[Openstack] [swift] Using --debug option to list curl commands
Snider, Tim
Tim.Snider at netapp.com
Mon Oct 7 14:32:02 UTC 2013
I'd like to use curl to access a Ceph cluster. The swift API works and I thought I could use the debug option to look at the curl commands generated for access.
Does the --debug option of swift print the entire command for all curl commands during execution?
Debug output from the 2nd curl command in the example below doesn't seem to show all the headers -- authentication header(s) specifically.
Entering the command by hand results in a 403 response.
I'd like to understand how the authentiation token is generated from the tenant (rados) user (swift) and the swift secret_key.
The following token is generated:
"AUTH_rgwtk0b0000007261646f733a7377696674046eff2c9ac6a5041b00545248a7893b900677683adaaca1095128b6edf8fc378d7d49d8"
The first part looks like a header: 'AUTH_rgwtk', (rados gateway token) a length == 11 and a prefix == rados:swift
AUTH_rgwtk 0b 00000072 61 64 6f 73 3a 73 77 69 66 74
length = 0xb r a d o s : s w i f t
How is the remainder of the token generated? It doesn't appear to be unencoded or a plain hex/ascii translatation of the ceph keys shown by the radowgw-admin command.
046eff2c 9ac6a504 1b00545 248a7893 b9006776 83adaaca 1095128 b6edf8fc 378d7d49 d8
Get the ceph user information:
root at controller21:~/ssbench-0.2.16# radosgw-admin user info --uid=rados
2013-10-07 05:55:34.804639 7ff1c3f6c780 0 WARNING: cannot read region map
{ "user_id": "rados",
"display_name": "rados",
"email": "non at none.com",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [
{ "id": "rados:swift",
"permissions": "full-control"},
{ "id": "rados:swift1",
"permissions": "full-control"}],
"keys": [
{ "user": "rados",
"access_key": "R5F0D2UCSK3618DJ829A",
"secret_key": "PJR1rvV2+Xrzlwo+AZZKXextsDl45EaLljzopgjD"}],
"swift_keys": [
{ "user": "rados:swift",
"secret_key": "77iJvemrxWvYk47HW7pxsL+eHdA53AtLl2T0OyuG"},
{ "user": "rados:swift1",
"secret_key": "l9Xlg66JvbNvMmZAj91AeQByEiP8R8sBahCJeqAG"}],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"placement_tags": []}
Use the debug option in swift to look at the curl commands generated:
swift --debug -V 1.0 -A http://ictp-R2C4-Controller21.ict.englab.netapp.com/auth -U rados:swift -K "77iJvemrxWvYk47HW7pxsL+eHdA53AtLl2T0OyuG" list
This one appears to be incomplete:
DEBUG:swiftclient:REQ: curl -i http://ictp-R2C4-Controller21.ict.englab.netapp.com/auth -X GET
DEBUG:swiftclient:RESP STATUS: 204
Want to understand how this key was generated:
DEBUG:swiftclient:REQ: curl -i http://ictp-R2C4-Controller21.ict.englab.netapp.com/swift/v1?format=json -X GET -H"X-Auth-Token: AUTH_rgwtk0b0000007261646f733a7377696674046eff2c9ac6a5041b00545248a7893b900677683adaaca1095128b6edf8fc378d7d49d8"
The swift command works:
DEBUG:swiftclient:RESP STATUS: 200
DEBUG:swiftclient:RESP BODY: [{"name":"ssbench_000000","count":832,"bytes":85196800},...{"name":"xxx","count":1,"bytes":604}]
ssbench_000000
ssbench_000099
xxx
DEBUG:swiftclient:REQ: curl -i http://ictp-R2C4-Controller21.ict.englab.netapp.com/swift/v1?format=json&marker=xxx -X GET -H "X-Auth-Token: AUTH_rgwtk0b0000007261646f733a7377696674046eff2c9ac6a5041b00545248a7893b900677683adaaca1095128b6edf8fc378d7d49d8"
DEBUG:swiftclient:RESP STATUS: 200
DEBUG:swiftclient:RESP BODY: []
Entering the 2nd curl command by hand fails:
root at controller21:~/ssbench-0.2.16# curl -i http://ictp-R2C4-Controller21.ict.englab.netapp.com/auth -X GET
HTTP/1.1 403 Forbidden
Date: Mon, 07 Oct 2013 14:06:30 GMT
Server: Apache/2.2.22 (Ubuntu)
Accept-Ranges: bytes
Content-Length: 23
Content-Type: application/json
Thanks,
Tim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20131007/8589978e/attachment.html>
More information about the Openstack
mailing list