.0 -U
>>>> test1:tester1 -K
>>>> > 'testing1' stat -v
>>>> > Account HEAD failed:
>>>> > http://127.0.0.1:8080/v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74403
>>>> > Forbidden
>>>> >
>>>> > /var/log/syslog:
>>>> >
>>>> > Dec  5 13:45:30 proxy01-c01 proxy-server - - 05/Dec/2011/18/45/30 GET
>>>> > /v1/AUTH_.auth/test1/tester1 HTTP/1.0 200 - Swauth - - - -
>>>> > txb6f5ac66b1134c31814f1daf4192548b - 0.0440
>>>> > Dec  5 13:45:30 proxy01-c01 proxy-server - - 05/Dec/2011/18/45/30 GET
>>>> > /v1/AUTH_.auth/.token_2/AUTH_tk01423b7c65fc463394cf8ca3de8fef52
>>>> HTTP/1.0 200
>>>> > - Swauth - - - - txc70046f612ce4baca788ee49b20fba63 - 0.0291
>>>> > Dec  5 13:45:30 proxy01-c01 proxy-server - - 05/Dec/2011/18/45/30 GET
>>>> > /v1/AUTH_.auth/test1/.services HTTP/1.0 200 - Swauth - - - -
>>>> > tx0547130a2c444252a21a868785f68ebd - 0.0308
>>>> > Dec  5 13:45:30 proxy01-c01 swauth - 127.0.0.1 05/Dec/2011/18/45/30
>>>> GET
>>>> > /auth/v1.0 HTTP/1.0 200 - - - - - - - - 0.1095
>>>> > Dec  5 13:45:30 proxy01-c01 proxy-server 127.0.0.1 127.0.0.1
>>>> > 05/Dec/2011/18/45/30 HEAD
>>>> /v1/AUTH_840f1320-2d45-4e62-92a5-71e448190c74
>>>> > HTTP/1.0 403 - -
>>>> test1%3Atester1%2CAUTH_tk01423b7c65fc463394cf8ca3de8fef52 -
>>>> > - - tx116c0dc81110402fa4f106feebe3c121 - 0.0006
>>>> >
>>>> > I'm using swift 1.4.4, swauth 1.0.3
>>>> >
>>>> > proxy-server.conf:
>>>> > [pipeline:main]
>>>> > pipeline = swift3 catch_errors healthcheck cache swauth proxy-server
>>>> >
>>>> > ...
>>>> >
>>>> > [filter:swauth]
>>>> > use = egg:swauth#swauth
>>>> > set default_swift_cluster =
>>>> > local#http://127.0.0.1:8080/v1#http://127.0.0.1:8080/v1
>>>> > set log_name = swauth
>>>> > super_admin_key = swauthkey
>>>> >
>>>> >
>>>> > Any ideas whats going on here?
>>>> >
>>>> > Thanks,
>>>> > -judd
>>>> >
>>>> > _______________________________________________
>>>> > Openstack-operators mailing list
>>>> > Openstack-operators at lists.openstack.org
>>>> >
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>> >
>>>>
>>>>
>>>>
>>>> --
>>>> Jeff Kramer
>>>> jeffkramer at gmail.com
>>>> http://www.jeffkramer.org/
>>>> _______________________________________________
>>>> Openstack-operators mailing list
>>>> Openstack-operators at lists.openstack.org
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>>
>>>
>>>
>>
>> _______________________________________________
>> Openstack-operators mailing list
>> Openstack-operators at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20111205/c6e0140e/attachment-0002.html>


More information about the Openstack-operators mailing list