Ask Your Question
0

403 Refused when testing account creation in Openstack Swift

asked 2011-10-25 16:15:47 -0500

alexander-a-paschenko gravatar image

Hi all. The story is as follows: I have created a tiny (one-node in fact :) ) cluster accordingly to multinode Ubuntu instructions: http://swift.openstack.org/howto_installmultinode.html (http://swift.openstack.org/howto_inst...)

I have the latest CentOS and swift-1.4.3 installed from RHEL RPMs taken from griddynamics repo (openstack-swift-1.4.3-20110915.1582.el6.noarch.rpm and so on). I made no changes in configuration except creating 3 zones (one per disk partition :) ) and tuning the rings accordingly. There are no complaints in syslog about that part, replication works just fine when the server is running. Thus, access credentials (default admin username and password) are the same as in the manual, and I'm using tempauth. User swift:swift is the owner of the /etc/swift directory as well as /srv/node directory and its contents which is mount points for my partitions.

I have made it to the point "Create Swift admin account and test", step 2 - I can obtain security tokens and storage URL, and the token is stored in memcached successfully. But the problem is that when I do

swift -A https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0 -U system:root -K testpass stat

I get this:

Account HEAD failed: https://192.168.9.20:8080/v1/AUTH_system 403 Forbidden

The same goes for trying to retrieve retrieved X-Storage-Url via cURL directly (the key is stored in memcache, as I mentioned above):

[root@nova1]# curl -k -v -H 'X-Auth-Token: AUTH_tk78ed9d8158534036ac1591b2a13ac36e' https://192.168.9.20:8080/v1/AUTH_system

  • About to connect() to 192.168.9.20 port 8080 (#0)
  • Trying 192.168.9.20... connected
  • Connected to 192.168.9.20 (192.168.9.20) port 8080 (#0)
  • Initializing NSS with certpath: /etc/pki/nssdb
  • warning: ignoring unsupported value (1) of ssl.verifyhost
  • CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none
  • Certificate is signed by an untrusted issuer: '(my cert data goes here...)'
  • SSL certificate verify ok.
  • SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA
  • Server certificate: (my cert data goes here...)

    GET /v1/AUTH_system HTTP/1.1 User-Agent: curl/7.19.7 (x86_64-unknown-linux-gnu) libcurl/7.19.7 NSS/3.12.6.2 zlib/1.2.3 libidn/1.18 libssh2/1.2.2 Host: 192.168.9.20:8080 Accept: / X-Auth-Token: AUTH_tk78ed9d8158534036ac1591b2a13ac36e

    < HTTP/1.1 403 Forbidden < Content-Length: 157 < Content-Type: text/html; charset=UTF-8 < Date: Tue, 25 Oct 2011 16:00:24 GMT < <html> <head> <title>403 Forbidden</title> </head> <body>

    403 Forbidden

    Access was denied to this resource.

    </body>

  • Connection #0 to host 192.168.9.20 left intact
  • Closing connection #0 </html>

And syslog (/var/log/messages) has a little to no information about the problem :(

nova1 proxy-server 192.168.9.20 192.168.9.20 25/Oct/2011/16/10/37 GET /v1/AUTH_system HTTP/1.0 403 - curl/7.19.7%20%28x86_64-unknown-linux-gnu%29%20libcurl/7.19.7%20NSS/3.12.6.2%20zlib/1.2.3%20libidn/1.18%20libssh2/1.2.2 system%2CAUTH_tk78ed9d8158534036ac1591b2a13ac36e - - - - - 0.0004

I hope someone here will be able to ... (more)

edit retag flag offensive close merge delete

Comments

Hi, did you ever figure out a solution to this? I'm stuck at the same point

Clayton gravatar imageClayton ( 2014-10-22 13:18:44 -0500 )edit

2 answers

Sort by ยป oldest newest most voted
0

answered 2011-10-28 15:56:15 -0500

btorch gravatar image

Please provide your proxy-server configuration

edit flag offensive delete link more
0

answered 2011-11-11 15:54:51 -0500

notmyname gravatar image

in tempauth, if you have the same auth user (the "system" part), you need to ensure that the swift account matches (the AUTH_system part).

edit flag offensive delete link more

Comments

Hi there, could you clarify by what you mean when you say "same auth user". I'm essentially stuck at the same point with account test, user tester, password testing

Clayton gravatar imageClayton ( 2014-10-22 13:19:22 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2011-10-25 16:15:47 -0500

Seen: 542 times

Last updated: Nov 11 '11