Ask Your Question
0

Swift Keystone Authentication Fails

asked 2013-06-24 13:13:23 -0500

vmtrooper gravatar image

Hello Team,

I am unable to login to Swift using the Keystone integration. Here is sample output when I try to get swift status:

vagrant@swift:~$ swift -A http://172.16.0.201:5000/v2.0 -U service:swift -K swift stat Auth GET failed: http://172.16.0.201:5000/v2.0 200 OK

I tried adding TempAuth entries to the Proxy config as well, but that is not working for me either. Please see my Proxy Config file contents below:

172.16.0.203 is my Swift Server 172.16.0.201 is my Controller Node, which runs Keystone

[DEFAULT] bind_port = 443 cert_file = /etc/swift/cert.crt key_file = /etc/swift/cert.key user = swift log_facility = LOG_LOCAL1

[pipeline:main] pipeline = catch_errors healthcheck cache authtoken keystoneauth proxy-server

[app:proxy-server] use = egg:swift#proxy account_autocreate = true allow_account_management = true

[filter:tempauth] use = egg:swift#tempauth user_admin_admin = admin .admin .rseller_admin

[filter:healthcheck] use = egg:swift#healthcheck

[filter:cache] use = egg:swift#memcache

[filter:keystone] paste.filter_factory = keystoneclient.middleware.swift_auth:filter_factory operator_roles = Member,admin

[filter:authtoken] paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory service_port = 5000 service_host = 172.16.0.201 auth_port = 35357 auth_host = 172.16.0.201 auth_protocol = http auth_token = ADMIN admin_token = ADMIN admin_tenant_name = service admin_user = swift admin_password = swift cache = swift.cache

[filter:catch_errors] use = egg:swift#catch_errors

[filter:swift3] use = egg:swift#swift3

[filter:keystoneauth] use = egg:swift#keystoneauth operator_roles = admin, swiftoperator

[filter:swiftauth] use = egg:keystone#swiftauth keystone_url = http://172.16.0.201:5000/v2.0 keystone_admin_token = 999888777666 keystone_swift_operator_roles = Admin, SwiftOperator keystone_tenant_user_admin = true

[filter:tokenauth] paste.filter_factory = keystone.middleware.auth_token:filter_factory auth_protocol = http auth_host = 172.16.0.201 auth_port = 35357 auth_uri = http://172.16.0.201:5000/ admin_token = 999888777666 delay_auth_decision = 0 memecache_host = 172.16.0.203:11211

The keystone endpoint was successfully created: +----------------------------------+-----------+------------------------------------------------+------------------------------------------------+-------------------------------------------+----------------------------------+ | id | region | publicurl | internalurl | adminurl | service_id | +----------------------------------+-----------+------------------------------------------------+------------------------------------------------+-------------------------------------------+----------------------------------+ | 3bb430404e1f4da0a8f22fdfa8b906a2 | RegionOne | http://172.16.0.201:8773/services/Cloud | http://172.16.0.201:8773/services/Cloud | http://172.16.0.201:8773/services/Admin | fcfddafdc36b4708a3bfddd39cd5bd57 | | 6cc1aedc3e154344922b34100a0a5c95 | RegionOne | https://172.16.0.203:443/v1/AUTH_$(tenant_id)s (https://172.16.0.203:443/v1/AUTH_$(te...) | https://172.16.0.203:443/v1/AUTH_$(tenant_id)s (https://172.16.0.203:443/v1/AUTH_$(te...) | https://172.16.0.203:443/v1 | 0c342438b82a461f98494ef7f7d3abb7 | | 78fda6ce75034e8b821aadaef72b3a8b | RegionOne | http://172.16.0.201:8776/v1/%25(tenant_id)s (http://172.16.0.201:8776/v1/%(tenant_...) | http://172.16.0.201:8776/v1/%25(tenant_id)s (http://172.16.0.201:8776/v1/%(tenant_...) | http://172.16.0.201:8776/v1/%25(tenant_id)s (http://172.16.0.201:8776/v1/%(tenant_...) | 2410a1924e764513805b9d6f62639226 | | 9bf69ed68d404a959521f1099e0aae5b | RegionOne | http://172.16.0.201:5000/v2.0 | http://172.16.0.201:5000/v2.0 | http://172.16.0.201:35357/v2.0 | 839a2b67a6f1450fa8666507e49476d3 | | b4d2945af5d24e50aae51c935452f36d | RegionOne | http://172.16.0.201:9292/v1 | http://172.16.0.201:9292/v1 | http://172.16.0.201:9292/v1 | 3a172fa1190a40ddb8bedafdffc26e08 | | e5e3664088be4295942bce38e611f420 | RegionOne | http://172.16.0.201:8774/v2/$(tenant_id)s (http://172.16.0.201:8774/v2/$(tenant_...) | http://172 ... (more)

edit retag flag offensive close merge delete

12 answers

Sort by » oldest newest most voted
0

answered 2016-01-27 05:39:52 -0500

chansonzhang gravatar image

i met the same problem with you, if you have soved this question, can you tell me your solution, thank you very much!

edit flag offensive delete link more
0

answered 2013-06-25 12:34:51 -0500

vmtrooper gravatar image

I'm using Ubuntu 12.04, by the way

edit flag offensive delete link more
0

answered 2013-06-25 02:35:05 -0500

Just setting log level to DEBUG is ok for watching details.

If you're not familiar with keystone log, you could just post a link here.

edit flag offensive delete link more
0

answered 2013-06-26 14:57:48 -0500

vmtrooper gravatar image

Kun,

You are the man! "-V 2" solved my problem!!!

Thank you, Mr. Swift, for taking the time to help out the newbie!

-Trevor

edit flag offensive delete link more
0

answered 2013-06-26 02:04:43 -0500

Let's fix things one by one. 1. using apt-get is ok 2. use this: swift -V 2 -A http://172.16.0.201:5000/v2.0 -U service:swift -K swift stat (add the '-V 2')

edit flag offensive delete link more
0

answered 2013-06-24 17:01:49 -0500

Could you show your keystone log here? Your current config seems correct. Watching keystone's log could be more helpful

edit flag offensive delete link more
0

answered 2013-06-24 17:52:52 -0500

vmtrooper gravatar image

Thanks Ken! I will upload the log file as soon as I am back in front of the server.

Just to confirm, I should forward the contents of /var/log/keystone? Are there any other logs that would be beneficial?

Also, how should I enable detailed debugging? I tried looking at the log file, and I didn't see much detail there.

edit flag offensive delete link more
0

answered 2013-06-25 05:39:38 -0500

vmtrooper gravatar image

Here is the output with debug and verbose enabled in keystone.conf:

2013-06-24 22:32:27 DEBUG [keystone-all] ************************* 2013-06-24 22:32:27 DEBUG [keystone-all] Configuration options gathered from: 2013-06-24 22:32:27 DEBUG [keystone-all] command line args: [] 2013-06-24 22:32:27 DEBUG [keystone-all] config files: ['/etc/keystone/keystone.conf'] 2013-06-24 22:32:27 DEBUG [keystone-all] ================================================================================ 2013-06-24 22:32:27 DEBUG [keystone-all] admin_endpoint = http://localhost:%25(admin_port)d/ (http://localhost:%(admin_port)d/) 2013-06-24 22:32:27 DEBUG [keystone-all] admin_port = 35357 2013-06-24 22:32:27 DEBUG [keystone-all] admin_token = 2013-06-24 22:32:27 DEBUG [keystone-all] auth_admin_prefix = 2013-06-24 22:32:27 DEBUG [keystone-all] bind_host = 0.0.0.0 2013-06-24 22:32:27 DEBUG [keystone-all] compute_port = 8774 2013-06-24 22:32:27 DEBUG [keystone-all] config_dir = None 2013-06-24 22:32:27 DEBUG [keystone-all] config_file = ['/etc/keystone/keystone.conf'] 2013-06-24 22:32:27 DEBUG [keystone-all] crypt_strength = 40000 2013-06-24 22:32:27 DEBUG [keystone-all] debug = True 2013-06-24 22:32:27 DEBUG [keystone-all] log_config = None 2013-06-24 22:32:27 DEBUG [keystone-all] log_date_format = %Y-%m-%d %H:%M:%S 2013-06-24 22:32:27 DEBUG [keystone-all] log_dir = /var/log/keystone 2013-06-24 22:32:27 DEBUG [keystone-all] log_file = keystone.log 2013-06-24 22:32:27 DEBUG [keystone-all] log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s 2013-06-24 22:32:27 DEBUG [keystone-all] max_param_size = 64 2013-06-24 22:32:27 DEBUG [keystone-all] max_request_body_size = 114688 2013-06-24 22:32:27 DEBUG [keystone-all] max_token_size = 8192 2013-06-24 22:32:27 DEBUG [keystone-all] member_role_id = 9fe2ff9ee4384b1894a90878d3e92bab 2013-06-24 22:32:27 DEBUG [keystone-all] member_role_name = _member_ 2013-06-24 22:32:27 DEBUG [keystone-all] onready = None 2013-06-24 22:32:27 DEBUG [keystone-all] policy_default_rule = None 2013-06-24 22:32:27 DEBUG [keystone-all] policy_file = policy.json 2013-06-24 22:32:27 DEBUG [keystone-all] public_endpoint = http://localhost:%25(public_port)d/ (http://localhost:%(public_port)d/) 2013-06-24 22:32:27 DEBUG [keystone-all] public_port = 5000 2013-06-24 22:32:27 DEBUG [keystone-all] pydev_debug_host = None 2013-06-24 22:32:27 DEBUG [keystone-all] pydev_debug_port = None 2013-06-24 22:32:27 DEBUG [keystone-all] standard_threads = False 2013-06-24 22:32:27 DEBUG [keystone-all] syslog_log_facility = LOG_USER 2013-06-24 22:32:27 DEBUG [keystone-all] use_syslog = False 2013-06-24 22:32:27 DEBUG [keystone-all] verbose = True 2013-06-24 22:32:27 DEBUG [keystone-all] signing.ca_certs = /etc/keystone/ssl/certs/ca.pem 2013-06-24 22:32:27 DEBUG [keystone-all] signing.ca_password = None 2013-06-24 22:32:27 DEBUG [keystone-all] signing.certfile = /etc/keystone/ssl/certs/signing_cert.pem 2013-06-24 22:32:27 DEBUG [keystone-all] signing.key_size = 1024 2013-06-24 22:32:27 DEBUG [keystone-all] signing.keyfile = /etc/keystone/ssl/private/signing_key.pem 2013-06-24 22:32:27 DEBUG [keystone-all] signing.token_format = PKI 2013-06-24 22:32:27 DEBUG [keystone-all] signing.valid_days = 3650 2013-06-24 22:32:27 DEBUG [keystone-all] stats.driver = keystone.contrib.stats.backends.kvs.Stats 2013-06-24 22:32:27 DEBUG [keystone-all] ldap.alias_dereferencing = default 2013-06-24 22:32:27 DEBUG [keystone-all] ldap.allow_subtree_delete = False 2013-06-24 22:32:27 DEBUG [keystone-all] ldap.domain_allow_create = True 2013-06-24 22:32:27 DEBUG [keystone-all] ldap.domain_allow_delete = True 2013-06-24 22:32:27 DEBUG [keystone-all] ldap.domain_allow_update = True 2013-06-24 22:32:27 DEBUG [keystone-all] ldap.domain_attribute_ignore = 2013-06-24 22:32:27 DEBUG [keystone-all] ldap.domain_desc_attribute = description 2013-06-24 22:32:27 DEBUG [keystone-all] ldap ... (more)

edit flag offensive delete link more
0

answered 2013-06-25 06:02:15 -0500

vmtrooper gravatar image

by the way, the output above is generated when executing the following command: vagrant@swift:/etc/swift$ swift -A http://172.16.0.201:5000/v2.0 -U service:swift -K swift stat Auth GET failed: http://172.16.0.201:5000/v2.0 200 OK

I tried https instead of http at the command line URL, and got the following error below: vagrant@swift:/etc/swift$ swift -A https://172.16.0.201:5000/v2.0 -U service:swift -K swift stat [Errno 1] _ssl.c:504: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol Also the output in keystone.log from that command was 2013-06-24 22:41:21 DEBUG [eventlet.wsgi.server] (1939) accepted ('172.16.0.203', 45859)

2013-06-24 22:41:27 DEBUG [eventlet.wsgi.server] (1939) accepted ('172.16.0.203', 45860)

2013-06-24 22:41:29 DEBUG [eventlet.wsgi.server] (1939) accepted ('172.16.0.203', 45861)

2013-06-24 22:41:33 DEBUG [eventlet.wsgi.server] (1939) accepted ('172.16.0.203', 45862)

2013-06-24 22:41:46 DEBUG [eventlet.wsgi.server] (1939) accepted ('172.16.0.203', 45863)

2013-06-24 22:42:07 DEBUG [eventlet.wsgi.server] (1939) accepted ('172.16.0.203', 45864)

edit flag offensive delete link more
0

answered 2013-06-25 09:14:36 -0500

I‘m trying this, and find some similar problems. What's your swift log of that command? And you use the current codes on master branch?

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2013-06-24 13:13:23 -0500

Seen: 288 times

Last updated: Jun 26 '13