← Back to team overview

openstack team mailing list archive

Re: grizzly swift keystone, http to 8080/8888 wont work

 

The mystery seems solved. There it a webadmin for swauth.
https://github.com/gholt/swauth#web-admin-install


Does there exists is similar thing for keystone?


Regards, Axel



Am 16.04.13 14:53, schrieb Axel Christiansen:
> 
> 
> Thanks for your quick reply, Simon,
> 
> 
> The role ResellerAdmin does exists and looks good, does it?
> 
> root@ns-proxy01:/etc/swift# keystone user-get ceilometer
> +----------+----------------------------------+
> | Property |              Value               |
> +----------+----------------------------------+
> |  email   |                                  |
> | enabled  |               True               |
> |    id    | cde44fe9c6d446da99ea370b88ec7d63 |
> |   name   |            ceilometer            |
> | tenantId | 054ca85bca2e44c29cf4730e1450517f |
> +----------+----------------------------------+
> root@ns-proxy01:/etc/swift# keystone user-role-list --user-id
> cde44fe9c6d446da99ea370b88ec7d63 --tenant-id
> 054ca85bca2e44c29cf4730e1450517f
> +----------------------------------+---------------+----------------------------------+----------------------------------+
> |                id                |      name     |             user_id
>              |            tenant_id             |
> +----------------------------------+---------------+----------------------------------+----------------------------------+
> | c2df2bc0fd6f404794565f10cc0e5e7a | ResellerAdmin |
> cde44fe9c6d446da99ea370b88ec7d63 | 054ca85bca2e44c29cf4730e1450517f |
> | 9fe2ff9ee4384b1894a90878d3e92bab |    _member_   |
> cde44fe9c6d446da99ea370b88ec7d63 | 054ca85bca2e44c29cf4730e1450517f |
> +----------------------------------+---------------+----------------------------------+----------------------------------+
> 
> And i can see ceilometer log entrys, counting bytes. So that looks good.
> 
> 
> 
> 
> My issue it, that with the old swauth setup there was a real simple web
> based user manager.
> 
> surfing to "http://my.swift.proxy:8888/auth/"; was the entry url to this
> sort of user manager. But now, after the change to keystone, i get http
> result codes like 412 or 401.
> 
> 
> Since i inherit this setup i even do not know for sure if this
> swift-user-manager it actually a part of swift. i believe so.
> 
> 
> Can please one confirm which urls do work on swift-proxy http port
> 8080/8888 (proxy-server.conf -> [DEFAULT] -> bind_port). Should "/auth/"
> return a page?
> 
> 
> Thank you. Axel
> 
> 
> 
> 
> Am 16.04.13 12:41, schrieb Simon Pasquier:
>> Hi,
>> I'm not sure to understand exactly your issue but since your setup
>> includes ceilometer, I can just give you a hint for the ceilometer/swift
>> integration.
>> You have to create a 'ResellerAdmin' role and assign that role to your
>> ceilometer user. Alternatively you can define the 'reseller_admin_role'
>> parameter (default value=ResellerAdmin) in the [filter:authtoken]
>> section of /etc/swift/proxy-server.conf.
>> Cheers,
>> Simon
>>
>> Le 16/04/2013 12:04, Axel Christiansen a écrit :
>>> Dear List,
>>>
>>>
>>> i got stuck with a setup of openstack grizzly. This setup consists of:
>>>
>>> - swift proxy 1.0.8.1
>>> - swift storage nodes 1.0.8.1
>>> - keystone
>>> - ceilometer
>>>
>>>
>>> I kept browsing the web and reading openstack docs for days now and
>>> can't just get it working right. Because of openstacks diversity a
>>> wasn't able to find something really similar to my situation.
>>>
>>>
>>> The thing is, i changed swift-proxy from using swauth to keystone.
>>> Keystone and swift-proxy do interact all right as fare as i can say.
>>> What i can't get working is that simple webpage which gave the ability
>>> to log in as superuser, adding new user and so on. It is that webpart
>>> that connects to the proxy on port 8080, respectively port 8888.
>>>
>>>
>>> Thx o lot for taking a look into this.
>>> Axel
>>>
>>>
>>>
>>>
>>> Theses are the browser urls i try:
>>>
>>> (delay_auth_decision = 1)
>>> http://the.swift.proxy:8888/auth/
>>> bad url
>>> Apr 16 11:49:31 ns-proxy01 swift-proxy Calling Swift3 Middleware (txn:
>>> txcfde073b9ffe4f379da392056e2176de)
>>> Apr 16 11:49:31 ns-proxy01 swift-proxy {'headers': {'Accept-Language':
>>> 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip,
>>> deflate', 'Host': 'backend', 'Accept':
>>> 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
>>> 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0)
>>> Gecko/20100101 Firefox/20.0', 'Connection': 'close', 'Content-Type':
>>> None}, 'environ': {'SCRIPT_NAME': '', 'REQUEST_METHOD': 'GET',
>>> 'PATH_INFO': '/auth/', 'SERVER_PROTOCOL': 'HTTP/1.0', 'HTTP_USER_AGENT':
>>> 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101
>>> Firefox/20.0', 'HTTP_CONNECTION': 'close', 'eventlet.posthooks': [],
>>> 'SERVER_NAME': '10.42.44.101', 'REMOTE_ADDR': '10.42.44.5',
>>> 'eventlet.input': <eventlet.wsgi.Input object at 0x1d93f10>,
>>> 'wsgi.url_scheme': 'http', 'SERVER_PORT': '8888', 'wsgi.input':
>>> <swift.common.utils.InputProxy object at 0x2691050>, 'HTTP_HOST':
>>> 'backend', 'swift.cache': <swift.common.memcached.MemcacheRing object at
>>> 0x268a750>, 'wsgi.multithread': True, 'HTTP_ACCEPT':
>>> 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
>>> 'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once':
>>> False, 'wsgi.errors': <swift.common.utils.LoggerFileObject object at
>>> 0x1656190>, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE':
>>> 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'swift.trans_id':
>>> 'txcfde073b9ffe4f379da392056e2176de', 'CONTENT_TYPE': None,
>>> 'HTTP_ACCEPT_ENCODING': 'gzip, deflate'}}
>>> Apr 16 11:49:31 ns-proxy01 swift-proxy Authorizing as anonymous (txn:
>>> txcfde073b9ffe4f379da392056e2176de)
>>> Apr 16 11:49:31 ns-proxy01 swift-proxy 10.42.44.5 10.42.44.5
>>> 16/Apr/2013/09/49/31 GET /auth/ HTTP/1.0 412 -
>>> Mozilla/5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010.8%3B%20rv%3A20.0%29%20Gecko/20100101%20Firefox/20.0
>>>
>>> - - 7 - txcfde073b9ffe4f379da392056e2176de - 0.0003 -
>>>
>>>
>>> (delay_auth_decision = 0)
>>> http://the.swift.proxy:8888/auth/
>>> 401 Unauthorized
>>> Apr 16 11:56:35 ns-proxy01 swift-proxy Calling Swift3 Middleware (txn:
>>> tx508b08866bbc410399543d98cafa2856)
>>> Apr 16 11:56:35 ns-proxy01 swift-proxy {'headers': {'Accept-Language':
>>> 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip,
>>> deflate', 'Host': 'backend', 'Accept':
>>> 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
>>> 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0)
>>> Gecko/20100101 Firefox/20.0', 'Connection': 'close', 'Cache-Control':
>>> 'max-age=0', 'Content-Type': None}, 'environ': {'SCRIPT_NAME': '',
>>> 'REQUEST_METHOD': 'GET', 'PATH_INFO': '/auth/', 'SERVER_PROTOCOL':
>>> 'HTTP/1.0', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X
>>> 10.8; rv:20.0) Gecko/20100101 Firefox/20.0', 'HTTP_CONNECTION': 'close',
>>> 'eventlet.posthooks': [], 'SERVER_NAME': '10.42.44.101', 'REMOTE_ADDR':
>>> '10.42.44.5', 'eventlet.input': <eventlet.wsgi.Input object at
>>> 0x1fa41d0>, 'wsgi.url_scheme': 'http', 'SERVER_PORT': '8888',
>>> 'wsgi.input': <swift.common.utils.InputProxy object at 0x1fa40d0>,
>>> 'HTTP_HOST': 'backend', 'swift.cache':
>>> <swift.common.memcached.MemcacheRing object at 0x288e750>,
>>> 'wsgi.multithread': True, 'HTTP_CACHE_CONTROL': 'max-age=0',
>>> 'HTTP_ACCEPT':
>>> 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
>>> 'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once':
>>> False, 'wsgi.errors': <swift.common.utils.LoggerFileObject object at
>>> 0x185e190>, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE':
>>> 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'swift.trans_id':
>>> 'tx508b08866bbc410399543d98cafa2856', 'CONTENT_TYPE': None,
>>> 'HTTP_ACCEPT_ENCODING': 'gzip, deflate'}}
>>>
>>>
>>>
>>>
>>>
>>>
>>> export OS_SERVICE_TOKEN=XXX
>>> export OS_SERVICE_ENDPOINT=http://10.42.44.101:35357/v2.0
>>>
>>>
>>> root@ns-proxy01:/etc/swift# swift -V 2.0 -A
>>> http://10.42.44.101:5000/v2.0 -U admin -K XXX stat
>>>     Account: AUTH_c2dc53651a73430db9e0551fca4200de
>>> Containers: 4354
>>>     Objects: 2622
>>>       Bytes: 114207
>>> Accept-Ranges: bytes
>>> X-Timestamp: 1365601461.87732
>>> X-Trans-Id: txa6273bb374d5468da6e4b6ad48929762
>>> Content-Type: text/plain; charset=utf-8
>>>
>>>
>>>
>>>
>>>
>>> root@ns-proxy01:/etc/swift# keystone --debug user-list
>>> REQ: curl -i http://10.42.44.101:35357/v2.0/users -X GET -H "User-Agent:
>>> python-keystoneclient" -H "X-Auth-Token:
>>> 6IHBKKwfVnHZf5ifGiQaRQL5u3hdYtPe"
>>> RESP: [200] {'date': 'Tue, 16 Apr 2013 09:39:37 GMT', 'content-type':
>>> 'application/json', 'content-length': '860', 'vary': 'X-Auth-Token'}
>>> RESP BODY: {"users": [{"name": "glance", "id":
>>> "03c928bae5ad4a9f90be425c1ff554dd", "tenantId":
>>> "054ca85bca2e44c29cf4730e1450517f", "enabled": true, "email": null},
>>> {"name": "nova", "id": "140239db8d0244fca7545b76b60ffacd", "tenantId":
>>> "054ca85bca2e44c29cf4730e1450517f", "enabled": true, "email": null},
>>> {"name": "swift", "id": "3bad84eee3b4432b915b469e1cfef628", "tenantId":
>>> "054ca85bca2e44c29cf4730e1450517f", "enabled": true, "email": null},
>>> {"name": "ec2", "id": "5f3a39c203b249d4ba003bba7fdca300", "tenantId":
>>> "054ca85bca2e44c29cf4730e1450517f", "enabled": true, "email": null},
>>> {"name": "admin", "id": "9d7d6509ffee4a82ad52fe5555e8733c", "tenantId":
>>> "c2dc53651a73430db9e0551fca4200de", "enabled": true, "email": null},
>>> {"name": "ceilometer", "id": "cde44fe9c6d446da99ea370b88ec7d63",
>>> "tenantId": "054ca85bca2e44c29cf4730e1450517f", "enabled": true,
>>> "email": null}]}
>>>
>>> +----------------------------------+------------+---------+-------+
>>> |                id                |    name    | enabled | email |
>>> +----------------------------------+------------+---------+-------+
>>> | 9d7d6509ffee4a82ad52fe5555e8733c |   admin    |   True  |       |
>>> | cde44fe9c6d446da99ea370b88ec7d63 | ceilometer |   True  |       |
>>> | 5f3a39c203b249d4ba003bba7fdca300 |    ec2     |   True  |       |
>>> | 03c928bae5ad4a9f90be425c1ff554dd |   glance   |   True  |       |
>>> | 140239db8d0244fca7545b76b60ffacd |    nova    |   True  |       |
>>> | 3bad84eee3b4432b915b469e1cfef628 |   swift    |   True  |       |
>>> +----------------------------------+------------+---------+-------+
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> root@ns-proxy01:/etc/swift# curl -k -v -H 'X-Storage-User: admin' -H
>>> 'X-Storage-Pass: XXX' -X 'POST' http://10.42.44.101:35357/v2.0/auth
>>> * About to connect() to 10.42.44.101 port 35357 (#0)
>>> *   Trying 10.42.44.101... connected
>>>> POST /v2.0/auth HTTP/1.1
>>>> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0
>>> OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
>>>> Host: 10.42.44.101:35357
>>>> Accept: */*
>>>> X-Storage-User: admin
>>>> X-Storage-Pass: XXX
>>>>
>>> < HTTP/1.1 404 Not Found
>>> < Vary: X-Auth-Token
>>> < Content-Type: application/json
>>> < Content-Length: 93
>>> < Date: Tue, 16 Apr 2013 09:41:36 GMT
>>> <
>>> * Connection #0 to host 10.42.44.101 left intact
>>> * Closing connection #0
>>> {"error": {"message": "The resource could not be found.", "code": 404,
>>> "title": "Not Found"}}
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> #############################################################
>>> swift-proxy.conf
>>>
>>> [DEFAULT]
>>> bind_port = 8888
>>> workers = 8
>>> user = swift
>>> log_name = swift-proxy
>>> log_facility = LOG_LOCAL0
>>> log_level = DEBUG
>>>
>>> [pipeline:main]
>>> pipeline = ceilometer catch_errors healthcheck cache tempurl swift3
>>> authtoken keystoneauth proxy-logging proxy-server
>>> [app:proxy-server]
>>>
>>> use = egg:swift#proxy
>>> allow_account_management = true
>>> account_autocreate = true
>>>
>>> [filter:swift3]
>>> use = egg:swift3#swift3
>>>
>>> [filter:authtoken]
>>> paste.filter_factory =
>>> keystoneclient.middleware.auth_token:filter_factory
>>> delay_auth_decision = 1
>>> service_port = 5000
>>> service_host = 127.0.0.1
>>> auth_protocol = http
>>> auth_host = 127.0.0.1
>>> auth_port = 35357
>>> auth_uri = http://127.0.0.1:5000/
>>> #auth_token = xxxxxxxxxxxxxxxxxxxx
>>> #admin_tenant_name = service
>>> #admin_user = swift
>>> #admin_password = xxxxxxxxxxxxxxxxxxxx
>>> admin_token = xxxxxxxxxxxxxxxxxxxx
>>> cache = swift.cache
>>> signing_dir = /tmp/keystone-signing-swift
>>>
>>> [filter:keystoneauth]
>>> use = egg:swift#keystoneauth
>>> operator_roles = admin, swiftoperator
>>> #default_swift_cluster =
>>> netstorage#https://netstorage-ham1-de.internet4you.com:444/v1#http://127.0.0.1:8888/v1
>>>
>>> allow_account_management = true
>>> allow_overrides = true
>>>
>>> [filter:healthcheck]
>>> use = egg:swift#healthcheck
>>>
>>> [filter:ceilometer]
>>> use = egg:ceilometer#swift
>>>
>>> [filter:cache]
>>> use = egg:swift#memcache
>>> memcache_servers = 10.42.44.101:11211,10.42.44.102:11211
>>>
>>> [filter:tempurl]
>>> use = egg:swift#tempurl
>>>
>>> [filter:catch_errors]
>>> use = egg:swift#catch_errors
>>>
>>> [filter:proxy-logging]
>>> use = egg:swift#proxy_logging
>>> #############################################################
>>>
>>>
>>>
>>>
>>>
>>> #############################################################
>>> keystone.conf
>>> [DEFAULT]
>>> admin_token = 6IHBKKwfVnHZf5ifGiQaRQL5u3hdYtPe
>>> bind_host = 0.0.0.0
>>> public_port = 5000
>>> admin_port = 35357
>>> compute_port = 8774
>>> debug = True
>>> verbose = True
>>> log_file = keystone.log
>>> log_dir = /var/log/keystone
>>> use_syslog = False
>>>
>>> [sql]
>>> connection = mysql://keystone:xxxxxxxxxxxxxxxx@123.123.123.123/keystone
>>> idle_timeout = 200
>>> min_pool_size = 5
>>> max_pool_size = 10
>>> pool_timeout = 200
>>>
>>> [identity]
>>> driver = keystone.identity.backends.sql.Identity
>>>
>>> [trust]
>>> [catalog]
>>> driver = keystone.catalog.backends.sql.Catalog
>>> [token]
>>> driver = keystone.token.backends.sql.Token
>>> expiration = 86400
>>> [policy]
>>> driver = keystone.policy.backends.sql.Policy
>>> [ec2]
>>> driver = keystone.contrib.ec2.backends.kvs.Ec2
>>> [ssl]
>>> [signing]
>>> token_format = UUID
>>> [ldap]
>>> [auth]
>>> methods = password,token
>>> password = keystone.auth.plugins.password.Password
>>> token = keystone.auth.plugins.token.Token
>>> [filter:debug]
>>> paste.filter_factory = keystone.common.wsgi:Debug.factory
>>> [filter:token_auth]
>>> paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
>>> [filter:admin_token_auth]
>>> paste.filter_factory =
>>> keystone.middleware:AdminTokenAuthMiddleware.factory
>>> [filter:xml_body]
>>> paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
>>> [filter:json_body]
>>> paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
>>> [filter:user_crud_extension]
>>> paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
>>> [filter:crud_extension]
>>> paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
>>> [filter:ec2_extension]
>>> paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
>>> [filter:s3_extension]
>>> paste.filter_factory = keystone.contrib.s3:S3Extension.factory
>>> [filter:url_normalize]
>>> paste.filter_factory = keystone.middleware:NormalizingFilter.factory
>>> [filter:sizelimit]
>>> paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory
>>> [filter:stats_monitoring]
>>> paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
>>> [filter:stats_reporting]
>>> paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
>>> [filter:access_log]
>>> paste.filter_factory =
>>> keystone.contrib.access:AccessLogMiddleware.factory
>>> [app:public_service]
>>> paste.app_factory = keystone.service:public_app_factory
>>> [app:service_v3]
>>> paste.app_factory = keystone.service:v3_app_factory
>>> [app:admin_service]
>>> paste.app_factory = keystone.service:admin_app_factory
>>> [pipeline:public_api]
>>> pipeline = access_log sizelimit stats_monitoring url_normalize
>>> token_auth admin_token_auth xml_body json_body debug ec2_extension
>>> user_crud_extension public_service
>>> [pipeline:admin_api]
>>> pipeline = access_log sizelimit stats_monitoring url_normalize
>>> token_auth admin_token_auth xml_body json_body debug stats_reporting
>>> ec2_extension s3_extension crud_extension admin_service
>>> [pipeline:api_v3]
>>> pipeline = access_log sizelimit stats_monitoring url_normalize
>>> token_auth admin_token_auth xml_body json_body debug stats_reporting
>>> ec2_extension s3_extension service_v3
>>> [app:public_version_service]
>>> paste.app_factory = keystone.service:public_version_app_factory
>>> [app:admin_version_service]
>>> paste.app_factory = keystone.service:admin_version_app_factory
>>> [pipeline:public_version_api]
>>> pipeline = access_log sizelimit stats_monitoring url_normalize xml_body
>>> public_version_service
>>> [pipeline:admin_version_api]
>>> pipeline = access_log sizelimit stats_monitoring url_normalize xml_body
>>> admin_version_service
>>> [composite:main]
>>> use = egg:Paste#urlmap
>>> /v2.0 = public_api
>>> / = public_version_api
>>> [composite:admin]
>>> use = egg:Paste#urlmap
>>> /v2.0 = admin_api
>>> / = admin_version_api
>>> #############################################################
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~openstack
>>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~openstack
>>> More help   : https://help.launchpad.net/ListHelp
>>
>>
> 
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
> 



References