openstack team mailing list archive

Thread
Date

Re: Keystone + Swift integration

To: Leandro Reox <leandro.reox@xxxxxxxxx>, "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
From: Ziad Sawalha <ziad.sawalha@xxxxxxxxxxxxx>
Date: Sat, 26 Nov 2011 20:47:46 +0000
Accept-language: en-US
In-reply-to: <CAC9jWxO70fZ27--ufF2a69MKHVfHwJSRRZr5pUmQBZB2OauLFQ@mail.gmail.com>
Thread-index: AQHMqdt72j+O1CbQb022TYxHFWJcbpW/pYEA
Thread-topic: [Openstack] Keystone + Swift integration
User-agent: Microsoft-MacOutlook/14.13.0.110805

Hi Leandro -

As an aside, I notice in your commands you are creating a global endpoint template and then adding it to all your tenants. A global endpoint template should be added to all tenants by automatically (no need for the adds on each tenant).

I have just finished submitting a review of our docs with better explanation of endpoints and endpoint templates. It's not merged in yet so I attached a PDF version.

Ziad

From: Leandro Reox <leandro.reox@xxxxxxxxx<mailto:leandro.reox@xxxxxxxxx>>
Date: Wed, 23 Nov 2011 09:28:01 -0300
To: <openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>>
Subject: [Openstack] Keystone + Swift integration

Hi guys,

Anyone has a working proxy-server.conf and endpoint templates for swift, we're trying to integrate them but we always face a different error. We're using keystone from the Cloudbuilders repo and Swift release 1.4.3 .

When we test our environment all the POST and GETs via swift tool or CURL returns empty , and actually swift is not logging anything (any log config there too ? )

Here is our proxy-server.conf on swifts proxys :

[DEFAULT]
# Enter these next two values if using SSL certifications
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key
bind_port = 8080
workers = 8
user = swift

[pipeline:main]
# keep swauth in the line below if you plan to use swauth for authentication
pipeline = catch_errors cache keystone proxy-server

[app:proxy-server]
use = egg:swift#proxy
account_autocreate = true

[filter:keystone]
use = egg:keystone#tokenauth
auth_protocol = http
auth_host = 172.16.144.51
auth_port = 35357
admin_token = 1234567890
delay_auth_decision = 0
service_protocol = http
service_host = 172.16.144.51
service_port = 5000
service_pass = dTpw

[filter:cache]
use = egg:swift#memcache
memcache_servers = 172.16.168.10:11211<http://172.16.168.10:11211>,172.16.168.11:11211<http://172.16.168.11:11211>
set log_name = cache

[filter:catch_errors]
use = egg:swift#catch_errors

[filter:swift3]
use = egg:swift#swift3
log_facility = LOG_LOCAL1

And here is our endpoint template on keystone ( 172.16.0.88:8080<http://172.16.0.88:8080> is our proxys VIP) :

keystone-manage service add swift object-store "Swift Service"
keystone-manage endpointTemplates add RegionOne swift http://172.16.0.88:8080/v1/AUTH_%tenant_id% http://172.16.0.88:8080/ http://172.16.0.88:8080/v1/AUTH_%tenant_id% 1 1
keystone-manage endpoint add admin 4
keystone-manage endpoint add demo 4
keystone-manage endpoint add infra 4

When we request a token via curl, its all the info in the headers but when we do a

swift -A http://172.16.144.51:5000/v1.0 -U Max -K Infra post container
swift -A http://172.16.144.51:5000/v1.0 -U Max -K Infra  stat -v

Hangs forever and returns empty !

We have a very big swift environment running OK with swauth , but we want to integrate it with keystone , we should use the keystone2 swift middleware that comes with devstack instead of this ? What is wrong on the confs ?

Regards
Lele

_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx> Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp

Attachment: pdffodAZYNZaS.pdf
Description: Endpoints and Endpoint Templates ‹ Keystone 2012.1-dev documentation.pdf

References

Keystone + Swift integration
From: Leandro Reox, 2011-11-23