openstack team mailing list archive

Thread
Date
Re: Swift tempurl

To: "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
From: Morten Møller Riis <mmr@xxxxxxxxxxx>
Date: Thu, 11 Jul 2013 11:21:29 +1000
In-reply-to: <8024302B-646C-4842-BD92-4653E3A3BBE0@gigahost.dk>
This turned out to be a known issue with swath.

I upgraded to a newer version and the problem was resolved :)

Mvh / Best regards
Morten Møller Riis
Gigahost ApS
mmr@xxxxxxxxxxx




On Jul 11, 2013, at 10:52 AM, Morten Møller Riis <mmr@xxxxxxxxxxx> wrote:

> I use swauth, and thus authtoken is not present in my pipeline. This might be why I'm seeing the problem actually.
> 
> Mvh / Best regards
> Morten Møller Riis
> Gigahost ApS
> mmr@xxxxxxxxxxx
> 
> 
> 
> 
> On Jul 11, 2013, at 4:04 AM, Shrinand Javadekar <shrinand@xxxxxxxxxxxxxx> wrote:
> 
>> I had a similar problem. See [1]. The fix was to add delay_auth_decision = 1 in the proxy-server.conf
>> 
>> [filter:authtoken]
>> ...
>> delay_auth_decision = 1
>> 
>> -Shri
>> [1] https://answers.launchpad.net/swift/+question/225614
>> 
>> 
>> On Wed, Jul 10, 2013 at 4:43 AM, Morten Møller Riis <mmr@xxxxxxxxxxx> wrote:
>> I've been looking at tempurl.py and found that the problem occurs here:
>> 
>>     def _get_key(self, env, account):
>>         """
>>         Returns the X-Account-Meta-Temp-URL-Key header value for the
>>         account, or None if none is set.
>> 
>>         :param env: The WSGI environment for the request.
>>         :param account: Account str.
>>         :returns: X-Account-Meta-Temp-URL-Key str value, or None.
>>         """
>>         key = None
>>         memcache = env.get('swift.cache')
>>         if memcache:
>>             key = memcache.get('temp-url-key/%s' % account)
>>         if not key:
>>             newenv = make_pre_authed_env(env, 'HEAD', '/v1/' + account,
>>                                          self.agent)
>>             newenv['CONTENT_LENGTH'] = '0'
>>             newenv['wsgi.input'] = StringIO('')
>>             key = [None]
>> 
>>             def _start_response(status, response_headers, exc_info=None):
>>                 for h, v in response_headers:
>>                     if h.lower() == 'x-account-meta-temp-url-key':
>>                         key[0] = v
>> 
>>             i = iter(self.app(newenv, _start_response))
>>             self.logger.info()
>>             try:
>>                 i.next()
>>             except StopIteration:
>>                 pass
>>             key = key[0]
>>             if key and memcache:
>>                 memcache.set('temp-url-key/%s' % account, key, timeout=60)
>>         return key
>> 
>> The request get 403 forbidden and thus never gets the key in the first place. I'm looking at the github repo and the implementation there seems to have changed.
>> 
>> 
>> Mvh / Best regards
>> Morten Møller Riis
>> Gigahost ApS
>> mmr@xxxxxxxxxxx
>> 
>> 
>> 
>> 
>> On Jul 10, 2013, at 6:24 PM, Morten Møller Riis <mmr@xxxxxxxxxxx> wrote:
>> 
>>> I'm having trouble getting tempurl to work.
>>> 
>>> I set the "X-Account-Meta-Temp-Url-Key" metadata on the account. And a GET request shows it's set correctly.
>>> 
>>> I've enabled it on the proxy server in /etc/swift/proxy-server.conf:
>>> 
>>> [DEFAULT]
>>> bind_port = 8080
>>> workers = 8
>>> user = swift
>>> 
>>> [pipeline:main]
>>> pipeline = healthcheck cache tempurl swauth proxy-server
>>> 
>>> [app:proxy-server]
>>> use = egg:swift#proxy
>>> allow_account_management = true
>>> account_autocreate = true
>>> 
>>> [filter:tempurl]
>>> use = egg:swift#tempurl
>>> 
>>> [filter:swauth]
>>> use = egg:swauth#swauth
>>> set log_name = swauth
>>> super_admin_key = <removed>
>>> default_swift_cluster = gigahost#https://<url>/v1#http://localhost:8080/v1
>>> 
>>> [filter:healthcheck]
>>> use = egg:swift#healthcheck
>>> 
>>> [filter:cache]
>>> use = egg:swift#memcache
>>> memcache_servers = 127.0.0.1:11211
>>> 
>>> When creating the tempurl's, even using the swift-temp-url program I get:
>>> 
>>> ~ $ curl -i "https://<url>/v1/AUTH_224b1001-2c75-444c-aaef-30af13b9154c/000/206.pdf?temp_url_sig=387d79120a591e1cf6f4d4356f5c0a96fb49d202&temp_url_expires=1373438360"
>>> HTTP/1.1 401 Unauthorized
>>> Server: nginx
>>> Date: Wed, 10 Jul 2013 08:21:32 GMT
>>> Content-Type: text/plain
>>> Content-Length: 35
>>> Connection: keep-alive
>>> 
>>> 401 Unauthorized: Temp URL invalid
>>> 
>>> I've even tried running it locally on the proxy-server to localhost:8080, so I'm sure it's not nginx doing any funny stuff.
>>> 
>>> Does anybody have any suggestions? I'm pretty lost :(
>>> 
>>> 
>>> Mvh / Best regards
>>> Morten Møller Riis
>>> Gigahost ApS
>>> mmr@xxxxxxxxxxx
>>> 
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~openstack
>>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~openstack
>>> More help   : https://help.launchpad.net/ListHelp
>> 
>> 
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>> 
>> 
>
References

Swift tempurl
From: Morten Møller Riis, 2013-07-10
Re: Swift tempurl
From: Morten Møller Riis, 2013-07-10
Re: Swift tempurl
From: Shrinand Javadekar, 2013-07-10