Ask Your Question
0

switching SAIO system to SSL: cannot start proxy-server (socket-error permission denied)

asked 2012-07-05 17:06:42 -0600

kcalmond gravatar image

I have a working SAIO system configured to use regular HTTP. I need to switch it to use HTTPS.
I made changes to the config based on the guidance here:

http://docs.openstack.org/trunk/openstack-object-storage/admin/content/part-i-setting-up-secure-access.html (http://docs.openstack.org/trunk/opens...)

and further troubleshooting guidance about setting default-swift_cluster here: https://answers.launchpad.net/swift/+question/162268 (https://answers.launchpad.net/swift/+...)

Problem:

When starting the proxy server I get this traceback:

Traceback (most recent call last): File "/usr/local/bin/swift-proxy-server", line 7, in <module> execfile(__file__) File "/home/saio/swift/bin/swift-proxy-server", line 22, in <module> run_wsgi(conf_file, 'proxy-server', default_port=8080, **options) File "/home/saio/swift/swift/common/wsgi.py", line 128, in run_wsgi sock = get_socket(conf, default_port=kwargs.get('default_port', 8080)) File "/home/saio/swift/swift/common/wsgi.py", line 77, in get_socket family=address_family) File "/usr/lib/pymodules/python2.6/eventlet/convenience.py", line 40, in listen sock.bind(addr) File "<string>", line 1, in bind socket.error: [Errno 13] Permission denied

WORKAROUND?... I can start the proxy server as root without any errors. But when I try this (to reset the default ADMIN_URL and then add a new admin user) I get another error:

saio@swift-saio-0:/var/run/swift$ sudo swauth-prep -K swauthkey -A https://127.0.0.1/auth/ Auth subsystem prep failed: 403 Forbidden

So I'm stuck mucking through a SAIO conversion from http to https. I've exhausted google on this one. Can anyone help?

P.S. To convert SAIO to https, do I need to run the resetswift script? I did not do that. (I did run remakerings successfully).

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
0

answered 2012-07-06 04:35:52 -0600

notmyname gravatar image

The reason you got permission denied is because you changed the bind_port to 443 (a privileged port). Either run as root to bind to 443 or change the port to something >1024 to run as non-root (eg 4430).

Note that SSL support directly in swift is for testing purposes only. It is not suitable for production use.

edit flag offensive delete link more
0

answered 2012-07-09 22:07:53 -0600

kcalmond gravatar image

John,

Thanks for this pointer. I was not considering using a port other than the default 443. I've worked past this problem now.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2012-07-05 17:06:42 -0600

Seen: 242 times

Last updated: Jul 09 '12