[Openstack] [SWIFT] Swift + Keystone Auth account recovery

Devendran Jagadisan devendran.jagadisan at gmail.com
Tue Jun 3 07:58:17 UTC 2014


Hi Brian,

Yes, it's more like an hack job by deleting the sqlite db files for the
deleted account.
I believe the account is marked as deleted in the sqlite database.

The account folder/directory for the tenant is value of md5sum
AUTH_XXXSWIFT_HASH, where the xxx is the tenant-id and swift_hash
from the proxy swift.conf file

In the storage nodes, under /srv/node find for the directory with same name
as md5sum output and delete the .db & .db.pending.
The swift that I was working had three replicas so I did find all the three
copies and removed them.

Cheers,
Devendran




On Mon, Jun 2, 2014 at 6:15 PM, Brian Cline <bcline at softlayer.com> wrote:

> Hi Devendran,
>
> Were you able to resolve this issue?
>
> Brian
>
> -----Original Message-----
> From: Devendran Jagadisan [mailto:devendran.jagadisan at gmail.com]
> Sent: Monday, August 05, 2013 5:56 PM
> To: openstack at lists.openstack.org
> Subject: [Openstack] [SWIFT] Swift + Keystone Auth account recovery
>
> Hi,
>
> Using swift 1.8.0 with keystone auth and I suspect due to this
> https://bugs.launchpad.net/swift/+bug/1177526,
> one of my user may have deleted their account by sending delete request
> using curl.
>
> The user only has the member role in their tenant.
>
> proxy-server.conf  is
>
> [app:proxy-server]
> use = egg:swift#proxy
> allow_account_management = true
> account_autocreate = true
>
> [filter:keystone]
> use = egg:swift#keystoneauth
> operator_roles = Admin,Member,admin, swiftoperator, _member_, ResellerAdmin
> is_admin = true
>
>
> Swift CLI returns either
> Account HEAD failed:    403 Forbidden
> Account GET failed: 403 Forbidden   Recently deleted
>
> Dashboard for Object store returns 'Error: Unable to retrieve container
> list'
>
> Proxy server logs
> 'proxy-server Could not autocreate account
> 'AUTH_e08380fcb814436ab28ac2ddb45466f1' (txn:
> tx61c50f079b864633944b52d143a39985) (client_ip: '
>
> At this stage I am pretty sure the containers and objects are removed as
> the delay_reaping is set to the default value.
>
> Is there any way to re-create the account for the user, at least to allow
> user to access their
> account and create containers again?
>
>
> Thanks,
> Devendran
>
>
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140603/f7b57d8e/attachment.html>


More information about the Openstack mailing list