Swift Keystone Authentication Fails

asked 2013-06-24 13:13:23 -0600

vmtrooper gravatar image

Hello Team,

I am unable to login to Swift using the Keystone integration. Here is sample output when I try to get swift status:

vagrant@swift:~$ swift -A http://172.16.0.201:5000/v2.0 -U service:swift -K swift stat Auth GET failed: http://172.16.0.201:5000/v2.0 200 OK

I tried adding TempAuth entries to the Proxy config as well, but that is not working for me either. Please see my Proxy Config file contents below:

172.16.0.203 is my Swift Server 172.16.0.201 is my Controller Node, which runs Keystone

[DEFAULT] bind_port = 443 cert_file = /etc/swift/cert.crt key_file = /etc/swift/cert.key user = swift log_facility = LOG_LOCAL1

[pipeline:main] pipeline = catch_errors healthcheck cache authtoken keystoneauth proxy-server

[app:proxy-server] use = egg:swift#proxy account_autocreate = true allow_account_management = true

[filter:tempauth] use = egg:swift#tempauth user_admin_admin = admin .admin .rseller_admin

[filter:healthcheck] use = egg:swift#healthcheck

[filter:cache] use = egg:swift#memcache

[filter:keystone] paste.filter_factory = keystoneclient.middleware.swift_auth:filter_factory operator_roles = Member,admin

[filter:authtoken] paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory service_port = 5000 service_host = 172.16.0.201 auth_port = 35357 auth_host = 172.16.0.201 auth_protocol = http auth_token = ADMIN admin_token = ADMIN admin_tenant_name = service admin_user = swift admin_password = swift cache = swift.cache

[filter:catch_errors] use = egg:swift#catch_errors

[filter:swift3] use = egg:swift#swift3

[filter:keystoneauth] use = egg:swift#keystoneauth operator_roles = admin, swiftoperator

[filter:swiftauth] use = egg:keystone#swiftauth keystone_url = http://172.16.0.201:5000/v2.0 keystone_admin_token = 999888777666 keystone_swift_operator_roles = Admin, SwiftOperator keystone_tenant_user_admin = true

[filter:tokenauth] paste.filter_factory = keystone.middleware.auth_token:filter_factory auth_protocol = http auth_host = 172.16.0.201 auth_port = 35357 auth_uri = http://172.16.0.201:5000/ admin_token = 999888777666 delay_auth_decision = 0 memecache_host = 172.16.0.203:11211

The keystone endpoint was successfully created: +----------------------------------+-----------+------------------------------------------------+------------------------------------------------+-------------------------------------------+----------------------------------+ | id | region | publicurl | internalurl | adminurl | service_id | +----------------------------------+-----------+------------------------------------------------+------------------------------------------------+-------------------------------------------+----------------------------------+ | 3bb430404e1f4da0a8f22fdfa8b906a2 | RegionOne | http://172.16.0.201:8773/services/Cloud | http://172.16.0.201:8773/services/Cloud | http://172.16.0.201:8773/services/Admin | fcfddafdc36b4708a3bfddd39cd5bd57 | | 6cc1aedc3e154344922b34100a0a5c95 | RegionOne | https://172.16.0.203:443/v1/AUTH_$(tenant_id)s (https://172.16.0.203:443/v1/AUTH_$(te...) | https://172.16.0.203:443/v1/AUTH_$(tenant_id)s (https://172.16.0.203:443/v1/AUTH_$(te...) | https://172.16.0.203:443/v1 | 0c342438b82a461f98494ef7f7d3abb7 | | 78fda6ce75034e8b821aadaef72b3a8b | RegionOne | http://172.16.0.201:8776/v1/%25(tenant_id)s (http://172.16.0.201:8776/v1/%(tenant_...) | http://172.16.0.201:8776/v1/%25(tenant_id)s (http://172.16.0.201:8776/v1/%(tenant_...) | http://172.16.0.201:8776/v1/%25(tenant_id)s (http://172.16.0.201:8776/v1/%(tenant_...) | 2410a1924e764513805b9d6f62639226 | | 9bf69ed68d404a959521f1099e0aae5b | RegionOne | http://172.16.0.201:5000/v2.0 | http://172.16.0.201:5000/v2.0 | http://172.16.0.201:35357/v2.0 | 839a2b67a6f1450fa8666507e49476d3 | | b4d2945af5d24e50aae51c935452f36d | RegionOne | http://172.16.0.201:9292/v1 | http://172.16.0.201:9292/v1 | http://172.16.0.201:9292/v1 | 3a172fa1190a40ddb8bedafdffc26e08 | | e5e3664088be4295942bce38e611f420 | RegionOne | http://172.16.0.201:8774/v2/$(tenant_id)s (http://172.16.0.201:8774/v2/$(tenant_...) | http://172 ... (more)

edit retag flag offensive close merge delete

12 answers

Sort by ยป oldest newest most voted
0

answered 2013-06-25 09:53:47 -0600

Some errors on your ports? You use 443 at 172.16.0.201 for swift, so your should have an endpoint like 172.16.0.201:443, but in your post, 172.16.0.203:443 is used. Have a check on this.

edit flag offensive delete link more
0

answered 2013-06-25 12:34:00 -0600

vmtrooper gravatar image

On the Swift node, here I was getting continuous output like the following in /var/log/syslog:

Jun 25 05:23:15 swift proxy-server Started child 27544 Jun 25 05:23:15 swift proxy-server Starting keystone auth_token middleware Jun 25 05:23:15 swift proxy-server Using /tmp/keystone-signing as cache directory for signing certificate Jun 25 05:23:15 swift proxy-server UNCAUGHT EXCEPTION#012Traceback (most recent call last):#012 File "/usr/bin/swift-proxy-server", line 22, in <module>#012 run_wsgi(conf_file, 'proxy-server', default_port=8080, *options)#012 File "/usr/lib/python2.7/dist-packages/swift/common/wsgi.py", line 187, in run_wsgi#012 run_server()#012 File "/usr/lib/python2.7/dist-packages/swift/common/wsgi.py", line 149, in run_server#012 global_conf={'log_name': log_name})#012 File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 247, in loadapp#012 return loadobj(APP, uri, name=name, *kw)#012 File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 272, in loadobj#012 return context.create()#012 File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 710, in create#012 return self.object_type.invoke(self)#012 File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 207, in invoke#012 app = filter(app)#012 File "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py", line 1153, in auth_filter#012 return AuthProtocol(app, conf)#012 File "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py", line 301, in __init__#012 self.signing_dirname)#012ConfigurationError: unable to access signing dir /tmp/keystone-signing Jun 25 05:23:15 swift proxy-server Removing dead child 27544

I updated proxy-server.conf to use a directory owned by swift user and updated the permissions accordingly. I am no longer getting dir access error. However, it still did not solve my swift command error.

I obtained my Swift installation by performing the following commands

  1. echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu (http://ubuntu-cloud.archive.canonical...) precise-proposed/grizzly main" | sudo tee /etc/apt/sources.list.d/folsom.list

  2. sudo apt-get -y install ubuntu-cloud-keyring

  3. sudo apt-get install -y swift swift-proxy swift-account swift-container swift-object memcached xfsprogs curl python-webob python-keystoneclient python-keystone

Is that the correct method to obtain the released versions of Grizzly binaries?

Regarding port errors, do you mean in the endpoint-list? I have all of my swift components including the swift proxy installed on 172.16.0.203. Shouldn't I specify the proxy IP when I create my endpoint? keystone is 172.16.0.201

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2013-06-24 13:13:23 -0600

Seen: 439 times

Last updated: Jun 26 '13