Revision history [back]

click to hide/show revision 1
initial version

Thank you for the logs. A couple of things for you to check on in the order I feel are most likely to cause the problem.

  • Endpoints:

First, you have some IP addresses in your endpoints, but you also have 127.0.0.1. If there is more than one node, your endpoints will no longer work. I suggest you use your 10.x.x.x addresses for your endpoints and recreate the keystone one.

Second, you have your swift endpoint wrong. It should be literally http://10.205.1.20/v1/AUTH_%(tenant_id)s. In this case it isn't a place holder for your values and the endpoint becomes different for each tenant. This alone may be the entire cause of your issue (it definetly needs to be fixed either way).

  • Swift Proxy Config:

You have the line operator_roles = admin, swiftoperator in your conf. This is good, but you need to know what it does. This allows _only_ users with the role admin/swiftoperator to create and delete accounts through Swift. With the appropriate swift ACLs, he would be able to add and delete objects from a container, but not create. If your user "spark" does not have one of these roles, he will be unable to create accounts (but that is a different error that 401, it is 403 I think). You did not list the output of keystone user-role-list but that is how your would check his roles. Just keep that in mind.

Also you have user = spark, that is wierd. It should be user swift. Please check that you have configured all the correct perms on the appropriate folders (and consider reverting back to the default user).


Make these changes and let me know if you still have an issue.

Thank you for the logs. confs. A couple of things for you to check on in the order I feel are most likely to cause the problem.

  • Endpoints:

First, you have some IP addresses in your endpoints, but you also have 127.0.0.1. If there is more than one node, your endpoints will no longer work. I suggest you use your 10.x.x.x addresses for your endpoints and recreate the keystone one.

Second, you have your swift endpoint wrong. It should be literally http://10.205.1.20/v1/AUTH_%(tenant_id)s. In this case it isn't a place holder for your values and the endpoint becomes different for each tenant. This alone may be the entire cause of your issue (it definetly needs to be fixed either way).

  • Swift Proxy Config:

You have the line operator_roles = admin, swiftoperator in your conf. This is good, but you need to know what it does. This allows _only_ users with the role admin/swiftoperator to create and delete accounts through Swift. With the appropriate swift ACLs, he would be able to add and delete objects from a container, but not create. If your user "spark" does not have one of these roles, he will be unable to create accounts (but that is a different error that 401, it is 403 I think). You did not list the output of keystone user-role-list but that is how your would check his roles. Just keep that in mind.

Also you have user = spark, that is wierd. It should be user swift. Please check that you have configured all the correct perms on the appropriate folders (and consider reverting back to the default user).


Make these changes and let me know if you still have an issue.