[Openstack] s3token swift returns 403

Axel Christiansen axel.christiansen at softreset.de
Mon Aug 12 09:42:21 UTC 2013


Dear List.



some how i can not manage it to get the s3token working. Hope one can
give me i hint.


I am using grizzly swift with keystone. The s3 related stuff gets
called. Keystone does authenticate the request. But at the end swift
returns a HTTP 403.



Since the container is also world readable, this is the static URL to an
object:
http://api.opencloudstorage.de/v1/AUTH_91630433a4184343b5ba1288f9c41eeb/pics/CIMG0677.jpg
-> "HTTP 200"


An nginx which injects the amazon access_key and secret_key is locatet
here:
http://85.158.7.250/pics/CIMG0677.jpg -> "HTTP 403"


Thank you! Axel




Here is a log sippet fot one request:

Aug 12 10:29:43 swift-proxy1 swift-proxy Calling Swift3 Middleware (txn:
tx16484911f7284cab9728b7f0c4bbac43)
Aug 12 10:29:43 swift-proxy1 swift-proxy {'headers': {'Accept': '*/*',
'User-Agent': 'Wget/1.11.4', 'Host': 'api.opencloudstorage.de',
'X-Amz-Date': 'Mon, 12 Aug 2013 08:29:45 GMT', 'Content-Type': None,
'Authorization': 'AWS
0ae2700061bc407ab3baba15d90bdd9c:00QZul/GMvbMB80Sl/zrA5VqLMQ='},
'environ': {'HTTP_AUTHORIZATION': 'AWS
0ae2700061bc407ab3baba15d90bdd9c:00QZul/GMvbMB80Sl/zrA5VqLMQ=',
'SCRIPT_NAME': '', 'REQUEST_METHOD': 'GET', 'HTTP_X_AMZ_DATE': 'Mon, 12
Aug 2013 08:29:45 GMT', 'PATH_INFO': '/pics/CIMG0677.jpg',
'SERVER_PROTOCOL': 'HTTP/1.0', 'HTTP_USER_AGENT': 'Wget/1.11.4',
'REMOTE_PORT': '51886', 'SERVER_NAME': '10.42.44.203', 'REMOTE_ADDR':
'10.42.44.201', 'eventlet.input': <eventlet.wsgi.Input object at
0x3d42e90>, 'wsgi.url_scheme': 'http', 'SERVER_PORT': '8080',
'wsgi.input': <swift.common.utils.InputProxy object at 0x3d428d0>,
'HTTP_HOST': 'api.opencloudstorage.de', 'wsgi.multithread': True,
'eventlet.posthooks': [], 'HTTP_ACCEPT': '*/*', 'wsgi.version': (1, 0),
'RAW_PATH_INFO': '/pics/CIMG0677.jpg', 'GATEWAY_INTERFACE': 'CGI/1.1',
'wsgi.run_once': False, 'wsgi.errors':
<swift.common.utils.LoggerFileObject object at 0x2df7750>,
'wsgi.multiprocess': False, 'swift.trans_id':
'tx16484911f7284cab9728b7f0c4bbac43', 'CONTENT_TYPE': None,
'swift.cache': <swift.common.memcached.MemcacheRing object at 0x3d423d0>}}
Aug 12 10:29:43 swift-proxy1 swift-proxy Calling S3Token middleware.
(txn: tx16484911f7284cab9728b7f0c4bbac43)
Aug 12 10:29:43 swift-proxy1 swift-proxy Connecting to Keystone sending
this JSON: {"credentials": {"access":
"0ae2700061bc407ab3baba15d90bdd9c", "token":
"R0VUCgoKCngtYW16LWRhdGU6TW9uLCAxMiBBdWcgMjAxMyAwODoyOTo0NSBHTVQKL3BpY3MvQ0lNRzA2NzcuanBn",
"signature": "00QZul/GMvbMB80Sl/zrA5VqLMQ="}} (txn:
tx16484911f7284cab9728b7f0c4bbac43)
Aug 12 10:29:44 swift-proxy1 swift-proxy Keystone Reply: Status: 200,
Output: {"access": {"token": {"issued_at": "2013-08-12T08:29:44.840217",
"expires": "2013-08-13T08:29:44Z", "id":
"c0b45cd96a2a434085a999df51ad5041", "tenant": {"id":
"91630433a4184343b5ba1288f9c41eeb", "enabled": true, "domain_id":
"default", "name": "23000-001-perftest", "description": "for performance
testing"}}, "serviceCatalog": [{"endpoints": [{"adminURL":
"http://10.42.46.210:8774/v2/91630433a4184343b5ba1288f9c41eeb",
"region": "Hamburg (HAM)", "internalURL":
"http://10.42.46.210:8774/v2/91630433a4184343b5ba1288f9c41eeb", "id":
"bc90a602f2a14e2889fa6024166e7ef1", "publicURL":
"http://10.42.46.210:8774/v2/91630433a4184343b5ba1288f9c41eeb"}],
"endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints":
[{"adminURL": "http://10.42.44.210:9292", "region": "Hamburg (HAM)",
"internalURL": "http://10.42.44.210:9292", "id":
"3278d653d9b84066bc755c22a177fe03", "publicURL":
"http://10.42.46.210:9292"}], "endpoints_links": [], "type": "image",
"name": "glance"}, {"endpoints": [{"adminURL":
"http://10.42.46.210:8776/v1/91630433a4184343b5ba1288f9c41eeb",
"region": "Hamburg (HAM)", "internalURL":
"http://10.42.46.210:8776/v1/91630433a4184343b5ba1288f9c41eeb", "id":
"9a0e5aac68de4b5fb2b27e67e652ee2b", "publicURL":
"http://10.42.46.210:8776/v1/91630433a4184343b5ba1288f9c41eeb"}],
"endpoints_links": [], "type": "volume", "name": "cinder"},
{"endpoints": [{"adminURL": "http://10.42.46.206:8773/services/Admin",
"region": "Hamburg (HAM)", "internalURL":
"http://10.42.44.206:8773/services/Cloud", "id":
"48022dc337884116928e8d6562c9e206", "publicURL":
"http://10.42.46.206:8773/services/Cloud"}], "endpoints_links": [],
"type": "ec2", "name": "ec2"}, {"endpoints": [{"adminURL":
"https://api.opencloudstorage.de/v1", "region": "Hamburg (HAM)",
"internalURL":
"https://api.opencloudstorage.de/v1/AUTH_91630433a4184343b5ba1288f9c41eeb",
"id": "43017605582f49ecac0d9beb7fa9e3ef", "publicURL":
"https://api.opencloudstorage.de/v1/AUTH_91630433a4184343b5b
Aug 12 10:29:44 swift-proxy1 swift-proxy Connecting with tenant:
91630433a4184343b5ba1288f9c41eeb (txn: tx16484911f7284cab9728b7f0c4bbac43)
Aug 12 10:29:44 swift-proxy1 swift-proxy 10.42.44.201 10.42.44.201
12/Aug/2013/08/29/44 GET
/v1/AUTH_91630433a4184343b5ba1288f9c41eeb/pics/CIMG0677.jpg HTTP/1.0 403
- Wget/1.11.4 c0b45cd96a2a434085a999df51ad5041 - 124 -
tx16484911f7284cab9728b7f0c4bbac43
Authorization%3A%20AWS%200ae2700061bc407ab3baba15d90bdd9c%3A00QZul/GMvbMB80Sl/zrA5VqLMQ%3D%0AX-Amz-Date%3A%20Mon%2C%2012%20Aug%202013%2008%3A29%3A45%20GMT%0AX-Auth-Token%3A%20c0b45cd96a2a434085a999df51ad5041%0AUser-Agent%3A%20Wget/1.11.4%0AHost%3A%20api.opencloudstorage.de%0AAccept%3A%20%2A/%2A%0AContent-Type%3A%20None
0.0770 -
Aug 12 10:29:44 localhost haproxy[32401]: 85.158.7.250:53211
[12/Aug/2013:10:29:44.695] app swift-proxy/swift-proxy-1 0/0/0/79/+79
403 +173 - - ---- 3/3/1/1/0 0/0 "GET /pics/CIMG0677.jpg HTTP/1.0"




More information about the Openstack mailing list