[Openstack] Swift and keystone: asking for an auth token.
Pierre Amadio
pierre.amadio at canonical.com
Tue Apr 3 14:53:05 UTC 2012
Hi there !
I am trying to use swift and keystone together (on ubuntu precise), and
fail to do so.
swift 1.4.7-0ubuntu3
keystone 2012.1~rc1-0ubuntu1
I was trying to follow this doc (more or less):
http://etherpad.openstack.org/swift-keystone-draft
I have
swift node:192.168.122.105
keystone node:192.168.122.102
On keystone, i have a ubuntu tenant, with a ubuntu user using openstack
as a password.
The ubuntu user is associated to the admin role (i know i did it with
keystone user-role-add , altough i m not sure how to list the role of a
given user to double check, if you know how to do that, please let me know).
Just to show that things seems to work on the keystone side of things,
see the attached keystone-client.txt file.
On the machine running swift, i launch the following (expecting to get
an auth token back):
ubuntu at swift-a:~$ swift -V 2 -U ubuntu:ubuntu -K openstack -A
http://192.168.122.102:5000/v2.0 list
And i end up with:
Account GET failed:
https://192.168.122.105:8080/v2/AUTH_ed0a2ebb66054096869605fb53c049d7?format=json
403 Forbidden
Now, the strange part, is, according to the (attached in keystone.log)
logs, it looks to me keystone gave back the token:
{"access":
{"token":
{"expires": "2012-04-04T13:42:01Z", "id":
"2adcf21b3ffd4663af1bedd90f71a587",
"tenant": {"enabled": true, "description": null, "name": "ubuntu",
"id": "ed0a2ebb66054096869605fb53c049d7"}
},
"user": {"username": "ubuntu",
"roles_links": [],
"id": "5e2f2e672c834e10801f6203c628a527",
"roles": [{"id": "60a1783c2f05437d91f2e1f369320c49",
"name": "Admin"},
{"id": "1b7ff17726cc4c228c2426959d7852ed",
"name": "Member"}],
"name": "ubuntu"}
}
}
My swift /etc/swift/proxy-server.conf is
###################################
[DEFAULT]
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key
bind_port = 8080
workers = 24
user = swift
[pipeline:main]
pipeline = catch_errors healthcheck cache tokenauth keystone proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true
[filter:tokenauth]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_port = 5000
service_host = 192.168.122.102
auth_port = 35357
auth_host = 192.168.122.102
auth_protocol = http
admin_tenant_name = ubuntu
admin_user = ubuntu
admin_password = openstack
cache = swift.cache
[filter:keystone]
paste.filter_factory = keystone.middleware.swift_auth:filter_factory
operator_roles = admin
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:cache]
use = egg:swift#memcache
memcache_servers = 192.168.122.105:11211
[filter:catch_errors]
use = egg:swift#catch_errors
###################################
Just in case, i try to change the keystone objectstore endpoint to use
v1 instead of v2 in the 3 catalog urls, but i had the same result.
Any idea what i may be doing wrong ?
-------------- next part --------------
ubuntu at messaging:~$ keystone --os_username ubuntu --os_password openstack --os_tenant_name ubuntu --os_auth_url http://192.168.122.102:35357/v2.0/ user-list
+----------------------------------+---------+------------------+--------+
| id | enabled | email | name |
+----------------------------------+---------+------------------+--------+
| 22cc42dc058040e8abfc419e19daf893 | True | None | glance |
| 5e2f2e672c834e10801f6203c628a527 | True | ubuntu at localhost | ubuntu |
| 6fc41e3b447d45b4b63ce69163536c39 | True | root at localhost | admin |
+----------------------------------+---------+------------------+--------+
##########################################################################################################################################
keystone --os_username ubuntu --os_password openstack --os_tenant_name ubuntu --os_auth_url http://192.168.122.102:35357/v2.0/ tenant-list
+----------------------------------+--------+---------+
| id | name | enabled |
+----------------------------------+--------+---------+
| ed0a2ebb66054096869605fb53c049d7 | ubuntu | True |
+----------------------------------+--------+---------+
##########################################################################################################################################
ubuntu at messaging:~$ keystone --os_username ubuntu --os_password openstack --os_tenant_name ubuntu --os_auth_url http://192.168.122.102:35357/v2.0/ catalog
Service: object-store
+-------------+-----------------------------------------------------------------------+
| Property | Value |
+-------------+-----------------------------------------------------------------------+
| adminURL | https://192.168.122.105:8080/v2 |
| internalURL | https://192.168.122.105:8080/v2/AUTH_ed0a2ebb66054096869605fb53c049d7 |
| publicURL | https://192.168.122.105:8080/v2/AUTH_ed0a2ebb66054096869605fb53c049d7 |
| region | RegionOne |
+-------------+-----------------------------------------------------------------------+
Service: image
+-------------+--------------------------------+
| Property | Value |
+-------------+--------------------------------+
| adminURL | http://192.168.122.102:9292/v1 |
| internalURL | http://192.168.122.102:9292/v1 |
| publicURL | http://192.168.122.102:9292/v1 |
| region | RegionOne |
+-------------+--------------------------------+
Service: compute
+-------------+-------------------------------------------------------------------+
| Property | Value |
+-------------+-------------------------------------------------------------------+
| adminURL | http://192.168.122.101:8774/v1.1/ed0a2ebb66054096869605fb53c049d7 |
| internalURL | http://192.168.122.101:8774/v1.1/ed0a2ebb66054096869605fb53c049d7 |
| publicURL | http://192.168.122.101:8774/v1.1/ed0a2ebb66054096869605fb53c049d7 |
| region | RegionOne |
+-------------+-------------------------------------------------------------------+
Service: identity
+-------------+-----------------------------------+
| Property | Value |
+-------------+-----------------------------------+
| adminURL | http://192.168.122.102:35357/v2.0 |
| internalURL | http://192.168.122.102:5000/v2.0 |
| publicURL | http://192.168.122.102:5000/v2.0 |
| region | RegionOne |
+-------------+-----------------------------------+
-------------- next part --------------
A non-text attachment was scrubbed...
Name: keystone.log
Type: text/x-log
Size: 19121 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120403/9c92133b/attachment.bin>
More information about the Openstack
mailing list