← Back to team overview

openstack team mailing list archive

Swift & Keystone configuration in Essex release and possible logging issue

 

When configuring the paste pipeline for Swift's proxy, it appears that you must explicitly state the service and authentication protocol as http if you're not using an SSL connection, as this is the default.  The current configuration section of the keystone documentation doesn't make this clear.  

My sample proxy-server.conf file for the Essex packages in the Ubuntu 12.04LTS beta thus looks as follows:

DEFAULT]
bind_port = 8080
bind_ip = 172.16.1.5
user = swift
log_name = SWIFT_PROXY
log_level = DEBUG
log_headers = True

[pipeline:main]
pipeline = catch_errors healthcheck cache swift3 s3token authtoken keystone prox
y-server
#pipeline = catch_errors healthcheck cache authtoken keystone proxy-server

[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true

[filter:swift3]
use = egg:swift#swift3

[filter:s3token]
paste.filter_factory = keystone.middleware.s3_token:filter_factory
auth_port = 5000
auth_host = essex1
auth_protocol = http

[filter:keystone]
paste.filter_factory = keystone.middleware.swift_auth:filter_factory
operator_roles = admin, swiftoperator, Admin, SwiftOperator

[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
delay_auth_decision = 1
service_protocol = http
service_port = 5000
service_host = essex1
auth_protocol = http
auth_port = 35357
auth_host = essex1
auth_token = ADMIN8475760012
admin_token = ADMIN8475760012

[filter:catch_errors]
use = egg:swift#catch_errors

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:cache]
use = egg:swift#memcache
memcache_server = 127.0.0.1:11211

Also, setting the log_level in the proxy's configuration file does not enable logging in the keystone authentication modules included in the paste pipeline.  To discover this configuration bug, I needed to hack the auth_token.py module to get logging to work (copied from swift's catch_errors.py module) and discover that it was trying to connect via an SSL connection.  Is this a bug?  Otherwise auth_token.py will report a "no handler" exception.

Regards,
Ross