← Back to team overview

openstack team mailing list archive

Re: swfit / keystone auth

 

On Tue, 13 Dec 2011 11:27:28 -0500
andi abes <andi.abes@xxxxxxxxx> wrote:

> A few questions (about keystone 2012.1)

Just to facilitate the tip-sharing, here's what I know - not being
an expert in either Swift of Keystone.

> a) does the  swift middleware work with v1.0 or 2.0 auth?

I "heard" that v2.0 is not ready to be used with Swift. BTW, I am at
swift 1.4.3, maybe it wasn't back then. Your 2012.1 should be Essex,
which, AFAIK, is not even branched yet. Anyhow, I configured /v1
(no JSON, just good old X-Storage-Url etc.).

> b) are folks using swift-keystone2 or the middleware bundled with keystone
> (auth_token + swift_auth).

I am not quite sure what to make out of this question, but here's
what I have, middleware-related

/etc/swift/proxy-server.conf:
[pipeline:main]
pipeline = healthcheck cache keystone proxy-server
[filter:keystone]
use = egg:keystone#tokenauth
auth_protocol = http
#auth_host = 127.0.0.1
auth_host = 192.168.129.18
auth_port = 35357
admin_token = 758ce883df47
delay_auth_decision = 0
service_protocol = http
service_host = 192.168.129.18
service_port = 5000
service_pass = dTpw
 <---- I know that keystone ignores a bunch of these

[DEFAULT]
service-header-mappings = {
	'nova' : 'X-Server-Management-Url',
	'swift' : 'X-Storage-Url',
	'cdn' : 'X-CDN-Management-Url'}
[pipeline:admin]
pipeline = urlrewritefilter admin_api
[pipeline:keystone-legacy-auth]
pipeline = urlrewritefilter legacy_auth RAX-KEY-extension service_api
[filter:legacy_auth]
paste.filter_factory = keystone.frontends.legacy_token_auth:filter_factory

> c) when trying to use auth_token and swift_auth, I see the keystone log
> below trying to stat an account. []

Curious...

> This was triggered with:
>  swift -A http://192.168.124.82:5000/v2.0/ -V 2.0 -U openstack:user -K
> password stat

My tests run like so:
 swift -A http://kvm-rei:5000/v1.0 -U admin -K adminpass stat -v

-- Pete


References