← Back to team overview

openstack team mailing list archive

Re: Swift S3 with Keystone anyone?

 

Hi,

2012/02/02 18:44 "Akira Yoshiyama" <akirayoshiyama@xxxxxxxxx>:
>
> Hi,
>
> Please check the review:
> https://review.openstack.org/#q,3076,n,z
>
> Use swiftauth and s3token middleware and you may be able to do what you
want. I'm sorry that I haven't try it.
>
> Or, you can use authtoken and _patched_ swift3 middleware. You'll find
the patch in the view above.

That's wrong. You can use _s3token_, authtoken and patched swift3.

I modified the wiki:
http://wiki.openstack.org/Keystone-BP-S3Token

I added authtoken in main pipeline just now.

Regards,
Akira Yoshiyama

>
> 2012/02/02 14:47 "Pete Zaitcev" <zaitcev@xxxxxxxxxx>:
>
>> Hello:
>>
>> Does anyone happen to have Swift running with S3 and Keystone? If yes,
>> send me the proxy-server.conf, please. Also, I'd like to ask a few
>> questions, if I may. I tried to piece it together from the code,
>> but failed.
>>
>> The authentication is done with a special hook into Keystone. It supplies
>> middleware, keystone/keystone/middleware/s3_token.py, which invokes
>> a POST to v2 Keysone with OS-KSS3:s3Credentials, then sets a req. header
>> X-Auth-Token. So far so good.
>>
>> However, how does it fit in with Swift? The actual S3 operations are
>> implemented by swift/common/middleware/swift3.py, which rolls up the
>> canonical string, then stuffs it into env['HTTP_X_AUTH_TOKEN'].
>> The intent is, as I understand, to invoke the special purpose
>> code in tempauth and thus is useless for Keystone. So, how is this
>> supposed to work?
>>
>> I imagine the pipeline should look something like this:
>>
>>  [pipeline:main]
>>  pipeline = healthcheck cache s3auth swift3 proxy-server
>>
>>  [filter:s3auth]
>>  use = egg:keystone#swiftauth
>>  service_protocol = http
>>  service_host = 192.168.129.18
>>  service_port = 5000
>>
>>  [filter:swift3]
>>  use = egg:swift#swift3
>>
>> Except... There is no entry point for s3_auth in keystone egg.
>>
>> Documentation seems to be absent. I suppose I could put it together,
>> if I got it all working at least once.
>>
>> Confused,
>> -- Pete
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp

Follow ups

References