[Openstack] swfit / keystone auth

Pete Zaitcev zaitcev at redhat.com
Tue Dec 13 17:54:56 UTC 2011

On Tue, 13 Dec 2011 11:27:28 -0500
andi abes <andi.abes at gmail.com> wrote:

> A few questions (about keystone 2012.1)

Just to facilitate the tip-sharing, here's what I know - not being
an expert in either Swift of Keystone.

> a) does the  swift middleware work with v1.0 or 2.0 auth?

I "heard" that v2.0 is not ready to be used with Swift. BTW, I am at
swift 1.4.3, maybe it wasn't back then. Your 2012.1 should be Essex,
which, AFAIK, is not even branched yet. Anyhow, I configured /v1
(no JSON, just good old X-Storage-Url etc.).

> b) are folks using swift-keystone2 or the middleware bundled with keystone
> (auth_token + swift_auth).

I am not quite sure what to make out of this question, but here's
what I have, middleware-related

pipeline = healthcheck cache keystone proxy-server
use = egg:keystone#tokenauth
auth_protocol = http
#auth_host =
auth_host =
auth_port = 35357
admin_token = 758ce883df47
delay_auth_decision = 0
service_protocol = http
service_host =
service_port = 5000
service_pass = dTpw
 <---- I know that keystone ignores a bunch of these

service-header-mappings = {
	'nova' : 'X-Server-Management-Url',
	'swift' : 'X-Storage-Url',
	'cdn' : 'X-CDN-Management-Url'}
pipeline = urlrewritefilter admin_api
pipeline = urlrewritefilter legacy_auth RAX-KEY-extension service_api
paste.filter_factory = keystone.frontends.legacy_token_auth:filter_factory

> c) when trying to use auth_token and swift_auth, I see the keystone log
> below trying to stat an account. []


> This was triggered with:
>  swift -A -V 2.0 -U openstack:user -K
> password stat

My tests run like so:
 swift -A http://kvm-rei:5000/v1.0 -U admin -K adminpass stat -v

-- Pete

More information about the Openstack mailing list