Verifying Swift [closed]

asked 2014-02-07 19:08:25 -0600

aplawson gravatar image

Basically I'm trying to verify a multi-node Swift manual installation using the instructions on the OpenStack website with 1x proxy and 5x storage nodes and X-Auth. I turned on all services with no errors (well, no errors I didn't fix anyway). My challenge here is with trying to create an account and heading it. Below is what I'm scripting as I go along.

I ran Step1 successfully using system:root as the user, receiving a valid token and storage URL and no errors.

I then executed Step2, I received a 401 Unauthorized reply.

Being a glutton for punishment I ran Step3 which produced another 401 Unauthorized reply.

I ran Step1 again as shown below with test:tester as the user (thinking it was because I don't actually run as root but I run commands via sudo) and I'm realizing it's giving me 401 unauthorized replies no matter what I do.

Is this an obvious problem with an easy remedy? My scripted steps are below:

# 1 Acquire X-Storage-Url and X-Auth-Token
curl -k -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0

# 2 Test HEAD account process
# SAMPLE: curl -k -v -H 'X-Auth-Token: <token-from-x-auth-token-above>' <url-from-x-storage-url-above>
curl -k -v -H 'X-Auth-Token: AUTH_tkf85b7788c36143ac99e5a5b42d95d628' https://$PROXY_LOCAL_NET_IP:8080/v1/AUTH_system

# 3 Test Swift is actually working
swift -A https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0 -U test:tester -K testing stat

Below is a bash history/output of what is happening right now:

login as: c52xxx74
c52xxx74@10.173.0.66's password:
Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.2.0-55-generic x86_64)
 * Documentation:  https://help.ubuntu.com/
Last login: Thu Feb  6 21:05:32 2014 from 10.7.106.110
 Powered by Monsoon (Version 2.2.465)          Platform: ubuntu 12.04
 Hostname     : mo-ad1469a10.mo.XXX.corp       Name    : node0p
 Organization : c52xxx74                       Project : swift_poc
 Url          : https://mxxxxxn.mo.XXX.corp/instances/mo-ad1469a10
c5201274@mo-ad1469a10:~$ sudo su
root@mo-ad1469a10:/home/c52xxx74# . credrc.sh
root@mo-ad1469a10:/home/c52xxx74# swift-init proxy start
proxy-server running (5502 - /etc/swift/proxy-server.conf)
proxy-server already started...
root@mo-ad1469a10:/home/c52xxx74# curl -k -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0
* About to connect() to 10.173.0.66 port 8080 (#0)
*   Trying 10.173.0.66... connected
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
*        subject: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd
*        start date: 2014-01-29 00:34:55 GMT
*        expire date: 2014-02-28 00:34:55 GMT
* SSL: unable to obtain common name from peer certificate
> GET /auth/v1.0 HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu ...
(more)
edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by koolhead17
close date 2014-02-13 15:41:52.799224

Comments

search this site for swift and unauthorized or 401 and I think you'll find plenty of suggestions. Update your question with your findings (and trim the unnecessaryparts of the logs to make it more easily readable)

smaffulli gravatar imagesmaffulli ( 2014-02-10 02:56:59 -0600 )edit

1 answer

Sort by ยป oldest newest most voted
0

answered 2014-02-10 16:31:46 -0600

aplawson gravatar image

updated 2014-02-10 16:34:16 -0600

Update: Happy days are here again. I figured out my problem which was a couple issues. I'll share with the group so others won't run into this.

I was using two sources of documentation that referenced the URL in two different ways that I didn't catch earlier (one used /AUTH and the other used /auth). That's obviously not going to work but I didn't see it previously.

Second, after doing some further research I learned that tokens are stored in memcached so without memcached running, access is impossible. To be sure it wasn't related to memcached, I checked and lo and behold, it wasn't running and wouldn't stay running after I started the service. So I checked /etc/swift/memcached.conf and realized I had memcached listening on an IP address listed as -1 10.173.0.66 and not -l 10.173.0.66 (basically I was using number one instead of the letter L). Using L worked.

So, all is well for now. Just thought I'd share that with you guys!

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-02-07 19:08:25 -0600

Seen: 347 times

Last updated: Feb 10 '14