[Openstack] can all objects be stored under a single account?

pangj pangj at laposte.net
Fri Aug 23 07:32:55 UTC 2013


I changed the account name for tempauth in proxy-server.conf:

user_system_root = somepasswd .admin

As shown above I changed the "AUTH_system" to "TEST_system".
Then I restarted the proxy: swift-init proxy restart

To get the auth token:
curl -v -H 'X-Storage-User: system:root' -H 'X-Storage-Pass: somepasswd'

Then using the token to access the account:

$ curl -v -H "X-Auth-Token: AUTH_tkae821c50cb1247ccb88c0fb749dd5a88"
* About to connect() to port 8080 (#0)
*   Trying connected
 > GET /v1/TEST_system HTTP/1.1
 > User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 
OpenSSL/1.0.1 zlib/ libidn/1.23 librtmp/2.3
 > Host:
 > Accept: */*
 > X-Auth-Token: AUTH_tkae821c50cb1247ccb88c0fb749dd5a88
< HTTP/1.1 403 Forbidden
< Content-Length: 73
< Content-Type: text/html; charset=UTF-8
< Date: Fri, 23 Aug 2013 07:28:59 GMT
* Connection #0 to host left intact
* Closing connection #0
<html><h1>Forbidden</h1><p>Access was denied to this resource.</p></html>

Finally I got a 403 forbidden.
What's the problem? Thanks.

On 2013-8-23 10:31, John Dickinson wrote:
> The auth system and how you organize the data are separate. You can certainly store all objects in one account (although I'd recommend you spread the objects across many containers). You could also not use any auth at all (by removing tempauth or keystone from the pipeline in the proxy server config), although only you know if that's a good idea or not.

More information about the Openstack mailing list