S3API Errors - Swift Openstack- Authentication Issue

asked 2018-08-07 04:03:11 -0600

Sivakumar gravatar image

I am working on Swift in CentOS 7, version Queens, installed following the installation guides. I'm trying to add the S3 API (swift3). There's a lot of old/outdated information online, but I think I managed to get the correct configuration options in proxy-server.conf (pipeline, filters).

Please have a closer look to the issue in relation to the authentication: (attached the proxy-server.conf/EC2 credentials/S3Curl Request):

Swift Proxy Server  -   proxy-server.conf configuration file:

[pipeline:main]

pipeline = catch_errors healthcheck cache swift3 s3token authtoken keystoneauth ...

[filter:swift3]

use = egg:swift3#swift3

[filter:s3token]

paste.filter_factory = keystonemiddleware.s3_token:filter_factory

auth_uri = http://10.5.98.7:35357/

10.5.98.7 : Controller IP Address

Creation of EC2 credentials in the Identity Service (Keystone) with Project ID & User ID

[root@alex ~(keystone_admin)]# openstack ec2 credentials create --project b2d80beb4d384ffb9645b1cf323638f4 --user 965ae34509a24a429e1ef3b2e820ea8b

+------------+------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value
| +------------+------------------------------------------------------------------------------------------------------------------------------------+ | access | 0bd6ce79447d4de286335b6b2d99f524
| | links | {u'self': u'http://10.5.98.7:35357/v3/users/965ae34509a24a429e1ef3b2e820ea8b/credentials/OS-EC2/0bd6ce79447d4de286335b6b2d99f524'} | | project_id | b2d80beb4d384ffb9645b1cf323638f4
| | secret | 8cf54ad8067d4c8ca535f68ec94ec54a
| | trust_id | None
| | user_id | 965ae34509a24a429e1ef3b2e820ea8b
| +------------+------------------------------------------------------------------------------------------------------------------------------------+

when testing a connection with S3curl with two option's (with/without Project ID), i get the following the reply:

#### This s3curl request with AUTH_PROJECTID matching Access & Secret Key - Log Reply ######

[root@oscar s3-curl]# ./s3curl.pl --id 0bd6ce79447d4de286335b6b2d99f524 --key 8cf54ad8067d4c8ca535f68ec94ec54a http://10.5.98.25:8080/AUTH_b2d80beb4d384ffb9645b1cf323638f4 --debug

s3curl: Found the url: host=10.5.98.25; port=8080; uri=/AUTH_b2d80beb4d384ffb9645b1cf323638f4; query=;
s3curl: ordinary endpoint signing case
s3curl: StringToSign='GET\n\n\nTue, 07 Aug 2018 08:11:21 +0000\n/AUTH_b2d80beb4d384ffb9645b1cf323638f4'
s3curl: exec curl -H Date: Tue, 07 Aug 2018 08:11:21 +0000 -H Authorization: AWS 0bd6ce79447d4de286335b6b2d99f524:7WMnMqxOckiX6+cSRLLCoHJ+Y3A= -L -H content-type:  http://10.5.98.25:8080/AUTH_b2d80beb4d384ffb9645b1cf323638f4

Error>
Code>InvalidBucketName</Code>
Message>The specified bucket is not valid.</Message>
RequestId>tx041ca8e67ebd4190bbdc6-005b695437</RequestId>
BucketName>AUTH_b2d80beb4d384ffb9645b1cf323638f4</BucketName>
Error>

[root@oscar s3-curl]#

-----Log Message in SWIFT PROXY Server with Project ID:------

Aug  7 10:20:56 sara proxy-server: 10.5.98.21 10.5.98.21 07/Aug/2018/08/20/56 GET /AUTH_b2d80beb4d384ffb9645b1cf323638f4 HTTP/1.0 400 - curl/7.29.0 - - 256 - txfcbdf0c796704d11979d5-005b695668 - 0.0034 - - 1533630056.401396990 1533630056.404833078 -

#### This s3curl request without AUTH_PROJECTID matching Access & Secret Key - Log Reply ######

[root@oscar s3-curl]# ./s3curl.pl --id 0bd6ce79447d4de286335b6b2d99f524 --key 8cf54ad8067d4c8ca535f68ec94ec54a http://10.5.98.25:8080/ --debug                

s3curl: Found the url: host=10.5.98.25; port=8080; uri=/; query=;
s3curl: ordinary endpoint signing case
s3curl: StringToSign='GET\n\n\nTue, 07 Aug 2018 08:12:12 +0000\n/'
s3curl: exec curl -H Date: Tue, 07 Aug 2018 08:12:12 +0000 -H Authorization: AWS 0bd6ce79447d4de286335b6b2d99f524:tBDO30/WiJWw4Dy01TF8SvNpmxw= -L -H content-type:  http://10.5.98.25:8080/

Error>
Code>SignatureDoesNotMatch</Code>
Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
RequestId>tx91872991743a4e0b9b9ad-005b69546a</RequestId>
Error>
[root@oscar s3-curl]#

----Log messages in SWIFT PROXY Server without ProjectID:------

Aug  7 10:19:55 sara proxy-server: 10.5.98.21 10.5.98.21 07/Aug/2018/08/19/55 GET / HTTP/1.0 ...
(more)
edit retag flag offensive close merge delete