403 Refused when testing account creation in Openstack Swift

asked 2011-10-25 16:15:47 -0600

alexander-a-paschenko gravatar image

Hi all. The story is as follows: I have created a tiny (one-node in fact :) ) cluster accordingly to multinode Ubuntu instructions: http://swift.openstack.org/howto_installmultinode.html (http://swift.openstack.org/howto_inst...)

I have the latest CentOS and swift-1.4.3 installed from RHEL RPMs taken from griddynamics repo (openstack-swift-1.4.3-20110915.1582.el6.noarch.rpm and so on). I made no changes in configuration except creating 3 zones (one per disk partition :) ) and tuning the rings accordingly. There are no complaints in syslog about that part, replication works just fine when the server is running. Thus, access credentials (default admin username and password) are the same as in the manual, and I'm using tempauth. User swift:swift is the owner of the /etc/swift directory as well as /srv/node directory and its contents which is mount points for my partitions.

I have made it to the point "Create Swift admin account and test", step 2 - I can obtain security tokens and storage URL, and the token is stored in memcached successfully. But the problem is that when I do

swift -A https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0 -U system:root -K testpass stat

I get this:

Account HEAD failed: 403 Forbidden

The same goes for trying to retrieve retrieved X-Storage-Url via cURL directly (the key is stored in memcache, as I mentioned above):

[root@nova1]# curl -k -v -H 'X-Auth-Token: AUTH_tk78ed9d8158534036ac1591b2a13ac36e'

  • About to connect() to port 8080 (#0)
  • Trying connected
  • Connected to ( port 8080 (#0)
  • Initializing NSS with certpath: /etc/pki/nssdb
  • warning: ignoring unsupported value (1) of ssl.verifyhost
  • CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none
  • Certificate is signed by an untrusted issuer: '(my cert data goes here...)'
  • SSL certificate verify ok.
  • SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA
  • Server certificate: (my cert data goes here...)

    GET /v1/AUTH_system HTTP/1.1 User-Agent: curl/7.19.7 (x86_64-unknown-linux-gnu) libcurl/7.19.7 NSS/ zlib/1.2.3 libidn/1.18 libssh2/1.2.2 Host: Accept: / X-Auth-Token: AUTH_tk78ed9d8158534036ac1591b2a13ac36e

    < HTTP/1.1 403 Forbidden < Content-Length: 157 < Content-Type: text/html; charset=UTF-8 < Date: Tue, 25 Oct 2011 16:00:24 GMT < <html> <head> <title>403 Forbidden</title> </head> <body>

    403 Forbidden

    Access was denied to this resource.


  • Connection #0 to host left intact
  • Closing connection #0 </html>

And syslog (/var/log/messages) has a little to no information about the problem :(

nova1 proxy-server 25/Oct/2011/16/10/37 GET /v1/AUTH_system HTTP/1.0 403 - curl/7.19.7%20%28x86_64-unknown-linux-gnu%29%20libcurl/7.19.7%20NSS/ system%2CAUTH_tk78ed9d8158534036ac1591b2a13ac36e - - - - - 0.0004

I hope someone here will be able to ... (more)

edit retag flag offensive close merge delete


Hi, did you ever figure out a solution to this? I'm stuck at the same point

Clayton gravatar imageClayton ( 2014-10-22 13:18:44 -0600 )edit

2 answers

Sort by ยป oldest newest most voted

answered 2011-10-28 15:56:15 -0600

btorch gravatar image

Please provide your proxy-server configuration

edit flag offensive delete link more

answered 2011-11-11 15:54:51 -0600

notmyname gravatar image

in tempauth, if you have the same auth user (the "system" part), you need to ensure that the swift account matches (the AUTH_system part).

edit flag offensive delete link more


Hi there, could you clarify by what you mean when you say "same auth user". I'm essentially stuck at the same point with account test, user tester, password testing

Clayton gravatar imageClayton ( 2014-10-22 13:19:22 -0600 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2011-10-25 16:15:47 -0600

Seen: 686 times

Last updated: Nov 11 '11