openstack team mailing list archive

Thread
Date
[OpenStack][Swift][Keystone] Authentication Fails

To: openstack@xxxxxxxxxxxxxxxxxxx
From: Trevor Roberts Jr <vmtrooper@xxxxxxxxx>
Date: Mon, 24 Jun 2013 08:37:49 -0400
Hello Team,

I am unable to login to Swift using the Keystone integration.  Here is sample output when I try to get swift status:

vagrant@swift:~$ swift -A http://172.16.0.201:5000/v2.0 -U service:swift -K swift stat
Auth GET failed: http://172.16.0.201:5000/v2.0 200 OK

I tried adding TempAuth entries to the Proxy config as well, but that is not working for me either.  Please see my Proxy Config file contents below:

172.16.0.203 is my Swift Server
172.16.0.201 is my Controller Node, which runs Keystone

[DEFAULT]
bind_port = 443
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key
user = swift
log_facility = LOG_LOCAL1

[pipeline:main] 
pipeline = catch_errors healthcheck cache authtoken keystoneauth proxy-server 

[app:proxy-server] 
use = egg:swift#proxy 
account_autocreate = true
allow_account_management = true

[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .rseller_admin

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:cache]
use = egg:swift#memcache

[filter:keystone]
paste.filter_factory = keystoneclient.middleware.swift_auth:filter_factory
operator_roles = Member,admin

[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
service_port = 5000
service_host = 172.16.0.201 
auth_port = 35357
auth_host = 172.16.0.201
auth_protocol = http
auth_token = ADMIN
admin_token = ADMIN
admin_tenant_name = service
admin_user = swift
admin_password = swift
cache = swift.cache

[filter:catch_errors] 
use = egg:swift#catch_errors

[filter:swift3]
use = egg:swift#swift3

[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin, swiftoperator

[filter:swiftauth]
use = egg:keystone#swiftauth
keystone_url = http://172.16.0.201:5000/v2.0
keystone_admin_token = 999888777666
keystone_swift_operator_roles = Admin, SwiftOperator
keystone_tenant_user_admin = true

[filter:tokenauth]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
auth_protocol = http
auth_host = 172.16.0.201
auth_port = 35357
auth_uri = http://172.16.0.201:5000/
admin_token = 999888777666
delay_auth_decision = 0
memecache_host = 172.16.0.203:11211

The keystone endpoint was successfully created:
+----------------------------------+-----------+------------------------------------------------+------------------------------------------------+-------------------------------------------+----------------------------------+
|                id                |   region  |                   publicurl                    |                  internalurl                   |                  adminurl                 |            service_id            |
+----------------------------------+-----------+------------------------------------------------+------------------------------------------------+-------------------------------------------+----------------------------------+
| 3bb430404e1f4da0a8f22fdfa8b906a2 | RegionOne |    http://172.16.0.201:8773/services/Cloud     |    http://172.16.0.201:8773/services/Cloud     |  http://172.16.0.201:8773/services/Admin  | fcfddafdc36b4708a3bfddd39cd5bd57 |
| 6cc1aedc3e154344922b34100a0a5c95 | RegionOne | https://172.16.0.203:443/v1/AUTH_$(tenant_id)s | https://172.16.0.203:443/v1/AUTH_$(tenant_id)s |        https://172.16.0.203:443/v1        | 0c342438b82a461f98494ef7f7d3abb7 |
| 78fda6ce75034e8b821aadaef72b3a8b | RegionOne |   http://172.16.0.201:8776/v1/%(tenant_id)s    |   http://172.16.0.201:8776/v1/%(tenant_id)s    | http://172.16.0.201:8776/v1/%(tenant_id)s | 2410a1924e764513805b9d6f62639226 |
| 9bf69ed68d404a959521f1099e0aae5b | RegionOne |         http://172.16.0.201:5000/v2.0          |         http://172.16.0.201:5000/v2.0          |       http://172.16.0.201:35357/v2.0      | 839a2b67a6f1450fa8666507e49476d3 |
| b4d2945af5d24e50aae51c935452f36d | RegionOne |          http://172.16.0.201:9292/v1           |          http://172.16.0.201:9292/v1           |        http://172.16.0.201:9292/v1        | 3a172fa1190a40ddb8bedafdffc26e08 |
| e5e3664088be4295942bce38e611f420 | RegionOne |   http://172.16.0.201:8774/v2/$(tenant_id)s    |   http://172.16.0.201:8774/v2/$(tenant_id)s    | http://172.16.0.201:8774/v2/$(tenant_id)s | d3b23588d58e4f7f9563a8e8af650128 |
+----------------------------------+-----------+------------------------------------------------+------------------------------------------------+-------------------------------------------+----------------------------------+

Also, the swift user is an admin in the service tenant:
vagrant@swift:~$ keystone tenant-list
+----------------------------------+----------+---------+
|                id                |   name   | enabled |
+----------------------------------+----------+---------+
| 9106c2e5f44840f39bac59be3c9d4e12 | cookbook |   True  |
| b334b98cc9f241d59367e848e253e3cf | service  |   True  |
+----------------------------------+----------+---------+


vagrant@swift:~$ keystone user-role-list --user swift --tenant_id b334b98cc9f241d59367e848e253e3cf
+----------------------------------+----------+----------------------------------+----------------------------------+
|                id                |   name   |             user_id              |            tenant_id             |
+----------------------------------+----------+----------------------------------+----------------------------------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | ac30c7cd0d234f7baa95d2cf9032d38b | b334b98cc9f241d59367e848e253e3cf |
| fb981f22fd5d4cf39a558e13eabbca91 |  admin   | ac30c7cd0d234f7baa95d2cf9032d38b | b334b98cc9f241d59367e848e253e3cf |
+----------------------------------+----------+----------------------------------+----------------------------------+

Any advice would be appreciated