openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #07224
Re: Swift S3 with Keystone anyone?
We have a developer (Chmouel Boudjnah) working on getting S3 Auth/Keystone(light)/ACLs all working together. The hope is that we can have a viable production-ready alternative to nova-objectstore to support euca-upload-bundle.
He is very close to having it all working and he was hoping to have it ready by the bugfix day, so hopefully he can respond with more info. When we have it all working, we will prepare some documentation to help out in getting things configured and perhaps add it as an option to devstack.
Vish
On Feb 1, 2012, at 10:15 PM, Kuo Hugo wrote:
> I would love to know more about this topic too.
> push....
>
> Hugo Kuo
>
> 2012/2/2 Pete Zaitcev <zaitcev@xxxxxxxxxx>
> Hello:
>
> Does anyone happen to have Swift running with S3 and Keystone? If yes,
> send me the proxy-server.conf, please. Also, I'd like to ask a few
> questions, if I may. I tried to piece it together from the code,
> but failed.
>
> The authentication is done with a special hook into Keystone. It supplies
> middleware, keystone/keystone/middleware/s3_token.py, which invokes
> a POST to v2 Keysone with OS-KSS3:s3Credentials, then sets a req. header
> X-Auth-Token. So far so good.
>
> However, how does it fit in with Swift? The actual S3 operations are
> implemented by swift/common/middleware/swift3.py, which rolls up the
> canonical string, then stuffs it into env['HTTP_X_AUTH_TOKEN'].
> The intent is, as I understand, to invoke the special purpose
> code in tempauth and thus is useless for Keystone. So, how is this
> supposed to work?
>
> I imagine the pipeline should look something like this:
>
> [pipeline:main]
> pipeline = healthcheck cache s3auth swift3 proxy-server
>
> [filter:s3auth]
> use = egg:keystone#swiftauth
> service_protocol = http
> service_host = 192.168.129.18
> service_port = 5000
>
> [filter:swift3]
> use = egg:swift#swift3
>
> Except... There is no entry point for s3_auth in keystone egg.
>
> Documentation seems to be absent. I suppose I could put it together,
> if I got it all working at least once.
>
> Confused,
> -- Pete
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
>
>
> --
> +Hugo Kuo+
> tonytkdk@xxxxxxxxx
> hugo.kuo@xxxxxxxxxxxx
> +886-935-004-793
>
> www.cloudena.com
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
References