openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #21398
Re: Keystone and Swift Integration
That 8080 is set in proxy conf
X-Auth-Token is generated by keystone(actually keystoneclient) and sent by
swift. That't the token for admin:admin
admin_token is set in keystone conf
"""
service_port = 5000
service_host = 127.0.0.1
auth_port = 35357
auth_host = 127.0.0.1
auth_protocol = http
auth_uri = http://127.0.0.1:5000/
auth_token = 012345SECRET99TOKEN012345
admin_token = 012345SECRET99TOKEN012345
admin_tenant_name = service
admin_user = swift
admin_password = swift
"""
Such things depend on your env, which data you build in keystone. But some
details need to check documents. (checking source codes is better[?])
On Thu, Feb 28, 2013 at 11:07 PM, Julian Learmonth <
julian.learmonth@xxxxxxxxxxxx> wrote:
> Hi,
>
> I've built an OpenStack (Folsom) demo VM (Ubuntu 12.10) and manually
> installed Swift. I am trying to get Swift to use Keystone for
> authentication, but am having trouble finding what I need to do to the
> /etc/swift/swift-proxy.conf file. The instructions I have been following
> say I should "Configure the paste file for swift-proxy
> (`/etc/swift/swift-proxy.conf`)", but I don't know what needs to be done.
> The document I am following is here:
> http://docs.openstack.org/folsom/openstack-compute/admin/content/configuring-swift-to-use-keystone.html
>
> I've only been using OpenStack for about a week, so my apologies if this
> is obvious, but I can't figure it out. I've tried googling the config file,
> but I just get the document I am using (or the previous Wessex version) and
> there's no sample file in the Swift distribution.
>
> The second config file I need to edit is the /etc/swift/proxy-swift.conf
> file. I have a couple of questions about this too. There's a section I need
> to paste into it as follows:
>
> ===
> [filter:authtoken]
> paste.filter_factory = keystone.middleware.auth_token:filter_factory
> # Delaying the auth decision is required to support token-less
> # usage for anonymous referrers ('.r:*').
> delay_auth_decision = 10
> service_port = 5000
> service_host = 127.0.0.1
> auth_port = 35357
> auth_host = 127.0.0.1
> auth_protocol = http
> auth_uri = http://127.0.0.1:5000/
> auth_token = 012345SECRET99TOKEN012345
> admin_token = 012345SECRET99TOKEN012345
> admin_tenant_name = service
> admin_user = swift
> admin_password = swift
> ===
>
> Do I need to change the auth port? I can run the following command
> successfully:
>
> ===
> root@openstack02:/home/stack/bin# curl -v -H 'X-Storage-User:
> admin:admin' -H 'X-Storage-Pass: admin' http://127.0.0.1:8080/auth/v1.0
> * About to connect() to 127.0.0.1 port 8080 (#0)
> * Trying 127.0.0.1...
> * connected
> * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
> > GET /auth/v1.0 HTTP/1.1
> > User-Agent: curl/7.27.0
> > Host: 127.0.0.1:8080
> > Accept: */*
> > X-Storage-User: admin:admin
> > X-Storage-Pass: admin
> >
> * additional stuff not fine transfer.c:1037: 0 0
> * HTTP 1.1 or later with persistent connection, pipelining supported
> < HTTP/1.1 200 OK
> < X-Storage-Url: http://127.0.0.1:8080/v1/AUTH_admin
> < X-Auth-Token: AUTH_tk0022e539fae64647883b9fa529311982
> < Content-Type: text/html; charset=UTF-8
> < X-Storage-Token: AUTH_tk0022e539fae64647883b9fa529311982
> < Content-Length: 0
> < Date: Wed, 28 Feb 2013 15:00:02 GMT
> <
> * Connection #0 to host 127.0.0.1 left intact
> * Closing connection #0
> root@openstack02:/home/stack/bin#
> ===
>
> So does that mean by auth_port is 8080? I assume that the X-Auth-Token is
> both the admin_token and auth_token? Is the admin_user (given the example
> above) going to be "admin:admin"?
>
> Any assistance would very much be appreciated!
>
> Regards,
> Julian.
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
>
--
Gareth
*Cloud Computing, Openstack, Fitness, Basketball
*
*Novice Openstack contributer*
*My promise: if you find any spelling or grammar mistake in my email from
Mar 1 2013, notice me *
*and I'll donate 1$ or 1¥ to the organization specified by you.*
References