openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #19239
Re: Fwd: [swift3] api - boto and libcloud => AccessDenied
Ah yes, you said that already - sorry. It looks like you missed the S3token
middleware in your proxy conf, see:
http://docs.openstack.org/trunk/openstack-compute/admin/content/configuring-swift-with-s3-emulation-to-use-keystone.html
On 7 December 2012 21:16, Antonio Messina <arcimboldo@xxxxxxxxx> wrote:
> I tried with the EC2 credentials too, but without luck.
>
> Do I need to create specific endpoints for s3 in keystone? Using what
> URLs? Is my configuration and code correct?
>
> .a.
>
>
>
> On Thu, Dec 6, 2012 at 11:46 PM, Blair Bethwaite <
> blair.bethwaite@xxxxxxxxx> wrote:
>
>> Hi Antonio,
>>
>> It sounds like you might be using the wrong credentials. The S3 layer
>> works with the EC2 credentials.
>>
>>
>> On 6 December 2012 06:33, Antonio Messina <arcimboldo@xxxxxxxxx> wrote:
>>
>>>
>>> Hi all,
>>>
>>> I'm trying to access SWIFT using the S3 API compatibility layer, but I
>>> always get an "AccessDenied".
>>>
>>> I'm running folsom on ubuntu precise 12.04 LTS, packages are from
>>> ubuntu-cloud.archive.canonical.com repository. Swift is correctly
>>> configured, login and password have been tested with the web interface and
>>> from command line. Glance uses it to store the images.
>>>
>>> I've installed swift-plugin-s3 and I've configured proxy-server.conf as
>>> follow:
>>>
>>> pipeline = catch_errors healthcheck cache ratelimit authtoken
>>> keystoneauth swift3 proxy-logging proxy-server
>>> [filter:swift3]
>>> use = egg:swift3#swift3
>>>
>>> I've then tried to connect using my keystone login and password (and
>>> I've also tried with the EC2 tokens, with the same result).
>>>
>>> The code I'm using is:
>>>
>>> from libcloud.storage.types import Provider as StorageProvider
>>> from libcloud.storage.providers import get_driver as get_storage_driver
>>>
>>> s3driver = get_storage_driver(StorageProvider.S3)
>>> s3 = s3driver(ec2access, ec2secret, secure=False, host=s3host, port=8080)
>>> s3.list_containers()
>>>
>>> What I get is:
>>>
>>> Traceback (most recent call last):
>>> File "<stdin>", line 1, in <module>
>>> File
>>> "/home/antonio/.virtualenvs/cloud/local/lib/python2.7/site-packages/libcloud/storage/drivers/s3.py",
>>> line 176, in list_containers
>>> response = self.connection.request('/')
>>> File
>>> "/home/antonio/.virtualenvs/cloud/local/lib/python2.7/site-packages/libcloud/common/base.py",
>>> line 605, in request
>>> connection=self)
>>> File
>>> "/home/antonio/.virtualenvs/cloud/local/lib/python2.7/site-packages/libcloud/common/base.py",
>>> line 93, in __init__
>>> raise Exception(self.parse_error())
>>> File
>>> "/home/antonio/.virtualenvs/cloud/local/lib/python2.7/site-packages/libcloud/storage/drivers/s3.py",
>>> line 68, in parse_error
>>> raise InvalidCredsError(self.body)
>>> libcloud.common.types.InvalidCredsError: '<?xml version="1.0"
>>> encoding="UTF-8"?>\r\n<Error>\r\n <Code>AccessDenied</Code>\r\n
>>> <Message>Access denied</Message>\r\n</Error>'
>>>
>>>
>>> Using boto instead:
>>>
>>> >>> import boto
>>> >>> s3conn = boto.s3.connection.S3Connection(
>>> aws_access_key_id=ec2access, aws_secret_access_key=ec2secret, port=s3port,
>>> host=s3host, is_secure=False,debug=3)
>>> >>> s3conn.get_all_buckets()
>>> send: 'GET / HTTP/1.1\r\nHost: cloud-storage1:8080\r\nAccept-Encoding:
>>> identity\r\nDate: Wed, 05 Dec 2012 19:25:00 GMT\r\nContent-Length:
>>> 0\r\nAuthorization: AWS
>>> 7c67d5b35b5a4127887c5da319c70a18:WXVx9AONXvIkDiIdg8rUnfncFnM=\r\nUser-Agent:
>>> Boto/2.6.0 (linux2)\r\n\r\n'
>>> reply: 'HTTP/1.1 403 Forbidden\r\n'
>>> header: Content-Type: text/xml; charset=UTF-8
>>> header: Content-Length: 124
>>> header: X-Trans-Id: tx7a823c742f624f2682bfddb19f31bcc2
>>> header: Date: Wed, 05 Dec 2012 19:24:42 GMT
>>> Traceback (most recent call last):
>>> File "<stdin>", line 1, in <module>
>>> File
>>> "/home/antonio/.virtualenvs/cloud/local/lib/python2.7/site-packages/boto/s3/connection.py",
>>> line 364, in get_all_buckets
>>> response.status, response.reason, body)
>>> boto.exception.S3ResponseError: S3ResponseError: 403 Forbidden
>>> <?xml version="1.0" encoding="UTF-8"?>
>>> <Error>
>>> <Code>AccessDenied</Code>
>>> <Message>Access denied</Message>
>>> </Error>
>>>
>>> Login and password work when using the command line tool `swift`.
>>>
>>> I think I may be missing something very basilar here, but I couldn't
>>> find so much documentation...
>>>
>>> Thanks in advance
>>>
>>> .a.
>>>
>>> --
>>> antonio.s.messina@xxxxxxxxx
>>> arcimboldo@xxxxxxxxx
>>> GC3: Grid Computing Competence Center
>>> http://www.gc3.uzh.ch/
>>> University of Zurich
>>> Winterthurerstrasse 190
>>> CH-8057 Zurich Switzerland
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~openstack
>>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~openstack
>>> More help : https://help.launchpad.net/ListHelp
>>>
>>>
>>
>>
>> --
>> Cheers,
>> ~Blairo
>>
>
>
>
> --
> antonio.s.messina@xxxxxxxxx
> arcimboldo@xxxxxxxxx
> GC3: Grid Computing Competence Center
> http://www.gc3.uzh.ch/
> University of Zurich
> Winterthurerstrasse 190
> CH-8057 Zurich Switzerland
>
--
Cheers,
~Blairo
Follow ups
References