← Back to team overview

openstack team mailing list archive

  1. openstack team
  2. Mailing list archive
  3. Message #22719

Re: grizzly swift keystone, http to 8080/8888 wont work

  Thread PreviousDate PreviousThread Next 
Hi,
I'm not sure to understand exactly your issue but since your setup includes ceilometer, I can just give you a hint for the ceilometer/swift integration. You have to create a 'ResellerAdmin' role and assign that role to your ceilometer user. Alternatively you can define the 'reseller_admin_role' parameter (default value=ResellerAdmin) in the [filter:authtoken] section of /etc/swift/proxy-server.conf. 
Cheers,
Simon

Le 16/04/2013 12:04, Axel Christiansen a écrit :

Dear List,


i got stuck with a setup of openstack grizzly. This setup consists of:

- swift proxy 1.0.8.1
- swift storage nodes 1.0.8.1
- keystone
- ceilometer


I kept browsing the web and reading openstack docs for days now and
can't just get it working right. Because of openstacks diversity a
wasn't able to find something really similar to my situation.


The thing is, i changed swift-proxy from using swauth to keystone.
Keystone and swift-proxy do interact all right as fare as i can say.
What i can't get working is that simple webpage which gave the ability
to log in as superuser, adding new user and so on. It is that webpart
that connects to the proxy on port 8080, respectively port 8888.


Thx o lot for taking a look into this.
Axel




Theses are the browser urls i try:

(delay_auth_decision = 1)
http://the.swift.proxy:8888/auth/
bad url
Apr 16 11:49:31 ns-proxy01 swift-proxy Calling Swift3 Middleware (txn:
txcfde073b9ffe4f379da392056e2176de)
Apr 16 11:49:31 ns-proxy01 swift-proxy {'headers': {'Accept-Language':
'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip,
deflate', 'Host': 'backend', 'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0)
Gecko/20100101 Firefox/20.0', 'Connection': 'close', 'Content-Type':
None}, 'environ': {'SCRIPT_NAME': '', 'REQUEST_METHOD': 'GET',
'PATH_INFO': '/auth/', 'SERVER_PROTOCOL': 'HTTP/1.0', 'HTTP_USER_AGENT':
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101
Firefox/20.0', 'HTTP_CONNECTION': 'close', 'eventlet.posthooks': [],
'SERVER_NAME': '10.42.44.101', 'REMOTE_ADDR': '10.42.44.5',
'eventlet.input': <eventlet.wsgi.Input object at 0x1d93f10>,
'wsgi.url_scheme': 'http', 'SERVER_PORT': '8888', 'wsgi.input':
<swift.common.utils.InputProxy object at 0x2691050>, 'HTTP_HOST':
'backend', 'swift.cache': <swift.common.memcached.MemcacheRing object at
0x268a750>, 'wsgi.multithread': True, 'HTTP_ACCEPT':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once':
False, 'wsgi.errors': <swift.common.utils.LoggerFileObject object at
0x1656190>, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE':
'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'swift.trans_id':
'txcfde073b9ffe4f379da392056e2176de', 'CONTENT_TYPE': None,
'HTTP_ACCEPT_ENCODING': 'gzip, deflate'}}
Apr 16 11:49:31 ns-proxy01 swift-proxy Authorizing as anonymous (txn:
txcfde073b9ffe4f379da392056e2176de)
Apr 16 11:49:31 ns-proxy01 swift-proxy 10.42.44.5 10.42.44.5
16/Apr/2013/09/49/31 GET /auth/ HTTP/1.0 412 -
Mozilla/5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010.8%3B%20rv%3A20.0%29%20Gecko/20100101%20Firefox/20.0
- - 7 - txcfde073b9ffe4f379da392056e2176de - 0.0003 -


(delay_auth_decision = 0)
http://the.swift.proxy:8888/auth/
401 Unauthorized
Apr 16 11:56:35 ns-proxy01 swift-proxy Calling Swift3 Middleware (txn:
tx508b08866bbc410399543d98cafa2856)
Apr 16 11:56:35 ns-proxy01 swift-proxy {'headers': {'Accept-Language':
'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip,
deflate', 'Host': 'backend', 'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0)
Gecko/20100101 Firefox/20.0', 'Connection': 'close', 'Cache-Control':
'max-age=0', 'Content-Type': None}, 'environ': {'SCRIPT_NAME': '',
'REQUEST_METHOD': 'GET', 'PATH_INFO': '/auth/', 'SERVER_PROTOCOL':
'HTTP/1.0', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X
10.8; rv:20.0) Gecko/20100101 Firefox/20.0', 'HTTP_CONNECTION': 'close',
'eventlet.posthooks': [], 'SERVER_NAME': '10.42.44.101', 'REMOTE_ADDR':
'10.42.44.5', 'eventlet.input': <eventlet.wsgi.Input object at
0x1fa41d0>, 'wsgi.url_scheme': 'http', 'SERVER_PORT': '8888',
'wsgi.input': <swift.common.utils.InputProxy object at 0x1fa40d0>,
'HTTP_HOST': 'backend', 'swift.cache':
<swift.common.memcached.MemcacheRing object at 0x288e750>,
'wsgi.multithread': True, 'HTTP_CACHE_CONTROL': 'max-age=0',
'HTTP_ACCEPT':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once':
False, 'wsgi.errors': <swift.common.utils.LoggerFileObject object at
0x185e190>, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE':
'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'swift.trans_id':
'tx508b08866bbc410399543d98cafa2856', 'CONTENT_TYPE': None,
'HTTP_ACCEPT_ENCODING': 'gzip, deflate'}}






export OS_SERVICE_TOKEN=XXX
export OS_SERVICE_ENDPOINT=http://10.42.44.101:35357/v2.0


root@ns-proxy01:/etc/swift# swift -V 2.0 -A
http://10.42.44.101:5000/v2.0 -U admin -K XXX stat
    Account: AUTH_c2dc53651a73430db9e0551fca4200de
Containers: 4354
    Objects: 2622
      Bytes: 114207
Accept-Ranges: bytes
X-Timestamp: 1365601461.87732
X-Trans-Id: txa6273bb374d5468da6e4b6ad48929762
Content-Type: text/plain; charset=utf-8





root@ns-proxy01:/etc/swift# keystone --debug user-list
REQ: curl -i http://10.42.44.101:35357/v2.0/users -X GET -H "User-Agent:
python-keystoneclient" -H "X-Auth-Token: 6IHBKKwfVnHZf5ifGiQaRQL5u3hdYtPe"
RESP: [200] {'date': 'Tue, 16 Apr 2013 09:39:37 GMT', 'content-type':
'application/json', 'content-length': '860', 'vary': 'X-Auth-Token'}
RESP BODY: {"users": [{"name": "glance", "id":
"03c928bae5ad4a9f90be425c1ff554dd", "tenantId":
"054ca85bca2e44c29cf4730e1450517f", "enabled": true, "email": null},
{"name": "nova", "id": "140239db8d0244fca7545b76b60ffacd", "tenantId":
"054ca85bca2e44c29cf4730e1450517f", "enabled": true, "email": null},
{"name": "swift", "id": "3bad84eee3b4432b915b469e1cfef628", "tenantId":
"054ca85bca2e44c29cf4730e1450517f", "enabled": true, "email": null},
{"name": "ec2", "id": "5f3a39c203b249d4ba003bba7fdca300", "tenantId":
"054ca85bca2e44c29cf4730e1450517f", "enabled": true, "email": null},
{"name": "admin", "id": "9d7d6509ffee4a82ad52fe5555e8733c", "tenantId":
"c2dc53651a73430db9e0551fca4200de", "enabled": true, "email": null},
{"name": "ceilometer", "id": "cde44fe9c6d446da99ea370b88ec7d63",
"tenantId": "054ca85bca2e44c29cf4730e1450517f", "enabled": true,
"email": null}]}

+----------------------------------+------------+---------+-------+
|                id                |    name    | enabled | email |
+----------------------------------+------------+---------+-------+
| 9d7d6509ffee4a82ad52fe5555e8733c |   admin    |   True  |       |
| cde44fe9c6d446da99ea370b88ec7d63 | ceilometer |   True  |       |
| 5f3a39c203b249d4ba003bba7fdca300 |    ec2     |   True  |       |
| 03c928bae5ad4a9f90be425c1ff554dd |   glance   |   True  |       |
| 140239db8d0244fca7545b76b60ffacd |    nova    |   True  |       |
| 3bad84eee3b4432b915b469e1cfef628 |   swift    |   True  |       |
+----------------------------------+------------+---------+-------+







root@ns-proxy01:/etc/swift# curl -k -v -H 'X-Storage-User: admin' -H
'X-Storage-Pass: XXX' -X 'POST' http://10.42.44.101:35357/v2.0/auth
* About to connect() to 10.42.44.101 port 35357 (#0)
*   Trying 10.42.44.101... connected

POST /v2.0/auth HTTP/1.1
User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0

OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3

Host: 10.42.44.101:35357
Accept: */*
X-Storage-User: admin
X-Storage-Pass: XXX


< HTTP/1.1 404 Not Found
< Vary: X-Auth-Token
< Content-Type: application/json
< Content-Length: 93
< Date: Tue, 16 Apr 2013 09:41:36 GMT
<
* Connection #0 to host 10.42.44.101 left intact
* Closing connection #0
{"error": {"message": "The resource could not be found.", "code": 404,
"title": "Not Found"}}









#############################################################
swift-proxy.conf

[DEFAULT]
bind_port = 8888
workers = 8
user = swift
log_name = swift-proxy
log_facility = LOG_LOCAL0
log_level = DEBUG

[pipeline:main]
pipeline = ceilometer catch_errors healthcheck cache tempurl swift3
authtoken keystoneauth proxy-logging proxy-server
[app:proxy-server]

use = egg:swift#proxy
allow_account_management = true
account_autocreate = true

[filter:swift3]
use = egg:swift3#swift3

[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
delay_auth_decision = 1
service_port = 5000
service_host = 127.0.0.1
auth_protocol = http
auth_host = 127.0.0.1
auth_port = 35357
auth_uri = http://127.0.0.1:5000/
#auth_token = xxxxxxxxxxxxxxxxxxxx
#admin_tenant_name = service
#admin_user = swift
#admin_password = xxxxxxxxxxxxxxxxxxxx
admin_token = xxxxxxxxxxxxxxxxxxxx
cache = swift.cache
signing_dir = /tmp/keystone-signing-swift

[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin, swiftoperator
#default_swift_cluster =
netstorage#https://netstorage-ham1-de.internet4you.com:444/v1#http://127.0.0.1:8888/v1
allow_account_management = true
allow_overrides = true

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:ceilometer]
use = egg:ceilometer#swift

[filter:cache]
use = egg:swift#memcache
memcache_servers = 10.42.44.101:11211,10.42.44.102:11211

[filter:tempurl]
use = egg:swift#tempurl

[filter:catch_errors]
use = egg:swift#catch_errors

[filter:proxy-logging]
use = egg:swift#proxy_logging
#############################################################





#############################################################
keystone.conf
[DEFAULT]
admin_token = 6IHBKKwfVnHZf5ifGiQaRQL5u3hdYtPe
bind_host = 0.0.0.0
public_port = 5000
admin_port = 35357
compute_port = 8774
debug = True
verbose = True
log_file = keystone.log
log_dir = /var/log/keystone
use_syslog = False

[sql]
connection = mysql://keystone:xxxxxxxxxxxxxxxx@123.123.123.123/keystone
idle_timeout = 200
min_pool_size = 5
max_pool_size = 10
pool_timeout = 200

[identity]
driver = keystone.identity.backends.sql.Identity

[trust]
[catalog]
driver = keystone.catalog.backends.sql.Catalog
[token]
driver = keystone.token.backends.sql.Token
expiration = 86400
[policy]
driver = keystone.policy.backends.sql.Policy
[ec2]
driver = keystone.contrib.ec2.backends.kvs.Ec2
[ssl]
[signing]
token_format = UUID
[ldap]
[auth]
methods = password,token
password = keystone.auth.plugins.password.Password
token = keystone.auth.plugins.token.Token
[filter:debug]
paste.filter_factory = keystone.common.wsgi:Debug.factory
[filter:token_auth]
paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
[filter:admin_token_auth]
paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
[filter:xml_body]
paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
[filter:json_body]
paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
[filter:user_crud_extension]
paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
[filter:crud_extension]
paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
[filter:ec2_extension]
paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
[filter:s3_extension]
paste.filter_factory = keystone.contrib.s3:S3Extension.factory
[filter:url_normalize]
paste.filter_factory = keystone.middleware:NormalizingFilter.factory
[filter:sizelimit]
paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory
[filter:stats_monitoring]
paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
[filter:stats_reporting]
paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
[filter:access_log]
paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory
[app:public_service]
paste.app_factory = keystone.service:public_app_factory
[app:service_v3]
paste.app_factory = keystone.service:v3_app_factory
[app:admin_service]
paste.app_factory = keystone.service:admin_app_factory
[pipeline:public_api]
pipeline = access_log sizelimit stats_monitoring url_normalize
token_auth admin_token_auth xml_body json_body debug ec2_extension
user_crud_extension public_service
[pipeline:admin_api]
pipeline = access_log sizelimit stats_monitoring url_normalize
token_auth admin_token_auth xml_body json_body debug stats_reporting
ec2_extension s3_extension crud_extension admin_service
[pipeline:api_v3]
pipeline = access_log sizelimit stats_monitoring url_normalize
token_auth admin_token_auth xml_body json_body debug stats_reporting
ec2_extension s3_extension service_v3
[app:public_version_service]
paste.app_factory = keystone.service:public_version_app_factory
[app:admin_version_service]
paste.app_factory = keystone.service:admin_version_app_factory
[pipeline:public_version_api]
pipeline = access_log sizelimit stats_monitoring url_normalize xml_body
public_version_service
[pipeline:admin_version_api]
pipeline = access_log sizelimit stats_monitoring url_normalize xml_body
admin_version_service
[composite:main]
use = egg:Paste#urlmap
/v2.0 = public_api
/ = public_version_api
[composite:admin]
use = egg:Paste#urlmap
/v2.0 = admin_api
/ = admin_version_api
#############################################################





_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp



--
Simon Pasquier
Software Engineer
Bull, Architect of an Open World
Phone: + 33 4 76 29 71 49
http://www.bull.com

Follow ups

References

  Thread PreviousDate PreviousThread Next