[Openstack] Keystone + Swift integration

Ziad Sawalha ziad.sawalha at rackspace.com
Sat Nov 26 20:47:46 UTC 2011


Hi Leandro -

As an aside, I notice in your commands you are creating a global endpoint template and then adding it to all your tenants. A global endpoint template should be added to all tenants by automatically (no need for the adds on each tenant).

I have just finished submitting a review of our docs with better explanation of endpoints and endpoint templates. It's not merged in yet so I attached a PDF version.

Ziad

From: Leandro Reox <leandro.reox at gmail.com<mailto:leandro.reox at gmail.com>>
Date: Wed, 23 Nov 2011 09:28:01 -0300
To: <openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>>
Subject: [Openstack] Keystone + Swift integration

Hi guys,

Anyone has a working proxy-server.conf and endpoint templates for swift, we're trying to integrate them but we always face a different error. We're using keystone from the Cloudbuilders repo and Swift release 1.4.3 .

When we test our environment all the POST and GETs via swift tool or CURL returns empty , and actually swift is not logging anything (any log config there too ? )

Here is our proxy-server.conf on swifts proxys :

[DEFAULT]
# Enter these next two values if using SSL certifications
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key
bind_port = 8080
workers = 8
user = swift

[pipeline:main]
# keep swauth in the line below if you plan to use swauth for authentication
pipeline = catch_errors cache keystone proxy-server

[app:proxy-server]
use = egg:swift#proxy
account_autocreate = true

[filter:keystone]
use = egg:keystone#tokenauth
auth_protocol = http
auth_host = 172.16.144.51
auth_port = 35357
admin_token = 1234567890
delay_auth_decision = 0
service_protocol = http
service_host = 172.16.144.51
service_port = 5000
service_pass = dTpw

[filter:cache]
use = egg:swift#memcache
memcache_servers = 172.16.168.10:11211<http://172.16.168.10:11211>,172.16.168.11:11211<http://172.16.168.11:11211>
set log_name = cache

[filter:catch_errors]
use = egg:swift#catch_errors

[filter:swift3]
use = egg:swift#swift3
log_facility = LOG_LOCAL1


And here is our endpoint template on keystone ( 172.16.0.88:8080<http://172.16.0.88:8080> is our proxys VIP) :

keystone-manage service add swift object-store "Swift Service"
keystone-manage endpointTemplates add RegionOne swift http://172.16.0.88:8080/v1/AUTH_%tenant_id% http://172.16.0.88:8080/ http://172.16.0.88:8080/v1/AUTH_%tenant_id% 1 1
keystone-manage endpoint add admin 4
keystone-manage endpoint add demo 4
keystone-manage endpoint add infra 4

When we request a token via curl, its all the info in the headers but when we do a

swift -A http://172.16.144.51:5000/v1.0 -U Max -K Infra post container
swift -A http://172.16.144.51:5000/v1.0 -U Max -K Infra  stat -v

Hangs forever and returns empty !

We have a very big swift environment running OK with swauth , but we want to integrate it with keystone , we should use the keystone2 swift middleware that comes with devstack instead of this ? What is wrong on the confs ?

Regards
Lele

_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net> Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20111126/b02aa652/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Endpoints and Endpoint Templates ‹ Keystone 2012.1-dev documentation.pdf
Type: application/pdf
Size: 134541 bytes
Desc: Endpoints and Endpoint Templates ‹ Keystone 2012.1-dev documentation.pdf
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20111126/b02aa652/attachment.pdf>


More information about the Openstack mailing list