← Back to team overview

openstack team mailing list archive

Re: Swift with Keystone problem

 

[DEFAULT]
bind_port = 8080
bind_ip = <ip>
workers = 24
user = swift
set log_level = DEBUG
log_facility = LOG_LOCAL2

[pipeline:main]
pipeline = healthcheck cache authtoken keystone proxy-server

[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true

[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
signing_dir = /etc/swift
auth_host = <ip>
auth_port = 35357
auth_protocol = http
auth_uri = http://<ip>:5000
# if its defined
admin_tenant_name = services
admin_user = swift
admin_password = <password>
delay_auth_decision = 1

[filter:cache]
use = egg:swift#memcache
memcache_servers = 127.0.0.1:11211
[filter:catch_errors]
use = egg:swift#catch_errors

[filter:healthcheck]
use = egg:swift#healthcheck
[filter:ratelimit]
use = egg:swift#ratelimit
clock_accuracy = 1000
max_sleep_time_seconds = 60
log_sleep_time_seconds = 0
rate_buffer_seconds = 5
account_ratelimit = 0

[filter:keystone]
paste.filter_factory = keystone.middleware.swift_auth:filter_factory
operator_roles = admin, SwiftOperator
is_admin = true
cache = swift.cache

[filter:proxy-logging]
use = egg:swift#proxy_logging
# If not set, logging directives from [DEFAULT] without "access_" will be used
access_log_name = swift
access_log_facility = LOG_LOCAL2
access_log_level = DEBUG

On Tue, Mar 12, 2013 at 4:15 PM, Gareth <academicgareth@xxxxxxxxx> wrote:
> Give your whole proxy.conf here.
>
>
> On Tue, Mar 12, 2013 at 8:54 PM, Adam Huffman <adam.huffman@xxxxxxxxx>
> wrote:
>>
>> I'm having trouble with Swift, using Keystone auth, on Folsom.
>>
>> When I try something simple like 'swift stat', there are two errors:
>>
>> Firstly a logging error:
>>
>> <147>proxy-server STDOUT: No handlers could be found for logger
>> "keystone.middleware.auth_token"
>>
>> More importantly, the authorization fails:
>>
>> Account HEAD failed:
>> http://<ip>:8080/v1/AUTH_dfb9c6d687be4d34bceee256cc3cb123 401
>> Unauthorized
>>
>> With SWIFTCLIENT_DEBUG set, I can see there are two separate requests:
>>
>> curl -i http://<ip>:8080/v1/AUTH_dfb9c6d687be4d34bceee256cc3cb123 -X
>> HEAD -H "X-Auth-Token: da38c4407cff40b69f236ef0da9d73e8"
>>
>> and two instances of:
>>
>> curl -i http://<ip>:8080/v1/AUTH_dfb9c6d687be4d34bceee256cc3cb123 -X
>> HEAD -H "X-Auth-Token: 0fc76ee28c2e43f0929c7c3ef158830d"
>>
>> The proxy-server log for these requests is:
>>
>> proxy-server Authorizing as anonymous
>>
>> which is puzzling.  The keystone log shows that real local credentials
>> are being sent:
>>
>> 2013-03-12 12:46:11    DEBUG [keystone.common.wsgi]
>> ******************** REQUEST BODY ********************
>> 2013-03-12 12:46:11    DEBUG [keystone.common.wsgi] {"auth":
>> {"tenantName": "admin", "passwordCredentials": {"username": "admin",
>> "password": "<password>"}}}
>>
>> then
>>
>> 2013-03-12 12:46:11  WARNING [keystone.common.wsgi] Authorization
>> failed. Invalid user / password from <ip>
>> 2013-03-12 12:46:11    DEBUG [keystone.common.wsgi] {"error":
>> {"message": "Invalid user / password", "code": 401, "title": "Not
>> Authorized"}}
>>
>> Keystone auth works for all the other services.
>>
>> Any suggestions appreciated.
>>
>> Adam
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>
>
>
>
> --
> Gareth
> Cloud Computing, Openstack, Fitness, Basketball
> Novice Openstack contributer
> My promise: if you find any spelling or grammar mistake in my email from Mar
> 1 2013, notice me
> and I'll donate 1$ or 1¥ to open organization specified by you.


References