Open Stack

Hello,

You probably want to have latest keystone version, if you want to test
swift-keystone2 pretty easily you can use devstack
(http://devstack.org) which has swift and keystone2 integrated. You
just have to make sure to have swift enabled in ENABLED_SERVICES
variable.

Chmouel.

On Thu, Nov 3, 2011 at 5:38 PM, Li Hua <neakli at gmail.com> wrote:
>
> Hi Chmouel,
> Thank you for your information.
>
> I installed swift-keystone2 and modified proxy-server.conf.
> BUT authentication maybe not work well. for example, I want to check demo's status using the
> following command.
> [root at node01 ~]# swift -A http://127.0.0.1:5000/v1.0 -U demo -K password stat
> Account HEAD failed: http://api.cloud.com:8080/v1/AUTH_2 403 Forbidden
> [root at node01 ~]# swift -A http://127.0.0.1:5000/v1.0 -U demo -K password post test_container
> Container POST failed: http://api.cloud.com:8080/v1/AUTH_2/test_container 403 Forbidden
> ALL operation (HEAD/PUT/POST/GET) will be returned with 403 Forbidden.
> But if I change proxy-server.conf back to the old config.  ALL operation (HEAD/PUT/POST/GET)
> are ok.
> Keystone version:  openstack-keystone-2011.3-b475.noarch
> Swift version:
> openstack-swift-1.4.3-b447.noarch
> openstack-swift-account-1.4.3-b447.noarch
> openstack-swift-proxy-1.4.3-b447.noarch
> openstack-swift-object-1.4.3-b447.noarch
> openstack-swift-container-1.4.3-b447.noarch
> proxy-server.conf
> [DEFAULT]
> bind_port = 8080
> user = swift
> [pipeline:main]
> pipeline = catch_errors cache keystone2 proxy-server
> [app:proxy-server]
> use = egg:swift#proxy
> account_autocreate = true
> log_facility = LOG_LOCAL1
> log_level = DEBUG
> [filter:keystone2]
> use = egg:swiftkeystone2#keystone2
> keystone_admin_token = 999888777666
> keystone_url = http://127.0.0.1:5001/v2.0   ( 5001 for admin  api port, 5000 for service api port)
> [filter:cache]
> use = egg:swift#memcache
> set log_name = cache
> [filter:catch_errors]
> use = egg:swift#catch_errors
>
> Does it need to upgrade keystone to the latest version ?  How to debug keystone2 ?
>
> Regards,
> Li Hua
>
>
> On Thu, Nov 3, 2011 at 3:29 PM, Chmouel Boudjnah <Chmouel.Boudjnah at rackspace.co.uk> wrote:
>>
>> Hi Li,
>> Swift middleware shipped with keystone doesn't support ACL, you may want to try this middleware  instead :
>> https://github.com/cloudbuilders/swift-keystone2
>> Chmouel.
>> On 3 Nov 2011, at 05:45, Li Hua wrote:
>>
>> Hi Folks,
>> I set up a SAIO test environment in RHEL6.1 using openstack-swift-1.4.3-b447.noarch from
>> http://yum.griddynamics.net/yum/diablo-centos/ .
>> I want to test the container Read/Write access permission using the following steps.
>> Creating a container with read access permission for anyone.
>> [root at node01 ~]# swift -A http://127.0.0.1:5000/v1.0 -U demo -K password post -r '.r:*' testcontainer
>>
>> Checking the stat of container:
>> [root at node01 ~]# swift -A http://127.0.0.1:5000/v1.0 -U demo -K password stat testcontainer  Account: AUTH_2
>> Container: testcontainer
>>   Objects: 0
>>     Bytes: 0
>>  Read ACL:
>> Write ACL:
>>   Sync To:
>>  Sync Key:
>> Accept-Ranges: bytes
>> X-Trans-Id: tx1c0e9c6220ea433a90713c160a88b33f
>>
>> It seems that  testcontainer still has no Read ACL.   Any comments ?  thanks.
>>
>> Regards,
>> Li Hua
>>
>>
>>
>> Chmouel Boudjnah
>> Cloud Product Engineer
>> Tel: +442087344212
>> Fax: +44 20 8606 6111
>> Web:www.rackspace.co.uk
>>
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack at lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>