openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #19240
Re: Fwd: [swift3] api - boto and libcloud => AccessDenied
'swift-proxy.conf' is a typo for 'proxy-server.conf' right?
.a.
On Fri, Dec 7, 2012 at 11:23 AM, Blair Bethwaite
<blair.bethwaite@xxxxxxxxx>wrote:
> Ah yes, you said that already - sorry. It looks like you missed the
> S3token middleware in your proxy conf, see:
>
> http://docs.openstack.org/trunk/openstack-compute/admin/content/configuring-swift-with-s3-emulation-to-use-keystone.html
>
>
> On 7 December 2012 21:16, Antonio Messina <arcimboldo@xxxxxxxxx> wrote:
>
>> I tried with the EC2 credentials too, but without luck.
>>
>> Do I need to create specific endpoints for s3 in keystone? Using what
>> URLs? Is my configuration and code correct?
>>
>> .a.
>>
>>
>>
>> On Thu, Dec 6, 2012 at 11:46 PM, Blair Bethwaite <
>> blair.bethwaite@xxxxxxxxx> wrote:
>>
>>> Hi Antonio,
>>>
>>> It sounds like you might be using the wrong credentials. The S3 layer
>>> works with the EC2 credentials.
>>>
>>>
>>> On 6 December 2012 06:33, Antonio Messina <arcimboldo@xxxxxxxxx> wrote:
>>>
>>>>
>>>> Hi all,
>>>>
>>>> I'm trying to access SWIFT using the S3 API compatibility layer, but I
>>>> always get an "AccessDenied".
>>>>
>>>> I'm running folsom on ubuntu precise 12.04 LTS, packages are from
>>>> ubuntu-cloud.archive.canonical.com repository. Swift is correctly
>>>> configured, login and password have been tested with the web interface and
>>>> from command line. Glance uses it to store the images.
>>>>
>>>> I've installed swift-plugin-s3 and I've configured proxy-server.conf as
>>>> follow:
>>>>
>>>> pipeline = catch_errors healthcheck cache ratelimit authtoken
>>>> keystoneauth swift3 proxy-logging proxy-server
>>>> [filter:swift3]
>>>> use = egg:swift3#swift3
>>>>
>>>> I've then tried to connect using my keystone login and password (and
>>>> I've also tried with the EC2 tokens, with the same result).
>>>>
>>>> The code I'm using is:
>>>>
>>>> from libcloud.storage.types import Provider as StorageProvider
>>>> from libcloud.storage.providers import get_driver as get_storage_driver
>>>>
>>>> s3driver = get_storage_driver(StorageProvider.S3)
>>>> s3 = s3driver(ec2access, ec2secret, secure=False, host=s3host,
>>>> port=8080)
>>>> s3.list_containers()
>>>>
>>>> What I get is:
>>>>
>>>> Traceback (most recent call last):
>>>> File "<stdin>", line 1, in <module>
>>>> File
>>>> "/home/antonio/.virtualenvs/cloud/local/lib/python2.7/site-packages/libcloud/storage/drivers/s3.py",
>>>> line 176, in list_containers
>>>> response = self.connection.request('/')
>>>> File
>>>> "/home/antonio/.virtualenvs/cloud/local/lib/python2.7/site-packages/libcloud/common/base.py",
>>>> line 605, in request
>>>> connection=self)
>>>> File
>>>> "/home/antonio/.virtualenvs/cloud/local/lib/python2.7/site-packages/libcloud/common/base.py",
>>>> line 93, in __init__
>>>> raise Exception(self.parse_error())
>>>> File
>>>> "/home/antonio/.virtualenvs/cloud/local/lib/python2.7/site-packages/libcloud/storage/drivers/s3.py",
>>>> line 68, in parse_error
>>>> raise InvalidCredsError(self.body)
>>>> libcloud.common.types.InvalidCredsError: '<?xml version="1.0"
>>>> encoding="UTF-8"?>\r\n<Error>\r\n <Code>AccessDenied</Code>\r\n
>>>> <Message>Access denied</Message>\r\n</Error>'
>>>>
>>>>
>>>> Using boto instead:
>>>>
>>>> >>> import boto
>>>> >>> s3conn = boto.s3.connection.S3Connection(
>>>> aws_access_key_id=ec2access, aws_secret_access_key=ec2secret, port=s3port,
>>>> host=s3host, is_secure=False,debug=3)
>>>> >>> s3conn.get_all_buckets()
>>>> send: 'GET / HTTP/1.1\r\nHost: cloud-storage1:8080\r\nAccept-Encoding:
>>>> identity\r\nDate: Wed, 05 Dec 2012 19:25:00 GMT\r\nContent-Length:
>>>> 0\r\nAuthorization: AWS
>>>> 7c67d5b35b5a4127887c5da319c70a18:WXVx9AONXvIkDiIdg8rUnfncFnM=\r\nUser-Agent:
>>>> Boto/2.6.0 (linux2)\r\n\r\n'
>>>> reply: 'HTTP/1.1 403 Forbidden\r\n'
>>>> header: Content-Type: text/xml; charset=UTF-8
>>>> header: Content-Length: 124
>>>> header: X-Trans-Id: tx7a823c742f624f2682bfddb19f31bcc2
>>>> header: Date: Wed, 05 Dec 2012 19:24:42 GMT
>>>> Traceback (most recent call last):
>>>> File "<stdin>", line 1, in <module>
>>>> File
>>>> "/home/antonio/.virtualenvs/cloud/local/lib/python2.7/site-packages/boto/s3/connection.py",
>>>> line 364, in get_all_buckets
>>>> response.status, response.reason, body)
>>>> boto.exception.S3ResponseError: S3ResponseError: 403 Forbidden
>>>> <?xml version="1.0" encoding="UTF-8"?>
>>>> <Error>
>>>> <Code>AccessDenied</Code>
>>>> <Message>Access denied</Message>
>>>> </Error>
>>>>
>>>> Login and password work when using the command line tool `swift`.
>>>>
>>>> I think I may be missing something very basilar here, but I couldn't
>>>> find so much documentation...
>>>>
>>>> Thanks in advance
>>>>
>>>> .a.
>>>>
>>>> --
>>>> antonio.s.messina@xxxxxxxxx
>>>> arcimboldo@xxxxxxxxx
>>>> GC3: Grid Computing Competence Center
>>>> http://www.gc3.uzh.ch/
>>>> University of Zurich
>>>> Winterthurerstrasse 190
>>>> CH-8057 Zurich Switzerland
>>>>
>>>> _______________________________________________
>>>> Mailing list: https://launchpad.net/~openstack
>>>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>>>> Unsubscribe : https://launchpad.net/~openstack
>>>> More help : https://help.launchpad.net/ListHelp
>>>>
>>>>
>>>
>>>
>>> --
>>> Cheers,
>>> ~Blairo
>>>
>>
>>
>>
>> --
>> antonio.s.messina@xxxxxxxxx
>> arcimboldo@xxxxxxxxx
>> GC3: Grid Computing Competence Center
>> http://www.gc3.uzh.ch/
>> University of Zurich
>> Winterthurerstrasse 190
>> CH-8057 Zurich Switzerland
>>
>
>
>
> --
> Cheers,
> ~Blairo
>
--
antonio.s.messina@xxxxxxxxx
arcimboldo@xxxxxxxxx
GC3: Grid Computing Competence Center
http://www.gc3.uzh.ch/
University of Zurich
Winterthurerstrasse 190
CH-8057 Zurich Switzerland
Follow ups
References