Open Stack

The URL http://192.168.20.7:5000/auth/v1.0 is not one supported by
keystone; does that command work if you use http://<AUTH_HOSTNAME>:5000/v2.0
 instead?

For anyone interested, direct link to the doc in question:
http://docs.openstack.org/essex/openstack-compute/install/apt/content/verify-swift-installation.html

-Dolph

On Sat, Jun 16, 2012 at 6:04 AM, udit agarwal <fzdudit at gmail.com> wrote:

> Hi,
>   I am setting up openstack in my lab. I followed the manual
> http://docs.openstack.org/essex/openstack-compute/install/apt/content/for installing & configuring it. I have already setup keystone, glance and
> swift all well on my system. But I am having problems in setting up swift.
> The command  "swift -V 2.0 -A http://192.168.20.7:5000/v2.0 -U
> openstackDemo:adminUser -K 1234qwer stat"   worked fine. But when I
> executed the command "curl -k -v -H 'X-Storage-User:
> openstackDemo:adminUser' -H 'X-Storage-Pass: 1234qwer'
> http://192.168.20.7:5000/auth/v1.0", I got the following output:
>
> * About to connect() to 192.168.20.7 port 5000 (#0)
> *   Trying 192.168.20.7...
> * connected
> * Connected to 192.168.20.7 (192.168.20.7) port 5000 (#0)
> > GET /auth/v1.0 HTTP/1.1
> > User-Agent: curl/7.22.0 (x86_64-unknown-linux-gnu) libcurl/7.25.0
> OpenSSL/1.0.1c zlib/1.2.5 libidn/1.22 libssh2/1.4.0
> > Host: 192.168.20.7:5000
> > Accept: */*
> > X-Storage-User: openstackDemo:adminUser
> > X-Storage-Pass: 1234qwer
> >
> < HTTP/1.1 404 Not Found
> < Content-Length: 154
> < Content-Type: text/html; charset=UTF-8
> < Date: Sat, 16 Jun 2012 08:04:57 GMT
> <
> <html>
>  <head>
>   <title>404 Not Found</title>
>  </head>
>  <body>
>   <h1>404 Not Found</h1>
>   The resource could not be found.<br /><br />
>
>
>
>  </body>
> * Connection #0 to host 192.168.20.7 left intact
> * Closing connection #0
>
> My proxy-server.conf file is as follows:
>
> [DEFAULT]
> # bind_ip = 0.0.0.0
> bind_port = 8888
> # backlog = 4096
> # swift_dir = /etc/swift
> #workers = 8
> user = swift
> #cert_file = /etc/swift/cert.crt
> #key_file = /etc/swift/cert.key
> # expiring_objects_container_divisor = 86400
> # You can specify default log routing here if you want:
> # log_name = swift
> # log_facility = LOG_LOCAL0
> # log_level = INFO
>
> [pipeline:main]
> pipeline = catch_errors healthcheck cache authtoken keystone proxy-server
>
> [app:proxy-server]
> use = egg:swift#proxy
> # You can override the default log routing for this app here:
> # set log_name = proxy-server
> # set log_facility = LOG_LOCAL0
> # set log_level = INFO
> # set access_log_name = proxy-server
> # set access_log_facility = LOG_LOCAL0
> # set access_log_level = INFO
> # set log_headers = False
> # recheck_account_existence = 60
> # recheck_container_existence = 60
> # object_chunk_size = 8192
> # client_chunk_size = 8192
> # node_timeout = 10
> # client_timeout = 60
> # conn_timeout = 0.5
> # How long without an error before a node's error count is reset. This will
> # also be how long before a node is reenabled after suppression is
> triggered.
> # error_suppression_interval = 60
> # How many errors can accumulate before a node is temporarily ignored.
> # error_suppression_limit = 10
> # If set to 'true' any authorized user may create and delete accounts; if
> # 'false' no one, even authorized, can.
> #allow_account_management = true
> # Set object_post_as_copy = false to turn on fast posts where only the
> metadata
> # changes are stored anew and the original data file is kept in place. This
> # makes for quicker posts; but since the container metadata isn't updated
> in
> # this mode, features like container sync won't be able to sync posts.
> # object_post_as_copy = true
> # If set to 'true' authorized accounts that do not yet exist within the
> Swift
> # cluster will be automatically created.
> account_autocreate = true
> # If set to a positive value, trying to create a container when the account
> # already has at least this maximum containers will result in a 403
> Forbidden.
> # Note: This is a soft limit, meaning a user might exceed the cap for
> # recheck_account_existence before the 403s kick in.
> # max_containers_per_account = 0
> # This is a comma separated list of account hashes that ignore the
> # max_containers_per_account cap.
> # max_containers_whitelist =
>
> # [filter:tempauth]
> # use = egg:swift#tempauth
> # You can override the default log routing for this filter here:
> # set log_name = tempauth
> # set log_facility = LOG_LOCAL0
> # set log_level = INFO
> # set log_headers = False
> # The reseller prefix will verify a token begins with this prefix before
> even
> # attempting to validate it. Also, with authorization, only Swift storage
> # accounts with this prefix will be authorized by this middleware. Useful
> if
> # multiple auth systems are in use for one Swift cluster.
> # reseller_prefix = AUTH
> # The auth prefix will cause requests beginning with this prefix to be
> routed
> # to the auth subsystem, for granting tokens, etc.
> # auth_prefix = /auth/
> # token_life = 86400
> # This is a comma separated list of hosts allowed to send
> X-Container-Sync-Key
> # requests.
> # allowed_sync_hosts = 127.0.0.1
> # This allows middleware higher in the WSGI pipeline to override auth
> # processing, useful for middleware such as tempurl and formpost. If you
> know
> # you're not going to use such middleware and you want a bit of extra
> security,
> # you can set this to false.
> # allow_overrides = true
> # Lastly, you need to list all the accounts/users you want here. The
> format is:
> #   user_<account>_<user> = <key> [group] [group] [...] [storage_url]
> # There are special groups of:
> #   .reseller_admin = can do anything to any account for this auth
> #   .admin = can do anything within the account
> # If neither of these groups are specified, the user can only access
> containers
> # that have been explicitly allowed for them by a .admin or
> .reseller_admin.
> # The trailing optional storage_url allows you to specify an alternate url
> to
> # hand back to the user upon authentication. If not specified, this
> defaults to
> # http[s]://<ip>:<port>/v1/<reseller_prefix>_<account> where http or https
> # depends on whether cert_file is specified in the [DEFAULT] section, <ip>
> and
> # <port> are based on the [DEFAULT] section's bind_ip and bind_port
> (falling
> # back to 127.0.0.1 and 8080), <reseller_prefix> is from this section, and
> # <account> is from the user_<account>_<user> name.
> # Here are example entries, required for running the tests:
> # user_admin_admin = admin .admin .reseller_admin
> https://192.168.20.7:8080/v1/AUTH_admin
> # user_test_tester = testing .admin https://192.168.20.7:8080/v1/AUTH_test
> # user_test2_tester2 = testing2 .admin
> # user_test_tester3 = testing3
>
>
> # [filter:swauth]
> #use = egg:swauth#swauth
> #super_admin_key = 1234qwer
> #default_swift_cluster = local#https://192.168.20.7:8080/v1
>
> [filter:keystone]
> paste.filter_factory = keystone.middleware.swift_auth:filter_factory
> operator_roles = admin, swiftoperator
> #default_swift_cluster = local#http://192.168.20.7:5000/v1
>
> [filter:authtoken]
> paste.filter_factory = keystone.middleware.auth_token:filter_factory
> delay_auth_decision = 10
> service_port = 5000
> service_host = 127.0.0.1
> auth_port = 35357
> auth_host = 127.0.0.1
> auth_token = ADMIN
> admin_token = ADMIN
> #default_swift_cluster = local#http://192.168.20.7:5000/v1
> auth_protocol = http
>
> [filter:healthcheck]
> use = egg:swift#healthcheck
> # You can override the default log routing for this filter here:
> # set log_name = healthcheck
> # set log_facility = LOG_LOCAL0
> # set log_level = INFO
> # set log_headers = False
>
> [filter:cache]
> use = egg:swift#memcache
> # You can override the default log routing for this filter here:
> set log_name = cache
> # set log_facility = LOG_LOCAL0
> # set log_level = INFO
> # set log_headers = False
> # Default for memcache_servers is to try to read the property from
> # memcache.conf (see memcache.conf-sample) or lacking that file, it will
> # default to the value below. You can specify multiple servers separated
> with
> # commas, as in: 10.1.2.3:11211,10.1.2.4:11211
> #memcache_servers = 192.168.20.7:11211
>
> # [filter:ratelimit]
> # use = egg:swift#ratelimit
> # You can override the default log routing for this filter here:
> # set log_name = ratelimit
> # set log_facility = LOG_LOCAL0
> # set log_level = INFO
> # set log_headers = False
> # clock_accuracy should represent how accurate the proxy servers' system
> clocks
> # are with each other. 1000 means that all the proxies' clock are accurate
> to
> # each other within 1 millisecond.  No ratelimit should be higher than the
> # clock accuracy.
> # clock_accuracy = 1000
> # max_sleep_time_seconds = 60
> # log_sleep_time_seconds of 0 means disabled
> # log_sleep_time_seconds = 0
> # allows for slow rates (e.g. running up to 5 sec's behind) to catch up.
> # rate_buffer_seconds = 5
> # account_ratelimit of 0 means disabled
> # account_ratelimit = 0
>
> # these are comma separated lists of account names
> # account_whitelist = a,b
> # account_blacklist = c,d
>
> # with container_limit_x = r
> # for containers of size x limit requests per second to r.  The container
> # rate will be linearly interpolated from the values given. With the values
> # below, a container of size 5 will get a rate of 75.
> # container_ratelimit_0 = 100
> # container_ratelimit_10 = 50
> # container_ratelimit_50 = 20
>
> # [filter:domain_remap]
> # use = egg:swift#domain_remap
> # You can override the default log routing for this filter here:
> # set log_name = domain_remap
> # set log_facility = LOG_LOCAL0
> # set log_level = INFO
> # set log_headers = False
> # storage_domain = example.com
> # path_root = v1
> # reseller_prefixes = AUTH
>
> [filter:catch_errors]
> use = egg:swift#catch_errors
> # You can override the default log routing for this filter here:
> # set log_name = catch_errors
> # set log_facility = LOG_LOCAL0
> # set log_level = INFO
> # set log_headers = False
>
> # [filter:cname_lookup]
> # Note: this middleware requires python-dnspython
> # use = egg:swift#cname_lookup
> # You can override the default log routing for this filter here:
> # set log_name = cname_lookup
> # set log_facility = LOG_LOCAL0
> # set log_level = INFO
> # set log_headers = False
> # storage_domain = example.com
> # lookup_depth = 1
>
> # Note: Put staticweb just after your auth filter(s) in the pipeline
> # [filter:staticweb]
> # use = egg:swift#staticweb
> # Seconds to cache container x-container-meta-web-* header values.
> # cache_timeout = 300
> # You can override the default log routing for this filter here:
> # set log_name = staticweb
> # set log_facility = LOG_LOCAL0
> # set log_level = INFO
> # set access_log_name = staticweb
> # set access_log_facility = LOG_LOCAL0
> # set access_log_level = INFO
> # set log_headers = False
>
> # Note: Put tempurl just before your auth filter(s) in the pipeline
> # [filter:tempurl]
> # use = egg:swift#tempurl
> #
> # The headers to remove from incoming requests. Simply a whitespace
> delimited
> # list of header names and names can optionally end with '*' to indicate a
> # prefix match. incoming_allow_headers is a list of exceptions to these
> # removals.
> # incoming_remove_headers = x-timestamp
> #
> # The headers allowed as exceptions to incoming_remove_headers. Simply a
> # whitespace delimited list of header names and names can optionally end
> with
> # '*' to indicate a prefix match.
> # incoming_allow_headers =
> #
> # The headers to remove from outgoing responses. Simply a whitespace
> delimited
> # list of header names and names can optionally end with '*' to indicate a
> # prefix match. outgoing_allow_headers is a list of exceptions to these
> # removals.
> # outgoing_remove_headers = x-object-meta-*
> #
> # The headers allowed as exceptions to outgoing_remove_headers. Simply a
> # whitespace delimited list of header names and names can optionally end
> with
> # '*' to indicate a prefix match.
> # outgoing_allow_headers = x-object-meta-public-*
>
> # Note: Put formpost just before your auth filter(s) in the pipeline
> # [filter:formpost]
> # use = egg:swift#formpost
>
> # Note: Just needs to be placed before the proxy-server in the pipeline.
> # [filter:name_check]
> # use = egg:swift#name_check
> # forbidden_chars = '"`<>
> # maximum_length = 255
>
> Can anybody help me with this??
> Thanks in advance.
>
> --Udit Agarwal
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120616/eb07c87a/attachment.html>