Swift Keystone Authentication Fails

asked 2013-06-24 13:13:23 -0600

vmtrooper gravatar image

Hello Team,

I am unable to login to Swift using the Keystone integration. Here is sample output when I try to get swift status:

vagrant@swift:~$ swift -A http://172.16.0.201:5000/v2.0 -U service:swift -K swift stat Auth GET failed: http://172.16.0.201:5000/v2.0 200 OK

I tried adding TempAuth entries to the Proxy config as well, but that is not working for me either. Please see my Proxy Config file contents below:

172.16.0.203 is my Swift Server 172.16.0.201 is my Controller Node, which runs Keystone

[DEFAULT] bind_port = 443 cert_file = /etc/swift/cert.crt key_file = /etc/swift/cert.key user = swift log_facility = LOG_LOCAL1

[pipeline:main] pipeline = catch_errors healthcheck cache authtoken keystoneauth proxy-server

[app:proxy-server] use = egg:swift#proxy account_autocreate = true allow_account_management = true

[filter:tempauth] use = egg:swift#tempauth user_admin_admin = admin .admin .rseller_admin

[filter:healthcheck] use = egg:swift#healthcheck

[filter:cache] use = egg:swift#memcache

[filter:keystone] paste.filter_factory = keystoneclient.middleware.swift_auth:filter_factory operator_roles = Member,admin

[filter:authtoken] paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory service_port = 5000 service_host = 172.16.0.201 auth_port = 35357 auth_host = 172.16.0.201 auth_protocol = http auth_token = ADMIN admin_token = ADMIN admin_tenant_name = service admin_user = swift admin_password = swift cache = swift.cache

[filter:catch_errors] use = egg:swift#catch_errors

[filter:swift3] use = egg:swift#swift3

[filter:keystoneauth] use = egg:swift#keystoneauth operator_roles = admin, swiftoperator

[filter:swiftauth] use = egg:keystone#swiftauth keystone_url = http://172.16.0.201:5000/v2.0 keystone_admin_token = 999888777666 keystone_swift_operator_roles = Admin, SwiftOperator keystone_tenant_user_admin = true

[filter:tokenauth] paste.filter_factory = keystone.middleware.auth_token:filter_factory auth_protocol = http auth_host = 172.16.0.201 auth_port = 35357 auth_uri = http://172.16.0.201:5000/ admin_token = 999888777666 delay_auth_decision = 0 memecache_host = 172.16.0.203:11211

The keystone endpoint was successfully created: +----------------------------------+-----------+------------------------------------------------+------------------------------------------------+-------------------------------------------+----------------------------------+ | id | region | publicurl | internalurl | adminurl | service_id | +----------------------------------+-----------+------------------------------------------------+------------------------------------------------+-------------------------------------------+----------------------------------+ | 3bb430404e1f4da0a8f22fdfa8b906a2 | RegionOne | http://172.16.0.201:8773/services/Cloud | http://172.16.0.201:8773/services/Cloud | http://172.16.0.201:8773/services/Admin | fcfddafdc36b4708a3bfddd39cd5bd57 | | 6cc1aedc3e154344922b34100a0a5c95 | RegionOne | https://172.16.0.203:443/v1/AUTH_$(tenant_id)s (https://172.16.0.203:443/v1/AUTH_$(te...) | https://172.16.0.203:443/v1/AUTH_$(tenant_id)s (https://172.16.0.203:443/v1/AUTH_$(te...) | https://172.16.0.203:443/v1 | 0c342438b82a461f98494ef7f7d3abb7 | | 78fda6ce75034e8b821aadaef72b3a8b | RegionOne | http://172.16.0.201:8776/v1/%25(tenant_id)s (http://172.16.0.201:8776/v1/%(tenant_...) | http://172.16.0.201:8776/v1/%25(tenant_id)s (http://172.16.0.201:8776/v1/%(tenant_...) | http://172.16.0.201:8776/v1/%25(tenant_id)s (http://172.16.0.201:8776/v1/%(tenant_...) | 2410a1924e764513805b9d6f62639226 | | 9bf69ed68d404a959521f1099e0aae5b | RegionOne | http://172.16.0.201:5000/v2.0 | http://172.16.0.201:5000/v2.0 | http://172.16.0.201:35357/v2.0 | 839a2b67a6f1450fa8666507e49476d3 | | b4d2945af5d24e50aae51c935452f36d | RegionOne | http://172.16.0.201:9292/v1 | http://172.16.0.201:9292/v1 | http://172.16.0.201:9292/v1 | 3a172fa1190a40ddb8bedafdffc26e08 | | e5e3664088be4295942bce38e611f420 | RegionOne | http://172.16.0.201:8774/v2/$(tenant_id)s (http://172.16.0.201:8774/v2/$(tenant_...) | http://172 ... (more)

edit retag flag offensive close merge delete

12 answers

Sort by ยป oldest newest most voted
0

answered 2013-06-24 17:52:52 -0600

vmtrooper gravatar image

Thanks Ken! I will upload the log file as soon as I am back in front of the server.

Just to confirm, I should forward the contents of /var/log/keystone? Are there any other logs that would be beneficial?

Also, how should I enable detailed debugging? I tried looking at the log file, and I didn't see much detail there.

edit flag offensive delete link more
0

answered 2013-06-24 17:01:49 -0600

Could you show your keystone log here? Your current config seems correct. Watching keystone's log could be more helpful

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2013-06-24 13:13:23 -0600

Seen: 448 times

Last updated: Jun 26 '13