openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #25022
Re: Swift tempurl
This turned out to be a known issue with swath.
I upgraded to a newer version and the problem was resolved :)
Mvh / Best regards
Morten Møller Riis
Gigahost ApS
mmr@xxxxxxxxxxx
On Jul 11, 2013, at 10:52 AM, Morten Møller Riis <mmr@xxxxxxxxxxx> wrote:
> I use swauth, and thus authtoken is not present in my pipeline. This might be why I'm seeing the problem actually.
>
> Mvh / Best regards
> Morten Møller Riis
> Gigahost ApS
> mmr@xxxxxxxxxxx
>
>
>
>
> On Jul 11, 2013, at 4:04 AM, Shrinand Javadekar <shrinand@xxxxxxxxxxxxxx> wrote:
>
>> I had a similar problem. See [1]. The fix was to add delay_auth_decision = 1 in the proxy-server.conf
>>
>> [filter:authtoken]
>> ...
>> delay_auth_decision = 1
>>
>> -Shri
>> [1] https://answers.launchpad.net/swift/+question/225614
>>
>>
>> On Wed, Jul 10, 2013 at 4:43 AM, Morten Møller Riis <mmr@xxxxxxxxxxx> wrote:
>> I've been looking at tempurl.py and found that the problem occurs here:
>>
>> def _get_key(self, env, account):
>> """
>> Returns the X-Account-Meta-Temp-URL-Key header value for the
>> account, or None if none is set.
>>
>> :param env: The WSGI environment for the request.
>> :param account: Account str.
>> :returns: X-Account-Meta-Temp-URL-Key str value, or None.
>> """
>> key = None
>> memcache = env.get('swift.cache')
>> if memcache:
>> key = memcache.get('temp-url-key/%s' % account)
>> if not key:
>> newenv = make_pre_authed_env(env, 'HEAD', '/v1/' + account,
>> self.agent)
>> newenv['CONTENT_LENGTH'] = '0'
>> newenv['wsgi.input'] = StringIO('')
>> key = [None]
>>
>> def _start_response(status, response_headers, exc_info=None):
>> for h, v in response_headers:
>> if h.lower() == 'x-account-meta-temp-url-key':
>> key[0] = v
>>
>> i = iter(self.app(newenv, _start_response))
>> self.logger.info()
>> try:
>> i.next()
>> except StopIteration:
>> pass
>> key = key[0]
>> if key and memcache:
>> memcache.set('temp-url-key/%s' % account, key, timeout=60)
>> return key
>>
>> The request get 403 forbidden and thus never gets the key in the first place. I'm looking at the github repo and the implementation there seems to have changed.
>>
>>
>> Mvh / Best regards
>> Morten Møller Riis
>> Gigahost ApS
>> mmr@xxxxxxxxxxx
>>
>>
>>
>>
>> On Jul 10, 2013, at 6:24 PM, Morten Møller Riis <mmr@xxxxxxxxxxx> wrote:
>>
>>> I'm having trouble getting tempurl to work.
>>>
>>> I set the "X-Account-Meta-Temp-Url-Key" metadata on the account. And a GET request shows it's set correctly.
>>>
>>> I've enabled it on the proxy server in /etc/swift/proxy-server.conf:
>>>
>>> [DEFAULT]
>>> bind_port = 8080
>>> workers = 8
>>> user = swift
>>>
>>> [pipeline:main]
>>> pipeline = healthcheck cache tempurl swauth proxy-server
>>>
>>> [app:proxy-server]
>>> use = egg:swift#proxy
>>> allow_account_management = true
>>> account_autocreate = true
>>>
>>> [filter:tempurl]
>>> use = egg:swift#tempurl
>>>
>>> [filter:swauth]
>>> use = egg:swauth#swauth
>>> set log_name = swauth
>>> super_admin_key = <removed>
>>> default_swift_cluster = gigahost#https://<url>/v1#http://localhost:8080/v1
>>>
>>> [filter:healthcheck]
>>> use = egg:swift#healthcheck
>>>
>>> [filter:cache]
>>> use = egg:swift#memcache
>>> memcache_servers = 127.0.0.1:11211
>>>
>>> When creating the tempurl's, even using the swift-temp-url program I get:
>>>
>>> ~ $ curl -i "https://<url>/v1/AUTH_224b1001-2c75-444c-aaef-30af13b9154c/000/206.pdf?temp_url_sig=387d79120a591e1cf6f4d4356f5c0a96fb49d202&temp_url_expires=1373438360"
>>> HTTP/1.1 401 Unauthorized
>>> Server: nginx
>>> Date: Wed, 10 Jul 2013 08:21:32 GMT
>>> Content-Type: text/plain
>>> Content-Length: 35
>>> Connection: keep-alive
>>>
>>> 401 Unauthorized: Temp URL invalid
>>>
>>> I've even tried running it locally on the proxy-server to localhost:8080, so I'm sure it's not nginx doing any funny stuff.
>>>
>>> Does anybody have any suggestions? I'm pretty lost :(
>>>
>>>
>>> Mvh / Best regards
>>> Morten Møller Riis
>>> Gigahost ApS
>>> mmr@xxxxxxxxxxx
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~openstack
>>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~openstack
>>> More help : https://help.launchpad.net/ListHelp
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp
>>
>>
>
References