Ask Your Question
0

Curl + Swift + Keystone

asked 2011-11-23 10:29:14 -0600

foexle gravatar image

Heyho guys,

so i'm verry confused about how to use swift + keystone.

My swift config: [pipeline:main] pipeline = healthcheck cache keystone proxy-server

[filter:keystone] use = egg:keystone#swiftauth admin_token = 1111222233334444 keystone_url= http://127.0.0.1:5001/v2.0

Keystone and Swift are running correctly. Now i try to get all informations with curl (Username/PW) to Keystone URL

curl -d '{"auth": {"passwordCredentials": {"username": "testuser", "password": "testing"}}}' -H "Content-type: application/json" http://192.168.0.2:5000/v2.0/tokens

and i get the output: {"access": {"token": {"expires": "2011-11-23T15:36:14", "id": "30abaeac-b8dc-46f9-9aa1-db146c513099", "tenant": {"id": "7", "name": "testing"}}, "serviceCatalog": [{"endpoints": [{"adminURL": "http://192.168.0.2:8774/v1.1/7", "region": "RegionOne", "internalURL": "http://192.168.0.2:8774/v1.1/7", "publicURL": "http://192.168.0.2:8774/v1.1/7"}], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://192.168.0.2:9292/v1.0", "region": "RegionOne", "internalURL": "http://192.168.0.2:9292/v1.0/", "publicURL": "http://192.168.0.2:9292/v1.0"}], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://192.168.0.2:8080/", "region": "RegionOne", "internalURL": "http://192.168.0.2:8080/v1/AUTH_7", "publicURL": "http://78.109.54.196:8080/v1/AUTH_7"}], "type": "object-store", "name": "swift"}, {"endpoints": [{"adminURL": "http://192.168.0.2:5001/v2.0", "region": "RegionOne", "internalURL": "http://192.168.0.2:5001/v2.0", "publicURL": "http://192.168.0.2:5000/v2.0"}], "type": "identity", "name": "keystone"}, {"endpoints": [{"adminURL": "http://192.168.0.2:8774/v1.0", "region": "RegionOne", "internalURL": "http://192.168.0.2:8774/v1.0", "publicURL": "http://192.168.0.2:8774/v1.0"}], "type": "compute", "name": "Nova_compat"}], "user": {"id": "8", "roles": [{"tenantId": "7", "id": "5", "name": "Admin"}], "name": "testuser"}}}

So it looks good.

If i try now

curl -v -H 'X-Auth-Token: 30abaeac-b8dc-46f9-9aa1-db146c513099' http://192.168.0.2:8080/v1

or

curl -v -H 'X-Auth-Token: 30abaeac-b8dc-46f9-9aa1-db146c513099' http://192.168.0.2:8080/v1/AUTH_7

i get every time 401!!

Now i looked in the Keystone log and found this:

http://pastebin.com/T139FdrD

but the token are correct:

******** 2. row ******** id: 30abaeac-b8dc-46f9-9aa1-db146c513099 user_id: 8 tenant_id: 7 expires: 2011-11-23 15:36:14 2 rows in set (0.00 sec)

Do any knows whats wrong? My endpoint_templates should be correct. I've checked this many times.

greetings Heiko

edit retag flag offensive close merge delete

16 answers

Sort by ยป oldest newest most voted
0

answered 2011-11-23 11:52:46 -0600

foexle gravatar image

Nov 23 12:50:58 test1-os swift Keystone middleware called (txn: txd3e1f3f92ad34b1897cf64e17a846978)

Nov 23 12:50:58 test1-os swift token: 30abaeac-b8dc-46f9-9aa1-db146c513099 (txn: txd3e1f3f92ad34b1897cf64e17a846978)

Nov 23 12:50:58 test1-os swift Asking keystone to validate token (txn: txd3e1f3f92ad34b1897cf64e17a846978)

Nov 23 12:50:58 test1-os swift headers: {'Content-type': 'application/json', 'Accept': 'text/json', 'X-Auth-Token': None} (txn: txd3e1f3f92ad34b1897cf64e17a846978)

Nov 23 12:50:58 test1-os swift url: ParseResult(scheme='http', netloc='127.0.0.1:5001', path='/v2.0', params='', query='', fragment='') (txn: txd3e1f3f92ad34b1897cf64e17a846978)

it looks that swift dont have the admin token ? swift headers: {'Content-type': 'application/json', 'Accept': 'text/json', 'X-Auth-Token': None

hmmm but it is set in the config

edit flag offensive delete link more
0

answered 2012-02-24 09:09:52 -0600

Hello,

I'm experiencing the same issues on my setup ("2011.3-d5-rcb8~oneiric" Diablo D5 packages from http://ops.rcb.me/packages/

In particular, I keep getting 401s when I try to access the Swift admin_url.

I've tried to post it on the mailing list (here: https://lists.launchpad.net/openstack/msg07913.html (https://lists.launchpad.net/openstack...) ) but to no avail (sorry for cross-posting). The gory details of my setup & here: http://pastebin.com/6YGzV9PA

Any suggestion on how to get unstuck ?

Thanks,

Florian

edit flag offensive delete link more
0

answered 2011-11-23 15:50:18 -0600

foexle gravatar image

my proxy.conf

[DEFAULT] bind_port = 8080 workers = 8 user = swift log_name = swift log_facility = LOG_LOCAL0 log_level = DEBUG

[pipeline:main] pipeline = healthcheck catch_errors cache keystone proxy-server

[app:proxy-server] use = egg:swift#proxy allow_account_management = true account_autocreate = true set log_name = proxy-server set log_facility = LOG_LOCAL0 set log_level = DEBUG set access_log_name = proxy-server set access_log_facility = LOG_LOCAL0 set access_log_level = DEBUG set log_headers = True

[filter:catch_errors] use = egg:swift#catch_errors

[filter:keystone] use = egg:keystone#swiftauth keystone_admin_token = 1111222233334444 keystone_url= http://127.0.0.1:5001/v2.0

[filter:tempauth] use = egg:swift#tempauth user_system_root = testpass .admin http://192.168.0.2:8080/v1/AUTH_system

set log_name = ratelimit

set log_facility = LOG_LOCAL0

set log_level = INFO

set log_headers = False

[filter:healthcheck] use = egg:swift#healthcheck

[filter:cache] use = egg:swift#memcache memcache_servers = 192.168.0.2:11211

[filter:swauth] use = egg:swauth#swauth set log_name = swauth set log_facility = LOG_LOCAL0 set log_level = INFO set log_headers = False

super_admin_key = rails123

edit flag offensive delete link more
0

answered 2011-11-23 12:47:25 -0600

foexle gravatar image

done but now again HTTP-Code 412

Nov 23 13:45:24 test1-os swift Initialise keystone middleware (txn: tx3d9599a6a8c748f3b453b2d320acf769) Nov 23 13:45:24 test1-os swift Got token: 30abaeac-b8dc-46f9-9aa1-db146c513099 (txn: tx3d9599a6a8c748f3b453b2d320acf769) Nov 23 13:45:24 test1-os swift No memcache, requesting it from keystone (txn: tx3d9599a6a8c748f3b453b2d320acf769)

Nov 23 13:45:24 test1-os swift Keystone came back with: status:200, data:{"access": {"token": {"expires": "2011-11-23T15:36:14", "id": "30abaeac-b8dc-46f9-9aa1-db146c513099", "tenant": {"id": "7", "name": "testing"}}, "user": {"username": "testuser", "name": "testuser", "roles": [{"serviceId": "7", "id": "5", "name": "Admin"}, {"id": "15", "name": "Member"}], "tenantId": "7", "tenantName": "testing", "id": "8"}}} (txn: tx3d9599a6a8c748f3b453b2d320acf769)

Nov 23 13:45:24 test1-os swift setting memcache expiration to 2011-11-23 15:36:00 (txn: tx3d9599a6a8c748f3b453b2d320acf769)

Nov 23 13:45:24 test1-os swift Using identity: {'roles': [u'Admin', u'Member'], 'expires': 1322058960.0, 'user': u'testuser', 'tenant': (u'7', u'testing')} (txn: tx3d9599a6a8c748f3b453b2d320acf769)

Nov 23 13:45:24 test1-os swift Using identity: {'roles': [u'Admin', u'Member'], 'expires': 1322058960.0, 'user': u'testuser', 'tenant': (u'7', u'testing')} (txn: tx3d9599a6a8c748f3b453b2d320acf769)

Nov 23 13:45:24 test1-os swift 192.168.0.2 192.168.0.2 23/Nov/2011/12/45/24 GET /v1 HTTP/1.0 412 - curl/7.19.7%20%28x86_64-pc-linux-gnu%29%20libcurl/7.19.7%20OpenSSL/0.9.8k%20zlib/1.2.3.3%20libidn/1.15 30abaeac-b8dc-46f9-9aa1-db146c513099 - - - tx3d9599a6a8c748f3b453b2d320acf769 - 0.0005

any was wrong with parsing the result set ?

edit flag offensive delete link more
0

answered 2011-11-23 12:38:55 -0600

I am fixing that error just now, sorry about the confusion, you can remove the timeout=self.auth_timeout() line in 152 and retry?

edit flag offensive delete link more
0

answered 2011-11-23 12:28:30 -0600

foexle gravatar image

ok i have checked out now the trunk version of keystone and installed it. I changed the attribute, too.

i try now curl -v -H 'X-Auth-Token: 30abaeac-b8dc-46f9-9aa1-db146c513099' http://192.168.0.2:8080/v1

and see in the logs:

Nov 23 13:27:45 test1-os swift Initialise keystone middleware (txn: txdc93b99128e548a890510aac2c7c77e0) Nov 23 13:27:45 test1-os swift Got token: 30abaeac-b8dc-46f9-9aa1-db146c513099 (txn: txdc93b99128e548a890510aac2c7c77e0) Nov 23 13:27:45 test1-os swift STDOUT: ERROR:root:Error talking to memcached: 192.168.0.2:11211#012Traceback (most recent call last):#012 File "/usr/lib/pymodules/python2.6/swift/common/memcached.py", line 160, in get#012 while line[0].upper() != 'END':#012IndexError: list index out of range (txn: txdc93b99128e548a890510aac2c7c77e0) Nov 23 13:27:45 test1-os swift No memcache, requesting it from keystone (txn: txdc93b99128e548a890510aac2c7c77e0) Nov 23 13:27:45 test1-os swift Error: http_connect_raw() got an unexpected keyword argument 'timeout': #012Traceback (most recent call last):#012 File "/usr/lib/pymodules/python2.6/swift/common/middleware/catch_errors.py", line 47, in __call__#012 return self.app(env, my_start_response)#012 File "/usr/lib/pymodules/python2.6/swift/common/middleware/memcache.py", line 32, in __call__#012 return self.app(env, start_response)#012 File "/usr/local/lib/python2.6/dist-packages/keystone-2012.1-py2.6.egg/keystone/middleware/swift_auth.py", line 109, in __call__#012 identity = self._keystone_validate_token(token)#012 File "/usr/local/lib/python2.6/dist-packages/keystone-2012.1-py2.6.egg/keystone/middleware/swift_auth.py", line 152, in _keystone_validate_token#012 timeout=self.auth_timeout)#012TypeError: http_connect_raw() got an unexpected keyword argument 'timeout' (txn: txdc93b99128e548a890510aac2c7c77e0)

Memcached are installad and running.

edit flag offensive delete link more
0

answered 2011-11-23 12:05:49 -0600

which is available here: https://github.com/openstack/keystone...

edit flag offensive delete link more
0

answered 2011-11-23 12:05:26 -0600

Do you have anything in the logs ?

NB: This is the old version of the middleware there is a complete rewrite in trunk/

edit flag offensive delete link more
0

answered 2011-11-23 12:01:27 -0600

change admin_token to keystone_admin_token

edit flag offensive delete link more
0

answered 2011-11-23 11:58:34 -0600

foexle gravatar image

curl -k -v -H 'X-Auth-Token:30abaeac-b8dc-46f9-9aa1-db146c513099' http://192.168.0.2:8080/v1/ * About to connect() to 192.168.0.2 port 8080 (#0) * Trying 192.168.0.2... connected * Connected to 192.168.0.2 (192.168.0.2) port 8080 (#0)

GET /v1/ HTTP/1.1 User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15 Host: 192.168.0.2:8080 Accept: / X-Auth-Token:30abaeac-b8dc-46f9-9aa1-db146c513099

< HTTP/1.1 412 Precondition Failed < Content-Type: text/html; charset=UTF-8 < Content-Length: 7 < X-Trans-Id: txd805d5de071b4651ad5d7205d4856e97 < Date: Wed, 23 Nov 2011 11:57:03 GMT < * Connection #0 to host 192.168.0.2 left intact * Closing connection #0

ok i think the attribute name of admin_token was changed to keystone_admin_token

but now i get

curl -k -v -H 'X-Auth-Token:30abaeac-b8dc-46f9-9aa1-db146c513099' http://192.168.0.2:8080/v1/ * About to connect() to 192.168.0.2 port 8080 (#0) * Trying 192.168.0.2... connected * Connected to 192.168.0.2 (192.168.0.2) port 8080 (#0)

GET /v1/ HTTP/1.1 User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15 Host: 192.168.0.2:8080 Accept: / X-Auth-Token:30abaeac-b8dc-46f9-9aa1-db146c513099

< HTTP/1.1 412 Precondition Failed < Content-Type: text/html; charset=UTF-8 < Content-Length: 7 < X-Trans-Id: txd805d5de071b4651ad5d7205d4856e97 < Date: Wed, 23 Nov 2011 11:57:03 GMT < * Connection #0 to host 192.168.0.2 left intact * Closing connection #0

412 :)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2011-11-23 10:29:14 -0600

Seen: 587 times

Last updated: Feb 24 '12