Ask Your Question
0

how to config swift to support s3 api

asked 2017-03-13 09:51:08 -0500

james_wangjz gravatar image

updated 2017-03-23 13:56:28 -0500

rbowen gravatar image

i installed swift3 followed by https://git.openstack.org/cgit/openst.... Failed to creatbucket. my openstack was installed in a vm,and the installation followed by https://docs.openstack.org/project-in...

[root@aio ~]# cd s3curl/
[root@aio s3curl]# ./s3curl.pl --id=personal --createBucket -- http://172.24.4.100:8080/ab
Bad URL[root@aio s3curl]#
[root@aio s3curl]# cat /etc/swift/swift.conf |grep -v ^#|grep -v ^$
[swift-hash]
swift_hash_path_suffix = changeme
swift_hash_path_prefix = changeme
[storage-policy:0]
name = Policy-0
default = yes
aliases = yellow, orange
[swift-constraints]
[root@aio s3curl]# cat /etc/swift/proxy-server.conf |grep -v ^#|grep -v ^$
[DEFAULT]
bind_port = 8080
user = swift
swift_dir = /etc/swift
[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit swift3 s3token authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server
[app:proxy-server]
use = egg:swift#proxy
account_autocreate = True
[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test_tester3 = testing3
user_test5_tester5 = testing5 service
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = swift
password = swiftpassword
delay_auth_decision = True
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin, user
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:cache]
use = egg:swift#memcache
memcache_servers = controller:11211
[filter:ratelimit]
use = egg:swift#ratelimit
[filter:domain_remap]
use = egg:swift#domain_remap
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:cname_lookup]
use = egg:swift#cname_lookup
[filter:staticweb]
use = egg:swift#staticweb
[filter:tempurl]
use = egg:swift#tempurl
[filter:formpost]
use = egg:swift#formpost
[filter:name_check]
use = egg:swift#name_check
[filter:list-endpoints]
use = egg:swift#list_endpoints
[filter:proxy-logging]
use = egg:swift#proxy_logging
[filter:bulk]
use = egg:swift#bulk
[filter:slo]
use = egg:swift#slo
[filter:dlo]
use = egg:swift#dlo
[filter:container-quotas]
use = egg:swift#container_quotas
[filter:account-quotas]
use = egg:swift#account_quotas
[filter:gatekeeper]
use = egg:swift#gatekeeper
[filter:container_sync]
use = egg:swift#container_sync
[filter:xprofile]
use = egg:swift#xprofile
[filter:versioned_writes]
use = egg:swift#versioned_writes
[filter:copy]
use = egg:swift#copy
[filter:keymaster]
use = egg:swift#keymaster
encryption_root_secret = changeme
[filter:encryption]
use = egg:swift#encryption
[filter:swift3]
use = egg:swift3#swift3
[filter:s3token]
use = egg:swift3#s3token
auth_uri = http://controller:35357/
[root@aio s3curl]# cd /etc/swift/
[root@aio swift]# swift-init restart proxy-server
Signal proxy-server pid: 9339 signal: 15
No proxy-server running
Starting proxy-server...(/etc/swift/proxy-server.conf)
Traceback (most recent call last):
File "/usr/bin/swift-proxy-server", line 23, in <module>
sys.exit(run_wsgi(conf_file, 'proxy-server', **options))
File "/usr/lib/python2.7/site-packages/swift/common/wsgi.py", line 895, in run_wsgi
error_msg = strategy.bind_ports()
File "/usr/lib/python2.7/site-packages/swift/common/wsgi.py", line 490, in bind_ports
self.sock = get_socket(self.conf)
File "/usr/lib/python2.7/site-packages/swift/common/wsgi.py", line 207, in get_socket
'timeout': bind_timeout})
Exception: Could not bind to 0.0.0.0:8080 after trying for 30 seconds
//////though it fialed ,but i can upload or download file from dashboard.

[root@aio swift]#
[root@aio swift]# cat /etc/keystone/keystone-paste.ini |grep -i s3
[filter:s3_extension ... (more)

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
0

answered 2017-03-23 14:56:33 -0500

tburke gravatar image

Between

Signal proxy-server pid: 9339 signal: 15
No proxy-server running

and

Could not bind to 0.0.0.0:8080 after trying for 30 seconds

I'd guess that there's already a proxy-server running, only its pid was not the expected 9339. Since the proxy never restarted, it didn't pick up the proxy-server.conf changes to enable swift3, leading to the request failure.

I suggest running swift-oldies -a 1 (or ps aux | grep proxy) to find the proxy-server process, killing it, then running swift-init start proxy-server to start it again.

edit flag offensive delete link more
0

answered 2017-03-31 00:06:36 -0500

james_wangjz gravatar image

updated 2017-03-31 00:58:02 -0500

i delete the configuration in proxy-server.conf and restart proxy-server.

log_name = swift

log_facility = LOG_LOCAL0

log_level = INFO

[root@aio s3curl]# swift-init restart proxy-server
Signal proxy-server pid: 23003 signal: 15
proxy-server (23003) appears to have stopped
Starting proxy-server
[root@aio s3curl]#

[root@aio s3curl]# ./s3curl.pl --id=personal --createBucket -- http://172.24.4.100:8080/abc -v
* About to connect() to 172.24.4.100 port 8080 (#0)
* Trying 172.24.4.100...
* Connected to 172.24.4.100 (172.24.4.100) port 8080 (#0)

PUT /abc HTTP/1.1
User-Agent: curl/7.29.0
Host: 172.24.4.100:8080
Accept: /
Date: Fri, 31 Mar 2017 03:54:54 +0000
Authorization: AWS a03606e0eae644379f3d6226fb076ca1:H9kYUp4Gebsbsk9FvjursxuCVgo=
Content-Length: 0

< HTTP/1.1 403 Forbidden
< x-amz-id-2: tx13ee5cdadc084bd690653-0058ddd30e
< x-amz-request-id: tx13ee5cdadc084bd690653-0058ddd30e
< Content-Type: application/xml
< X-Trans-Id: tx13ee5cdadc084bd690653-0058ddd30e
< X-Openstack-Request-Id: tx13ee5cdadc084bd690653-0058ddd30e
< Date: Fri, 31 Mar 2017 03:54:57 GMT
< Transfer-Encoding: chunked
* HTTP error before end of send, stop sending
<

* Closing connection 0
<error>SignatureDoesNotMatch<message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</message><requestid>tx13ee5cdadc084bd690653-0058ddd30e</requestid></error>[root@aio s3curl]#

and the error info ablout keystone.log like this:
2017-03-31 11:54:57.465 17483 INFO keystone.common.wsgi [req-b929f127-08e9-4eaa-9165-4bf54dbb9734 - - - - -] POST http://172.24.4.100:5000/v2.0/s3tokens
2017-03-31 11:54:57.465 17483 WARNING oslo_log.versionutils [req-b929f127-08e9-4eaa-9165-4bf54dbb9734 - - - - -] Deprecated: authenticate of the v2 EC2 APIs is deprecated as of Mitaka in favor of a similar function in the v3 Credential APIs.
2017-03-31 11:54:57.838 17483 WARNING keystone.common.wsgi [req-b929f127-08e9-4eaa-9165-4bf54dbb9734 - - - - -] Authorization failed. The request you have made requires authentication. from 172.24.4.100

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

Stats

Asked: 2017-03-13 09:42:48 -0500

Seen: 637 times

Last updated: Mar 31 '17