[Openstack-operators] Problem with swift-auth-add-usercommand in the Auth-Server
Marcelo Martis
btorch-os at zeroaccess.org
Fri May 6 20:45:36 UTC 2011
Hi Alberto,
Sorry for the delay reply here. After checking your configs I see a few
things that don't add up.
As Recap you have this setup ( please let me know if I'm incorrect)
-----------------
|proxy/auth | = (ip: 192.168.8.106)
-----------------
|
|---------| storage1| (192.168.8.104)
|
|----------|storage2| (192.168.8.103)
So, on this type of setup, the first thing I noticed is that for the
storage node configuration files you have the "bind_ip" pointing to the
proxy ip which is not correct. The bind_ip should be either 0.0.0.0 (all
ips) or an ip of the box that you want the service bound to.
Also, on this type of setup (since you only have 2 storagenodes), you
would need 2 of each service running on each storage node. For example:
*storage1:*
/etc/swift/object-server/1-object-server.conf (bind_port = 6000)
/etc/swift/container-server/1-container-server.conf (bind_port = 6001)
/etc/swift/account-server/1-account-server.conf (bind_port = 6002)
/etc/swift/object-server/2-object-server.conf (bind_port = 6010)
/etc/swift/container-server/2-container-server.conf (bind_port = 6011)
/etc/swift/account-server/2-account-server.conf (bind_port = 6012)
*storage2:*
/etc/swift/object-server/1-object-server.conf (bind_port = 6020)
/etc/swift/container-server/1-container-server.conf (bind_port = 6021)
/etc/swift/account-server/1-account-server.conf (bind_port = 6022)
/etc/swift/object-server/2-object-server.conf (bind_port = 6030)
/etc/swift/container-server/2-container-server.conf (bind_port = 6031)
/etc/swift/account-server/2-account-server.conf (bind_port = 6032)
In regards to your ring, each storage node service should be using its
own unique device/partition, so below is an example for storage1 server
for just the object ring.
-- swift-ring-builder object.builder
Devices: id zone ip address port name weight partitions
balance meta
0 1 192.168.8.103 6000 sda1 1.00
196608 0.00
1 2 192.168.8.103 6010 sda2 1.00
196608 0.00
2 3 192.168.8.104 6020 sda1 1.00
196608 0.00
3 4 192.168.8.104 6030 sda2 1.00
196608 0.00
I hope the above helps to give you some insight. I would also recommend
not setting up SSL at first. Get things working and then you can add SSL
to it. Avoid unnecessary troubleshooting when possible.
Also, when you get a change I would suggest looking over the wiki docs
for SAIO setups and multi node ones if you haven't do so yet. I also
have some howtos at www.zeroaccess.org that shows some swift setups. I
also have a SAIO script (https://github.com/btorch/swift-saio.sh) that
you could install on a VM that will get you up and running with swift
1.3 version and then you could look over the script code and break down
the steps that are performed.
-
Marcelo Martins
Openstack-swift
btorch-os at zeroaccess.org <mailto:btorch-os at zeroaccess.org>
https://github.com/btorch
On 05/06/2011 04:59 AM, e.testingcloud wrote:
> Hi Marcelo.
>
> I will configure the swauth to replace auth, I will say you when change the auth server.
>
> In this moment the configuration of my environtment is:
>
> * Proxy and auth machine node. This node is not a storage node (ip: 192.168.8.106).
>
> - Proxy-server.conf
> [DEFAULT]
> cert_file = /etc/swift/cert.crt
> key_file = /etc/swift/cert.key
> bind_port = 8080
> workers = 8
> user = swift
>
> [pipeline:main]
> pipeline = healthcheck cache auth proxy-server
>
> [app:proxy-server]
> use = egg:swift#proxy
> allow_account_management = true
>
> [filter:auth]
> use = egg:swift#auth
> ssl = true
>
> [filter:healthcheck]
> use = egg:swift#healthcheck
>
> [filter:cache]
> use = egg:swift#memcache
> memcache_servers = 127.0.0.1:11211
>
>
> - auth-server.conf
> [DEFAULT]
> cert_file = /etc/swift/cert.crt
> key_file = /etc/swift/cert.key
> user = swift
>
> [pipeline:main]
> pipeline = auth-server
>
> [app:auth-server]
> use = egg:swift#auth
> default_cluster_url = https://127.0.0.1:8080/v1
>
> # Highly recommended to change this key to something else!
> super_admin_key = beto
>
>
> - swift.conf
> [swift-hash]
> # random unique string that can never change (DO NOT LOSE)
> swift_hash_path_suffix = beto
>
>
> * Node storage (192.168.8.104)
> - account-server.conf
> [DEFAULT]
> bind_ip = 192.168.8.106
> workers = 2
> [pipeline:main]
> pipeline = account-server
> [app:account-server]
> use = egg:swift#account
> [account-replicator]
> [account-auditor]
> [account-reaper]
>
> - container-server.conf
> [DEFAULT]
> bind_ip = 192.168.8.106
> workers = 2
> [pipeline:main]
> pipeline = container-server
> [app:container-server]
> use = egg:swift#container
> [container-replicator]
> [container-updater]
> [container-auditor]
>
> - object-server.conf
> bind_ip = 192.168.8.106
> workers = 2
> [pipeline:main]
> pipeline = object-server
> [app:object-server]
> use = egg:swift#object
> [object-replicator]
> [object-updater]
> [object-auditor]
>
>
> * Node storage (192.168.8.103)
> - account-server.conf
> [DEFAULT]
> bind_ip = 192.168.8.106
> workers = 2
> [pipeline:main]
> pipeline = account-server
> [app:account-server]
> use = egg:swift#account
> [account-replicator]
> [account-auditor]
> [account-reaper]
>
> - container-server.conf
> [DEFAULT]
> bind_ip = 192.168.8.106
> workers = 2
> [pipeline:main]
> pipeline = container-server
> [app:container-server]
> use = egg:swift#container
> [container-replicator]
> [container-updater]
> [container-auditor]
>
> - object-server.conf
> bind_ip = 192.168.8.106
> workers = 2
> [pipeline:main]
> pipeline = object-server
> [app:object-server]
> use = egg:swift#object
> [object-replicator]
> [object-updater]
> [object-auditor]
>
> The creation of the account, container and object rings was with this script:
>
> #!/bin/bash
> cd /etc/swift
> swift-ring-builder account.builder create 18 3 1
> swift-ring-builder container.builder create 18 3 1
> swift-ring-builder object.builder create 18 3 1
>
> export ZONE=1 # set the zone number for that storage device
> export STORAGE_LOCAL_NET_IP=192.168.8.103 # and the IP address
> export WEIGHT=100 # relative weight (higher for bigger/faster disks)
> export DEVICE=sdb1
> swift-ring-builder account.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6002/$DEVICE $WEIGHT
> swift-ring-builder container.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6001/$DEVICE $WEIGHT
> swift-ring-builder object.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6000/$DEVICE $WEIGHT
> export ZONE=2 # set the zone number for that storage device
> export STORAGE_LOCAL_NET_IP=192.168.8.103 # and the IP address
> export WEIGHT=100 # relative weight (higher for bigger/faster disks)
> export DEVICE=sdb1
> swift-ring-builder account.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6012/$DEVICE $WEIGHT
> swift-ring-builder container.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6011/$DEVICE $WEIGHT
> swift-ring-builder object.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6010/$DEVICE $WEIGHT
> export ZONE=3 # set the zone number for that storage device
> export STORAGE_LOCAL_NET_IP=192.168.8.103 # and the IP address
> export WEIGHT=100 # relative weight (higher for bigger/faster disks)
> export DEVICE=sdb1
> swift-ring-builder account.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6022/$DEVICE $WEIGHT
> swift-ring-builder container.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6021/$DEVICE $WEIGHT
> swift-ring-builder object.builder add z$ZONE-$STORAGE_LOCAL_NET_IP:6020/$DEVICE $WEIGHT
>
> Thanks in advance.
>
> ________________________________________
> De: Marcelo Martins [btorch-os at zeroaccess.org]
> Enviado el: jueves, 05 de mayo de 2011 16:48
> Para: e.testingcloud
> CC: openstack-operators at lists.openstack.org
> Asunto: Re: [Openstack-operators] Problem with swift-auth-add-usercommand in the Auth-Server
>
> Hi Alberto,
>
> Could you provide some more information about your setup.
> - How does your object/account/container rings look like ?
> - Can you provide an output of your auth-server.conf ?
> Both auth-server and proxy server run on this Openstack1 node I assume from the log below
>
> - Are you sure that your proxy node can indeed connect to the account server ?
>
> Any reason you are using version 1.2 (I assume you are using 1.2 since the old auth-server, devAuth, has been deprecated in favor of swauth)
>
>
> Marcelo Martins
> Openstack-swift
> btorch-os at zeroaccess.org<mailto:btorch-os at zeroaccess.org>
> https://github.com/btorch
>
> “Knowledge is the wings on which our aspirations take flight and soar. When it comes to surfing and life if you know what to do you can do it. If you desire anything become educated about it and succeed. “
>
>
>
>
> On May 5, 2011, at 9:02 AM, e.testingcloud wrote:
>
> Hi,
>
> we have a problem with the Auth-server, in the next lines we describe the situation:
>
> We have two storage node in two differentes servers (OS: Ubuntu 10.04.2 Server) and the Auth server in other machine (OS: Ubuntu 10.04.2 Server)
>
> We configure the proxy node, the auth server node and the storage node without problem, but when we execute the following command to authorize an user, we receive the atach ERROR.
>
> sudo swift-auth-add-user -K beto -a system root testpass
>
> The error is in the /var/log/syslog file:
>
> May 5 15:38:15 OpenStack1 auth-server validate_token('AUTH_tk03201438d45f49c2905454406efdb347', _, _) = (86399.978063821793, '.super_admin', '.single_use', '.reseller_admin') [0.01]
> May 5 15:38:15 OpenStack1 auth-server 127.0.0.1 - - [05/May/2011:13:38:15 +0000] "GET /token/AUTH_tk03201438d45f49c2905454406efdb347 HTTP/1.0" 204 - "-" "-" - - - - - - - - - "-" "127.0.0.1" "-" 0.0077
> May 5 15:38:15 OpenStack1 proxy-server ERROR with Account server 192.168.8.106:6002/sdb1 re: Trying to PUT to /v1/AUTH_e15d5a524bf44a469f876c6f3be2955c: Connection refused (txn: tx420de390-d209-4f0b-816a-f0062e2087cc)
> May 5 15:38:15 OpenStack1 proxy-server ERROR with Account server 192.168.8.106:6012/sdb1 re: Trying to PUT to /v1/AUTH_e15d5a524bf44a469f876c6f3be2955c: Connection refused (txn: tx420de390-d209-4f0b-816a-f0062e2087cc)
> May 5 15:38:15 OpenStack1 proxy-server ERROR with Account server 192.168.8.106:6022/sdb1 re: Trying to PUT to /v1/AUTH_e15d5a524bf44a469f876c6f3be2955c: Connection refused (txn: tx420de390-d209-4f0b-816a-f0062e2087cc)
> May 5 15:38:15 OpenStack1 proxy-server Account PUT returning 503 for [503, 503, 503] (txn: tx420de390-d209-4f0b-816a-f0062e2087cc)
> May 5 15:38:15 OpenStack1 auth-server ERROR attempting to create account https://127.0.0.1:8080/v1/AUTH_e15d5a524bf44a469f876c6f3be2955c: 503 Internal Server Error
> May 5 15:38:15 OpenStack1 auth-server FAILED create_user('system', 'root', _, True, False) [0.04]
> May 5 15:38:15 OpenStack1 auth-server 127.0.0.1 - - [05/May/2011:13:38:15 +0000] "PUT /account/system/root HTTP/1.0" 503 - "-" "-" - - - - - - - - - "-" "127.0.0.1" "-" 0.0377
> May 5 15:38:15 OpenStack1 proxy-server - 127.0.0.1 05/May/2011/13/38/15 PUT /v1/AUTH_e15d5a524bf44a469f876c6f3be2955c HTTP/1.0 503 - - .super_admin%3A.single_use%2CAUTH_tk03201438d45f49c2905454406efdb347 - - - tx420de390-d209-4f0b-816a-f0062e2087cc - 0.0053
> Any idea about the problem ?
>
>
>
> Thanks in advance,
>
> Regards,
>
> Alberto.
>
>
> ________________________________
> Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo.
> This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at.
> http://www.tid.es/ES/PAGINAS/disclaimer.aspx
> _______________________________________________
> Openstack-operators mailing list
> Openstack-operators at lists.openstack.org<mailto:Openstack-operators at lists.openstack.org>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
> Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo.
> This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at.
> http://www.tid.es/ES/PAGINAS/disclaimer.aspx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20110506/5e0fd925/attachment-0002.html>
More information about the Openstack-operators
mailing list