Swift3/S3 API errors when authenticating with EC2 keys
I have a working Swift in CentOS 7, version Ocata, installed following the installation guides. I'm trying to add the S3 API (swift3). There's a lot of old/outdated information online, but I think I managed to get the correct configuration options in proxy-server.conf (pipeline, filters) and keystone-paste.ini (ec2_extension, s3_extension)
My setup is almost exactly like harshalx in this thread:
https://ask.openstack.org/en/question...
When testing a connection with s3curl, I get:
<?xml version='1.0' encoding='UTF-8'?>
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><RequestId>tx98c3a8c4e75d43489ba9e-005914c402</RequestId></Error>
In keystone.log, I get:
2017-05-11 16:05:22.453 6081 INFO keystone.common.wsgi [req-ddd8c06b-d4a2-46ba-9c0e-34aa597d6734 - - - - -] POST http://controller:35357/v2.0/s3tokens
2017-05-11 16:05:22.721 6081 ERROR keystone.common.wsgi [req-ddd8c06b-d4a2-46ba-9c0e-34aa597d6734 - - - - -] need more than 4 values to unpack
2017-05-11 16:05:22.721 6081 ERROR keystone.common.wsgi Traceback (most recent call last):
2017-05-11 16:05:22.721 6081 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in __call__
2017-05-11 16:05:22.721 6081 ERROR keystone.common.wsgi result = method(req, **params)
2017-05-11 16:05:22.721 6081 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/oslo_log/versionutils.py", line 178, in wrapped
2017-05-11 16:05:22.721 6081 ERROR keystone.common.wsgi return func_or_cls(*args, **kwargs)
2017-05-11 16:05:22.721 6081 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/contrib/ec2/controllers.py", line 264, in authenticate
2017-05-11 16:05:22.721 6081 ERROR keystone.common.wsgi ec2credentials=ec2Credentials)
2017-05-11 16:05:22.721 6081 ERROR keystone.common.wsgi ValueError: need more than 4 values to unpack
2017-05-11 16:05:22.721 6081 ERROR keystone.common.wsgi
I only get this error when the keys are correct, so I guess it's authenticating before collapsing. I have tried deleting and recreating ec2 credentials multiple times (openstack ec2 credentials create), with the same result.
When testing using signatures v4 instead of v2, I get a different error:
2017-05-11 16:08:19.077 6080 INFO keystone.common.wsgi [req-b924084a-d48c-4c34-a561-33913787d994 - - - - -] POST http://controller:35357/v2.0/s3tokens
2017-05-11 16:08:19.087 6080 WARNING keystone.common.wsgi [req-b924084a-d48c-4c34-a561-33913787d994 - - - - -] Authorization failed. The request you have made requires authentication.
Any suggestions are welcome. If someone has a working S3 API in Ocata, I'd love to see the configuration files.
