openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #21222
Re: [Keystone][Swift] Problems with admin_user, admin_password, admin_tenant_name
If you want to create a reseller_admin user with keystone, you should add
this user in keystone with admin role.
The admin role is the configuration of keysoneauth.
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin, swiftoperator
2013/2/23 Kun Huang <Academicgareth@xxxxxxxxx>
> Back to my first question, should I create admin_user, admin_password,
> admin_tenant_name by keystone command myself?
>
>
> On Fri, Feb 22, 2013 at 9:02 AM, Kun Huang <Academicgareth@xxxxxxxxx>wrote:
>
>> Dolph, thanks your advice, but in my environment, both below two case
>>
>> 1. setting admin_token,admin_user, admin_password, admin_tenant_name in
>> proxy.conf and setting admin_token in keystone.conf
>> 2. setting admin_user, admin_password, admin_tenant_name in proxy.conf
>> and setting admin_token in keystone.conf
>>
>> only admin_token in keystone.conf is valuable. (default ADMIN)
>> Should I create admin_user, admin_password, admin_tenant_name by keystone
>> command myself?
>>
>>
>>
>>
>> On Fri, Feb 22, 2013 at 1:45 AM, Dolph Mathews <dolph.mathews@xxxxxxxxx>wrote:
>>
>>> Setting the admin_token config is overriding the admin_user,
>>> admin_password, and admin_tenant_name values by specifying a static token.
>>> I'd recommend removing it and using the auth credentials you've already
>>> provided.
>>>
>>> -Dolph
>>>
>>>
>>> On Thu, Feb 21, 2013 at 3:10 AM, Kun Huang <Academicgareth@xxxxxxxxx>wrote:
>>>
>>>> Following another question:
>>>> In document:
>>>> http://docs.openstack.org/developer/keystone/middleware_architecture.html
>>>> ,
>>>>
>>>>
>>>> [filter:tokenauth]
>>>> paste.filter_factory = keystone.middleware.auth_token:filter_factory
>>>> auth_host = 127.0.0.1
>>>> auth_port = 35357
>>>> auth_protocol = http
>>>> auth_uri = http://127.0.0.1:5000/
>>>> admin_token = Super999Sekret888Password777
>>>> admin_user = admin
>>>> admin_password = SuperSekretPassword
>>>> admin_tenant_name = service
>>>> ;Uncomment next line and check ip:port to use memcached to cache tokens
>>>> ;memcache_servers = 127.0.0.1:11211
>>>>
>>>> That admin token is not admin_token = ADMIN in keystone, right?
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Thu, Feb 21, 2013 at 4:06 PM, Kun Huang <Academicgareth@xxxxxxxxx>wrote:
>>>>
>>>>> I'm building environment with Swift + Keystone.
>>>>> I have set admin_user, admin_password, admin_tenant_name, but it
>>>>> doesn't work.
>>>>> I followed the document:
>>>>> http://docs.openstack.org/developer/swift/overview_auth.html and chmouel's
>>>>> blog:
>>>>> http://blog.chmouel.com/2011/11/24/swift-and-keystone-middleware-part1/
>>>>>
>>>>> My swift and keystone run well:
>>>>>
>>>>> [image: Inline image 1]
>>>>>
>>>>> But failed in curl:
>>>>> [image: Inline image 2]
>>>>>
>>>>> I guess the value of admin_user/admin_password/admin_tenant_name
>>>>> doesn't save in db.
>>>>>
>>>>> Which step do I missed? or some problems in my proxy config?
>>>>>
>>>>> Here is my current config.
>>>>> [DEFAULT]
>>>>> bind_port = 8888
>>>>> user = swift
>>>>>
>>>>> [pipeline:main]
>>>>> pipeline = catch_errors healthcheck cache authtoken keystoneauth
>>>>> proxy-server
>>>>>
>>>>> [app:proxy-server]
>>>>> use = egg:swift#proxy
>>>>> account_autocreate = true
>>>>>
>>>>> [filter:keystoneauth]
>>>>> use = egg:swift#keystoneauth
>>>>> operator_roles = admin, swiftoperator
>>>>>
>>>>> [filter:authtoken]
>>>>> # Delaying the auth decision is required to support token-less
>>>>> # usage for anonymous referrers ('.r:*').
>>>>> paste.filter_factory =
>>>>> keystoneclient.middleware.auth_token:filter_factory
>>>>> auth_host = keystonehost
>>>>> auth_port = 35357
>>>>> auth_protocol = http
>>>>> auth_uri = http://keystonehost:5000/
>>>>> admin_tenant_name = service
>>>>> admin_user = swift
>>>>> admin_password = password
>>>>>
>>>>> [filter:cache]
>>>>> use = egg:swift#memcache
>>>>> set log_name = cache
>>>>>
>>>>> [filter:catch_errors]
>>>>> use = egg:swift#catch_errors
>>>>>
>>>>> [filter:healthcheck]
>>>>> use = egg:swift#healthcheck
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Mailing list: https://launchpad.net/~openstack
>>>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>>>> Unsubscribe : https://launchpad.net/~openstack
>>>> More help : https://help.launchpad.net/ListHelp
>>>>
>>>>
>>>
>>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
>
--
杨雨
Email: alex890714@xxxxxxxxx
GitHub: https://github.com/AlexYangYu
Blog: http://alexyang.sinaapp.com
Weibo: http://www.weibo.com/alexyangyu
Follow ups
References
-
[Keystone][Swift] Problems with admin_user, admin_password, admin_tenant_name
From: Kun Huang, 2013-02-21
-
Re: [Keystone][Swift] Problems with admin_user, admin_password, admin_tenant_name
From: Kun Huang, 2013-02-21
-
Re: [Keystone][Swift] Problems with admin_user, admin_password, admin_tenant_name
From: Dolph Mathews, 2013-02-21
-
Re: [Keystone][Swift] Problems with admin_user, admin_password, admin_tenant_name
From: Kun Huang, 2013-02-22
-
Re: [Keystone][Swift] Problems with admin_user, admin_password, admin_tenant_name
From: Kun Huang, 2013-02-22