[Openstack] Creating account and user in swift

Khaled Ben Bahri khaled-bbk at hotmail.com
Fri Jan 27 15:30:17 UTC 2012 

Hi Adrian,

When i add user in the same account of the admin,
I got this error when i tried to test the second user:
Account HEAD failed: https://127.0.0.1:8080/v1/AUTH_system 403 Forbidden

Khaled
From: Adrian_F_Smith at Dell.com
To: khaled-bbk at hotmail.com
CC: openstack at lists.launchpad.net
Date: Fri, 27 Jan 2012 15:14:50 +0000
Subject: RE: [Openstack] Creating account and user in swift



Here’s the documentation I was referring to,https://github.com/openstack/swift/blob/master/etc/proxy-server.conf-sample#L79 It states, # There are special groups of:#   .reseller_admin = can do anything to any account for this auth#   .admin = can do anything within the account# If neither of these groups are specified, the user can only access containers# that have been explicitly allowed for them by a .admin or .reseller_admin. Adrian  From: Khaled Ben Bahri [mailto:khaled-bbk at hotmail.com] 
Sent: Friday, January 27, 2012 2:14 PM
To: Smith, Adrian F
Cc: openstack at lists.launchpad.net
Subject: RE: [Openstack] Creating account and user in swift Hi,

.admin is not indicated to mention that the user is an admin for swift??
I think that we can create users who are not from the admin group

I changed that line to mention the name of account at the end of line but it still the same error
user_newaccount_user1 = passuser1 https://PROXY_IP:8080/v1/AUTH_newaccount

It still give the same error

can any one help me

KhaledFrom: Adrian_F_Smith at Dell.com
To: khaled-bbk at hotmail.com
CC: openstack at lists.launchpad.net
Date: Fri, 27 Jan 2012 11:19:57 +0000
Subject: RE: [Openstack] Creating account and user in swiftI’m guessing the problem is that the user isn’t a member of the “.admin” group. This is a requirement to perform operations on the root URL. To include the user in this group add .admin like this, user_newaccount_user1 = passuser1 .swift .admin https://PROXY_IP:8080/v1/AUTH_system Adrian From: openstack-bounces+adrian_f_smith=dell.com at lists.launchpad.net [mailto:openstack-bounces+adrian_f_smith=dell.com at lists.launchpad.net] On Behalf Of Khaled Ben Bahri
Sent: Friday, January 27, 2012 10:45 AM
To: openstack at lists.launchpad.net
Subject: [Openstack] Creating account and user in swift Hi folks,

I installed swift with "tempauth" authentication subsystem 
To create a user I have to write a new line in the proxy-server.conf on the section  [filter:temauth] like this :
user_system_root = testpass .admin https://PROXY_IP:8080/v1/AUTH_system

as i inderstood, the format is actually :
user_<account>_<user> = <key>  [group] [other options] [storage_url]

I added a new user in new account 
user_newaccount_user1 = passuser1 .swift https://PROXY_IP:8080/v1/AUTH_system

After that, to get an x url for this user by executing this commandcurl -k -v -H 'X-Storage-User: newaccount:user1' -H 'X-Storage-Pass: passuser1' https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0

When i want to check that I can HEAD the new account, I got the error 403 




root at ubuntu-KVM:/etc/swift# curl -k -v -H 'X-Auth-Token: AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658' https://x.x.x.x:8080/v1/AUTH_system
* About to connect() to x.x.x.x port 8080 (#0)
*   Trying x.x.x.x... connected
* Connected to x.x.x.x (x.x.x.x) port 8080 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
*        subject: C=FR; ST=Some-State; O=Internet Widgits Pty Ltd
*        start date: 2012-01-26 18:17:34 GMT
*        expire date: 2012-02-25 18:17:34 GMT
* SSL: unable to obtain common name from peer certificate
> GET /v1/AUTH_system HTTP/1.1
> User-Agent: curl/7.21.3 (x86_64-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: x.x.x.x:8080
> Accept: */*
> X-Auth-Token: AUTH_tk76c7fbcfa4864cea8d6bc09bf5731658
> 
< HTTP/1.1 403 Forbidden
< Content-Length: 157
< Content-Type: text/html; charset=UTF-8
< Date: Fri, 27 Jan 2012 10:00:57 GMT
< 
<html>
 <head>
  <title>403 Forbidden</title>
 </head>
 <body>
  <h1>403 Forbidden</h1>
  Access was denied to this resource.<br /><br />



 </body>
* Connection #0 to host x.x.x.x left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):



Can any one please know any thing about this

Best regards
Khaled  		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120127/5c4a2248/attachment.html>

More information about the Openstack mailing list