Ask Your Question
0

Getting s3 API to work

asked 2011-04-25 13:46:02 -0500

lgoikhburg gravatar image

Hello,

I'm trying to get Swift3 middleware to work and receive the following exception

glior@fubar:~/s3$ curl -D - -H 'Date: Mon, 25 Apr 2011 17:06:00 +0000' -H 'Authorization: AWS AKIAJIGCCZ3KCSNGLRYQ:YZ+HhhzFyOcFJpi4NdO7THfvVjU=' -L http://10.10.1.29:8080/ HTTP/1.1 500 Internal Server Error Content-Type: text/plain Content-Length: 1087 Date: Mon, 25 Apr 2011 13:43:25 GMT Connection: close

Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/eventlet/wsgi.py", line 336, in handle_one_response result = self.application(self.environ, start_response) File "/usr/lib/pymodules/python2.6/swift/common/middleware/healthcheck.py", line 38, in __call__ return self.app(env, start_response) File "/usr/lib/pymodules/python2.6/swift/common/middleware/memcache.py", line 32, in __call__ return self.app(env, start_response) File "/usr/lib/pymodules/python2.6/swift/common/middleware/swift3.py", line 468, in __call__ res = getattr(controller, req.method)(env, start_response) File "/usr/lib/pymodules/python2.6/swift/common/middleware/swift3.py", line 171, in GET body_iter = self.app(env, self.do_start_response) File "/usr/lib/pymodules/python2.6/swift/common/middleware/swauth.py", line 133, in __call__ groups = self.get_groups(env, token) File "/usr/lib/pymodules/python2.6/swift/common/middleware/swauth.py", line 203, in get_groups account, user, sign = account.split(':') ValueError: need more than 2 values to unpack

Nothing get's logged in the log. I receive this exception even when Swift3 middleware is disabled in the /etc/swift/proxy-server.conf

[DEFAULT] #cert_file = /etc/swift/cert.crt #key_file = /etc/swift/cert.key bind_port = 8080 workers = 8 user = swift

[pipeline:main] pipeline = healthcheck cache swift3 swauth proxy-server

[app:proxy-server] use = egg:swift#proxy allow_account_management = true

[filter:swift3] use = egg:swift#swift3 log_facility = LOG_LOCAL1

[filter:swauth] use = egg:swift#swauth default_swift_cluster = local#http://10.10.1.29:8080/v1

Highly recommended to change this key to something else!

super_admin_key = swauthkey

[filter:healthcheck] use = egg:swift#healthcheck

[filter:cache] use = egg:swift#memcache memcache_servers = 10.10.1.29:11211

Any idea how to work around this problem ?

edit retag flag offensive close merge delete

18 answers

Sort by ยป oldest newest most voted
0

answered 2011-04-26 23:57:52 -0500

jinzishuai gravatar image

I think your command is exactly the same as mine. I got seki@OS-CC:~/s3-curl$ ./s3curl.pl --id system:root --key testpass --get -- -s -v -k https://192.168.1.33:8080/v1/AUT7c9d523435dbcf12c9d2678d197 (https://192.168.1.33:8080/v1/AUT7c9d5...) Unknown option: get WARNING: It isn't safe to put your AWS secret access key on the command line! The recommended key management system is to store your AWS secret access keys in a file owned by, and only readable by you.

For example:

%awsSecretAccessKeys = ( # personal account personal => { id => '1ME55KNV6SBTR7EXG0R2', key => 'zyMrlZUKeG9UcYpwzlPko/+Ciu0K2co0duRM3fhi', },

# corporate account
company => {
    id => '1ATXQ3HHA59CYF1CVS02',
    key => 'WQY4SrSS95pJUT95V6zWea01gBKBCL6PI0cdxeH8',
},

);

$ chmod 600 /home/seki/.s3curl

Will sleep and continue despite this problem. Please set up /home/seki/.s3curl for future requests. * About to connect() to 192.168.1.33 port 8080 (#0) * Trying 192.168.1.33... connected * Connected to 192.168.1.33 (192.168.1.33) port 8080 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using AES256-SHA * Server certificate: * subject: C=CA; ST=AB; L=Edmonton; O=VRS; OU=RD; CN=OS-CC; emailAddress=Shi.Jin@vrstorm.com * start date: 2011-04-23 15:55:37 GMT * expire date: 2011-05-23 15:55:37 GMT * common name: OS-CC (does not match '192.168.1.33') * issuer: C=CA; ST=AB; L=Edmonton; O=VRS; OU=RD; CN=OS-CC; emailAddress=Shi.Jin@vrstorm.com * SSL certificate verify result: self signed certificate (18), continuing anyway.

GET /v1/AUTH_365f77c9d523435dbcf12c9d2678d197 HTTP/1.1 User-Agent: curl/7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18 Host: 192.168.1.33:8080 Accept: / Date: Tue, 26 Apr 2011 23:56:38 +0000 Authorization: AWS system:root:im2J8/oZ/MUzNNC9cjai3ZrEZYQ=

< HTTP/1.1 401 Unauthorized < Content-Type: text/html; charset=UTF-8 < Content-Length: 364 < Date: Tue, 26 Apr 2011 23:56:38 GMT < <html> <head> <title>401 Unauthorized</title> </head> <body>

401 Unauthorized

This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.

</body> * Connection #0 to host 192.168.1.33 left intact * Closing connection #0 * SSLv3, TLS alert, Client hello (1): </html>

edit flag offensive delete link more
0

answered 2011-04-26 23:06:49 -0500

cthier gravatar image

You url should look something like http://localhost:8080/v1.0/ACCOUNTHASH/CONTAINER/OBJECT (http://localhost:8080/v1.0/ACCOUNTHAS...)

edit flag offensive delete link more
0

answered 2011-11-08 06:37:29 -0500

akapadia-usa gravatar image

Please ignore my post. Problem Solved. Thanks.

edit flag offensive delete link more
0

answered 2011-04-26 23:52:44 -0500

cthier gravatar image

Try:

./s3curl.pl --id system:root --key testpass --get -- -s -v -k https://192.168.1.33:8080/v1/AUTH_365f77c9d523435dbcf12c9d2678d197 (https://192.168.1.33:8080/v1/AUTH_365...)

edit flag offensive delete link more
0

answered 2012-07-21 18:21:31 -0500

akapadia-usa gravatar image

Check out my notes on http://www.buildcloudstorage.com/2011/11/s3-apis-on-openstack-swift.html (http://www.buildcloudstorage.com/2011...) . The mistake I had made was that the hostname in step 5 didn't match with the hostname in step 6. Apparently they have to match exactly.

edit flag offensive delete link more
0

answered 2011-04-26 17:51:24 -0500

lgoikhburg gravatar image

Hi,

My problem is that I receive a python exception from API when trying to authenticate with S3-like credentials.

Try this command against your proxy and tell me what you get: curl -D - -H 'Authorization: AWS foo:bar' -L http://10.10.1.29:8080/

edit flag offensive delete link more
0

answered 2011-04-25 15:07:42 -0500

lgoikhburg gravatar image

The colon (:) in the header causes this error -H 'Authorization: AWS AKIAJIGCCZ3KCSNGLRYQ:YZ+HhhzFyOcFJpi4NdO7THfvVjU=' regardless Swift3 enabled or not.

Trunk package version 1.4-dev+bzr286-0ubuntu0ppa1~maverick1

edit flag offensive delete link more
0

answered 2011-04-26 16:51:38 -0500

jinzishuai gravatar image

Hi, I am having similar questions. Have you figured out your problem? Please take a look at https://answers.launchpad.net/swift/+question/154332 (https://answers.launchpad.net/swift/+...) . Thanks.

edit flag offensive delete link more
0

answered 2011-04-26 22:13:27 -0500

cthier gravatar image

When using the s3 compatibility layer, the access key needs to be in the form of account_name:user_name, and the secret key used to sign the request is the user's password.

http://swift.openstack.org/misc.html#module-swift.common.middleware.swift3 (http://swift.openstack.org/misc.html#...)

Is the only documentation that we have currently.

edit flag offensive delete link more
0

answered 2011-04-26 22:32:24 -0500

jinzishuai gravatar image

Thank you Chuck. However, according to https://blueprints.launchpad.net/swift/+spec/bexar-s3api (https://blueprints.launchpad.net/swif...) : Swift account (something like AUTH_89308df71f274e33af17779606f08fa0) is used as AWSAccessKeyId. Swift password (passed to swift-auth-add-user) is used as AWS Secret Access Key.

So I guess that is out dated information?

However, I am stilll getting error with this.

One confusion I am having is that: should I connect to the proxy ( https://192.168.1.33:8080 ) or the auth ( https://192.168.1.33:11000 ) service and do I need to put the path of /v1 or /v1.0 for the URL?

Thanks. Shi

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2011-04-25 13:46:02 -0500

Seen: 713 times

Last updated: Jul 21 '12