Open Stack

Just an update on this.

I have found the issue and will be submitting a bug with a code review
to make this work.

Currently nova talks to s3 via a set access and secret key in nova.conf

if FLAGS.auth_strategy == 'keystone' then it should/can use the
credentials of the user.

Cheers,
Sam



On Thu, Apr 26, 2012 at 2:16 PM, Sam Morrison <sorrison at gmail.com> wrote:
> Hi,
>
> I'm trying to get the s3 interface in Essex working.
> I'm using the packages provided in Ubuntu 12.04.
>
> my pipeline order is:
> pipeline = catch_errors healthcheck cache swift3 s3token authtoken
> keystone proxy-server
>
> [filter:s3token]
> paste.filter_factory = keystone.middleware.s3_token:filter_factory
> auth_port = 35357
> auth_host = xxx.xxx.xxx.xxx
> auth_protocol = http
> service_protocol = http
> service_port = 5000
> service_host = xxx.xxx.xxx.xxx
> admin_tenant_name = sam
> admin_user = sam
> admin_password = xxx
> admin_token = xxx
> auth_token = xxx
>
> When I try for instance to do a cloud-publish-tarball in ubuntu with
> one of the uec images it works initially but then starts to fail.
>
> In swift the container is created and some files get uploaded but then
> I start getting 401s from keystone.
>
> Debugging this in keystone I see the credentials being sent to
> keystone have "notchecked" as the access parameter after about the 3rd
> request.
>
> {"credentials": {"access": "notchecked", "token":
> "R0VUCgoKVGh1LCAyNiBBcHIgMjAxMiAwMzoyNTo0MiBHTVQKL3Rlc3Qv",
> "signature": "+XGyhuz7pmcnrQG1Kh45ihRCp1o="}}
>
> Am I doing something wrong or is this a bug that needs reporting?
>
> Cheers,
> Sam