Ask Your Question
0

Curl + Swift + Keystone

asked 2011-11-23 10:29:14 -0600

foexle gravatar image

Heyho guys,

so i'm verry confused about how to use swift + keystone.

My swift config: [pipeline:main] pipeline = healthcheck cache keystone proxy-server

[filter:keystone] use = egg:keystone#swiftauth admin_token = 1111222233334444 keystone_url= http://127.0.0.1:5001/v2.0

Keystone and Swift are running correctly. Now i try to get all informations with curl (Username/PW) to Keystone URL

curl -d '{"auth": {"passwordCredentials": {"username": "testuser", "password": "testing"}}}' -H "Content-type: application/json" http://192.168.0.2:5000/v2.0/tokens

and i get the output: {"access": {"token": {"expires": "2011-11-23T15:36:14", "id": "30abaeac-b8dc-46f9-9aa1-db146c513099", "tenant": {"id": "7", "name": "testing"}}, "serviceCatalog": [{"endpoints": [{"adminURL": "http://192.168.0.2:8774/v1.1/7", "region": "RegionOne", "internalURL": "http://192.168.0.2:8774/v1.1/7", "publicURL": "http://192.168.0.2:8774/v1.1/7"}], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://192.168.0.2:9292/v1.0", "region": "RegionOne", "internalURL": "http://192.168.0.2:9292/v1.0/", "publicURL": "http://192.168.0.2:9292/v1.0"}], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://192.168.0.2:8080/", "region": "RegionOne", "internalURL": "http://192.168.0.2:8080/v1/AUTH_7", "publicURL": "http://78.109.54.196:8080/v1/AUTH_7"}], "type": "object-store", "name": "swift"}, {"endpoints": [{"adminURL": "http://192.168.0.2:5001/v2.0", "region": "RegionOne", "internalURL": "http://192.168.0.2:5001/v2.0", "publicURL": "http://192.168.0.2:5000/v2.0"}], "type": "identity", "name": "keystone"}, {"endpoints": [{"adminURL": "http://192.168.0.2:8774/v1.0", "region": "RegionOne", "internalURL": "http://192.168.0.2:8774/v1.0", "publicURL": "http://192.168.0.2:8774/v1.0"}], "type": "compute", "name": "Nova_compat"}], "user": {"id": "8", "roles": [{"tenantId": "7", "id": "5", "name": "Admin"}], "name": "testuser"}}}

So it looks good.

If i try now

curl -v -H 'X-Auth-Token: 30abaeac-b8dc-46f9-9aa1-db146c513099' http://192.168.0.2:8080/v1

or

curl -v -H 'X-Auth-Token: 30abaeac-b8dc-46f9-9aa1-db146c513099' http://192.168.0.2:8080/v1/AUTH_7

i get every time 401!!

Now i looked in the Keystone log and found this:

http://pastebin.com/T139FdrD

but the token are correct:

******** 2. row ******** id: 30abaeac-b8dc-46f9-9aa1-db146c513099 user_id: 8 tenant_id: 7 expires: 2011-11-23 15:36:14 2 rows in set (0.00 sec)

Do any knows whats wrong? My endpoint_templates should be correct. I've checked this many times.

greetings Heiko

edit retag flag offensive close merge delete

16 answers

Sort by ยป oldest newest most voted
0

answered 2011-11-23 11:52:46 -0600

foexle gravatar image

Nov 23 12:50:58 test1-os swift Keystone middleware called (txn: txd3e1f3f92ad34b1897cf64e17a846978)

Nov 23 12:50:58 test1-os swift token: 30abaeac-b8dc-46f9-9aa1-db146c513099 (txn: txd3e1f3f92ad34b1897cf64e17a846978)

Nov 23 12:50:58 test1-os swift Asking keystone to validate token (txn: txd3e1f3f92ad34b1897cf64e17a846978)

Nov 23 12:50:58 test1-os swift headers: {'Content-type': 'application/json', 'Accept': 'text/json', 'X-Auth-Token': None} (txn: txd3e1f3f92ad34b1897cf64e17a846978)

Nov 23 12:50:58 test1-os swift url: ParseResult(scheme='http', netloc='127.0.0.1:5001', path='/v2.0', params='', query='', fragment='') (txn: txd3e1f3f92ad34b1897cf64e17a846978)

it looks that swift dont have the admin token ? swift headers: {'Content-type': 'application/json', 'Accept': 'text/json', 'X-Auth-Token': None

hmmm but it is set in the config

edit flag offensive delete link more
0

answered 2011-11-23 11:18:30 -0600

Which version of keysone/swift are you using?

edit flag offensive delete link more
0

answered 2011-11-23 11:29:54 -0600

foexle gravatar image

hiho chmouel,

Swift: Version: 1.4.5~20111117.1632-0ubuntu0ppa1~lucid1

Keystone: Version was a stable from Razique. If i try with --version i get a hex, but i see the last file change was 2011-11-08. I hope this helps.

Greetings

edit flag offensive delete link more
0

answered 2011-11-23 11:32:47 -0600

Nice, in which roles your user is in (in keystone).

edit flag offensive delete link more
0

answered 2011-11-23 11:40:47 -0600

foexle gravatar image

Roles:

mysql> select * from roles; +----+----------------------+------+------------+ | id | name | desc | service_id | +----+----------------------+------+------------+ | 5 | Admin | NULL | 11 | | 6 | KeystoneServiceAdmin | NULL | 11 | | 7 | KeystoneAdmin | NULL | 11 | | 12 | netadmin | NULL | NULL | | 10 | User | NULL | NULL | | 13 | sysadmin | NULL | 8 | | 15 | Member | NULL | 11 |

user_roles; ******** 5. row ******* id: 22 user_id: 8 role_id: 5 tenant_id: 7 ******* 6. row ******** id: 23 user_id: 8 role_id: 15 tenant_id: NULL

So Admin and Member, but i would prefere this user have no admin rights ... but i dont know if it works

edit flag offensive delete link more
0

answered 2011-11-23 11:44:59 -0600

Can you add the catch_errors middleware like this :

https://review.openstack.org/#patch,u...

edit flag offensive delete link more
0

answered 2011-11-23 11:45:47 -0600

restart proxy and look over your /var/log/messages (depend of your distro) when doing that same curl requests.

edit flag offensive delete link more
0

answered 2011-11-23 11:58:34 -0600

foexle gravatar image

curl -k -v -H 'X-Auth-Token:30abaeac-b8dc-46f9-9aa1-db146c513099' http://192.168.0.2:8080/v1/ * About to connect() to 192.168.0.2 port 8080 (#0) * Trying 192.168.0.2... connected * Connected to 192.168.0.2 (192.168.0.2) port 8080 (#0)

GET /v1/ HTTP/1.1 User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15 Host: 192.168.0.2:8080 Accept: / X-Auth-Token:30abaeac-b8dc-46f9-9aa1-db146c513099

< HTTP/1.1 412 Precondition Failed < Content-Type: text/html; charset=UTF-8 < Content-Length: 7 < X-Trans-Id: txd805d5de071b4651ad5d7205d4856e97 < Date: Wed, 23 Nov 2011 11:57:03 GMT < * Connection #0 to host 192.168.0.2 left intact * Closing connection #0

ok i think the attribute name of admin_token was changed to keystone_admin_token

but now i get

curl -k -v -H 'X-Auth-Token:30abaeac-b8dc-46f9-9aa1-db146c513099' http://192.168.0.2:8080/v1/ * About to connect() to 192.168.0.2 port 8080 (#0) * Trying 192.168.0.2... connected * Connected to 192.168.0.2 (192.168.0.2) port 8080 (#0)

GET /v1/ HTTP/1.1 User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15 Host: 192.168.0.2:8080 Accept: / X-Auth-Token:30abaeac-b8dc-46f9-9aa1-db146c513099

< HTTP/1.1 412 Precondition Failed < Content-Type: text/html; charset=UTF-8 < Content-Length: 7 < X-Trans-Id: txd805d5de071b4651ad5d7205d4856e97 < Date: Wed, 23 Nov 2011 11:57:03 GMT < * Connection #0 to host 192.168.0.2 left intact * Closing connection #0

412 :)

edit flag offensive delete link more
0

answered 2011-11-23 12:01:27 -0600

change admin_token to keystone_admin_token

edit flag offensive delete link more
0

answered 2011-11-23 12:05:26 -0600

Do you have anything in the logs ?

NB: This is the old version of the middleware there is a complete rewrite in trunk/

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2011-11-23 10:29:14 -0600

Seen: 587 times

Last updated: Feb 24 '12