[Openstack-operators] Swift with Keystone (Folsom). Should the following be solvable?: Dispersion-reports, PKI, Anonymous access

Oisin Feeley oisin.feeley at gmail.com
Tue Dec 11 16:32:17 UTC 2012


Hi,

We're trying to deploy Swift using Keystone exclusively for all identity
management tasks.  We're stuck on a couple of areas and would really
appreciate confirmation that others have already succeeded and we should
try harder, or that these areas are terrae incognitae. We're using the
Ubuntu Cloud Archive PPA (swift-1.7.4-0ubuntu2~cloud0,
keystone-2012.2~0ubuntu1~cloud0).

1. Dispersion reports
================
Currently we seem to be replicating a known problem[1], and we're not sure
how to get around this. Has anyone conquered this yet?:

# swift-dispersion-populate
Traceback (most recent call last):
File "/usr/bin/swift-dispersion-
populate", line 100, in <module>
auth_version=conf.get('auth_version', '1.0'))
File "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 281, in
get_auth
if (kwargs['os_options'].get('object_storage_url') and
KeyError: 'os_options'


2. PKI Keystone
=============

Reading some reports[2] suggest that this should be possible and would
reduce the number of calls made to the endpoint, can anyone confirm they've
got this working?

3. Enabling anonymous ACL access to containers
=======================================

While setting the referrer to a wildcard to enable access works well with
the TempAuth middleware we seem to be failing to replicate this when
Keystone is the  authorization mechanism, e.g. our proxy-server.conf
pipeline is "healthcheck cache authtoken keystone proxy-server".  Has
anyone succeeded in doing this NOT solely with TempAuth?

Thanks for any suggestions (including which documentation we should read
more carefully!) in advance,

Oisin Feeley

1.  https://bugs.launchpad.net/python-swiftclient/+bug/1054331

2. https://bugs.launchpad.net/keystone/+bug/1036847
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20121211/d59b1126/attachment.html>


More information about the OpenStack-operators mailing list