openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #05299
Re: Swift ACL can't work in RHEL6.1
Hello,
You probably want to have latest keystone version, if you want to test
swift-keystone2 pretty easily you can use devstack
(http://devstack.org) which has swift and keystone2 integrated. You
just have to make sure to have swift enabled in ENABLED_SERVICES
variable.
Chmouel.
On Thu, Nov 3, 2011 at 5:38 PM, Li Hua <neakli@xxxxxxxxx> wrote:
>
> Hi Chmouel,
> Thank you for your information.
>
> I installed swift-keystone2 and modified proxy-server.conf.
> BUT authentication maybe not work well. for example, I want to check demo's status using the
> following command.
> [root@node01 ~]# swift -A http://127.0.0.1:5000/v1.0 -U demo -K password stat
> Account HEAD failed: http://api.cloud.com:8080/v1/AUTH_2 403 Forbidden
> [root@node01 ~]# swift -A http://127.0.0.1:5000/v1.0 -U demo -K password post test_container
> Container POST failed: http://api.cloud.com:8080/v1/AUTH_2/test_container 403 Forbidden
> ALL operation (HEAD/PUT/POST/GET) will be returned with 403 Forbidden.
> But if I change proxy-server.conf back to the old config. ALL operation (HEAD/PUT/POST/GET)
> are ok.
> Keystone version: openstack-keystone-2011.3-b475.noarch
> Swift version:
> openstack-swift-1.4.3-b447.noarch
> openstack-swift-account-1.4.3-b447.noarch
> openstack-swift-proxy-1.4.3-b447.noarch
> openstack-swift-object-1.4.3-b447.noarch
> openstack-swift-container-1.4.3-b447.noarch
> proxy-server.conf
> [DEFAULT]
> bind_port = 8080
> user = swift
> [pipeline:main]
> pipeline = catch_errors cache keystone2 proxy-server
> [app:proxy-server]
> use = egg:swift#proxy
> account_autocreate = true
> log_facility = LOG_LOCAL1
> log_level = DEBUG
> [filter:keystone2]
> use = egg:swiftkeystone2#keystone2
> keystone_admin_token = 999888777666
> keystone_url = http://127.0.0.1:5001/v2.0 ( 5001 for admin api port, 5000 for service api port)
> [filter:cache]
> use = egg:swift#memcache
> set log_name = cache
> [filter:catch_errors]
> use = egg:swift#catch_errors
>
> Does it need to upgrade keystone to the latest version ? How to debug keystone2 ?
>
> Regards,
> Li Hua
>
>
> On Thu, Nov 3, 2011 at 3:29 PM, Chmouel Boudjnah <Chmouel.Boudjnah@xxxxxxxxxxxxxxx> wrote:
>>
>> Hi Li,
>> Swift middleware shipped with keystone doesn't support ACL, you may want to try this middleware instead :
>> https://github.com/cloudbuilders/swift-keystone2
>> Chmouel.
>> On 3 Nov 2011, at 05:45, Li Hua wrote:
>>
>> Hi Folks,
>> I set up a SAIO test environment in RHEL6.1 using openstack-swift-1.4.3-b447.noarch from
>> http://yum.griddynamics.net/yum/diablo-centos/ ;.
>> I want to test the container Read/Write access permission using the following steps.
>> Creating a container with read access permission for anyone.
>> [root@node01 ~]# swift -A http://127.0.0.1:5000/v1.0 -U demo -K password post -r '.r:*' testcontainer
>>
>> Checking the stat of container:
>> [root@node01 ~]# swift -A http://127.0.0.1:5000/v1.0 -U demo -K password stat testcontainer Account: AUTH_2
>> Container: testcontainer
>> Objects: 0
>> Bytes: 0
>> Read ACL:
>> Write ACL:
>> Sync To:
>> Sync Key:
>> Accept-Ranges: bytes
>> X-Trans-Id: tx1c0e9c6220ea433a90713c160a88b33f
>>
>> It seems that testcontainer still has no Read ACL. Any comments ? thanks.
>>
>> Regards,
>> Li Hua
>>
>>
>>
>> Chmouel Boudjnah
>> Cloud Product Engineer
>> Tel: +442087344212
>> Fax: +44 20 8606 6111
>> Web:www.rackspace.co.uk
>>
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp
>>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
References