Ask Your Question
0

Swift authentication using Keystone: Account Head Failed

asked 2012-03-26 14:38:18 -0500

binary-huang gravatar image
Hello All! I am configuring swift to using keystone as its auth server. But after I try the following command : swift -V 2 -A http://127.0.0.1:5000/v2.0 -U admin:admin -K secrete stat. I get same error.
I use the source code from git and run swift and keystone in a ubuntu 11.10 virtual machine. The following is the error message.

{'access': {'token': {'expires': '2012-03-27T14:14:06Z', 'id': '0556b621af51416c8e0f5774fbdafe62', 'tenant': {'enabled': True, 'description': None, 'name': 'admin', 'id': '104c490b48824f2580e296a84fda7e0a'}}, 'serviceCatalog': [{'endpoints_links': [], 'endpoints': [{'adminURL': 'http://127.0.0.1:8888/v1', 'region': 'regionOne', 'internalURL': 'http://127.0.0.1:8888/v1', 'publicURL': 'http://127.0.0.1:8888/v1/AUTH_54e1e52ccbf8408c953ec7d86f69fd73'}], 'type': 'object-store', 'name': 'swift'}], 'user': {'username': 'admin', 'roles_links': [], 'id': '54e1e52ccbf8408c953ec7d86f69fd73', 'roles': [{'id': '65c6481ec925451e843f676fc8c96326', 'name': 'admin'}, {'id': '37c0057ff89c420594976847405bc543', 'name': 'KeystoneServiceAdmin'}, {'id': 'ad908ebc57724863848372be8deb1e51', 'name': 'KeystoneAdmin'}], 'name': 'admin'}}} http://127.0.0.1:8888/v1/AUTH_54e1e52ccbf8408c953ec7d86f69fd73 (http://127.0.0.1:8888/v1/AUTH_54e1e52...) StorageURL: http://127.0.0.1:8888/v1/AUTH_54e1e52ccbf8408c953ec7d86f69fd73 (http://127.0.0.1:8888/v1/AUTH_54e1e52...) Token: 0556b621af51416c8e0f5774fbdafe62 head_account-url-path: /v1/AUTH_54e1e52ccbf8408c953ec7d86f69fd73 localhost - - [26/Mar/2012 22:14:06] code 400, message Bad request syntax ('\x16\x03\x01\x00\xcc\x01\x00\x00\xc8\x03\x01Opy\xae\xeb\x14cEK\x88\x1b\xcc\xb3&\xd3;\x1e\xean\x18v\x00?$\xf9\xdb\xe6 ^"\x9f\xf7\x00\x00Z\xc0\x14\xc0') localhost - - [26/Mar/2012 22:14:06] "��Opy��cEK�̳&�;�nv?$��� ^"��Z��" 400 - StorageURL: http://127.0.0.1:8888/v1/AUTH_54e1e52ccbf8408c953ec7d86f69fd73 (http://127.0.0.1:8888/v1/AUTH_54e1e52...) Token: 0556b621af51416c8e0f5774fbdafe62 head_account-url-path: /v1/AUTH_54e1e52ccbf8408c953ec7d86f69fd73 localhost - - [26/Mar/2012 22:14:07] code 400, message Bad HTTP/0.9 request type ('\x16\x03\x01\x00\xcc\x01\x00\x00\xc8\x03\x01Opy\xafAA"\xf9') localhost - - [26/Mar/2012 22:14:07] "��Opy�AA"� @���I�,�gn�C�fe9u❣q�Z��" 400 - StorageURL: http://127.0.0.1:8888/v1/AUTH_54e1e52ccbf8408c953ec7d86f69fd73 (http://127.0.0.1:8888/v1/AUTH_54e1e52...) Token: 0556b621af51416c8e0f5774fbdafe62 head_account-url-path: /v1/AUTH_54e1e52ccbf8408c953ec7d86f69fd73 localhost - - [26/Mar/2012 22:14:09] code 400, message Bad request syntax ('\x16\x03\x01\x00\xcc\x01\x00\x00\xc8\x03\x01Opy\xb1-\x15$T\x83\xe8J\xc5u\xa7S\x9ag\xe54(.\x81\xf81\x05}\x98\xea\xd8\x81]\xcd\x00\x00Z\xc0\x14\xc0') localhost - - [26/Mar/2012 22:14:09] "��Opy�-$T��J�u�S�g�4(.��1}��؁]�Z��" 400 - StorageURL: http://127.0.0.1:8888/v1/AUTH_54e1e52ccbf8408c953ec7d86f69fd73 (http://127.0.0.1:8888/v1/AUTH_54e1e52...) Token: 0556b621af51416c8e0f5774fbdafe62 head_account-url-path: /v1/AUTH_54e1e52ccbf8408c953ec7d86f69fd73 localhost - - [26/Mar/2012 22:14:13] code 400, message Bad HTTP/0.9 request type ('\x16\x03\x01\x00\xcc\x01\x00\x00\xc8\x03\x01Opy\xb5m3\xb5oH\xc3\xf2\x9eZU\xa3\x93\xab\x0fe\xb8\x85\x96\xb415\xad') localhost - - [26/Mar/2012 22:14:13] "��Opy�m3�oH���ZU���e����15� U�UZ��" 400 - StorageURL: http://127.0.0.1:8888/v1/AUTH_54e1e52ccbf8408c953ec7d86f69fd73 (http://127.0.0.1:8888/v1/AUTH_54e1e52...) Token: 0556b621af51416c8e0f5774fbdafe62 head_account-url-path: /v1/AUTH_54e1e52ccbf8408c953ec7d86f69fd73 localhost - - [26/Mar/2012 22:14:21] code 400, message Bad request ... (more)

edit retag flag offensive close merge delete

10 answers

Sort by » oldest newest most voted
0

answered 2012-05-24 11:14:32 -0500

david-butler gravatar image

I have the same problem on Ubtunut 12.04

$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 12.04 LTS Release: 12.04 Codename: precise

$ uname -a Linux PoC5 3.2.0-23-generic #36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

I have setup my keystone endpoints as per the OpenStack Install and Deploy Guide - Compute, Image, and Identity services plus Dashboard ( http://docs.openstack.org/trunk/openstack-compute/install/content/keystone-service-endpoint-create.html (http://docs.openstack.org/trunk/opens...) )

$ keystone --token 012345SECRET99TOKEN012345 \ --endpoint http://192.168.206.130:35357/v2.0/ \ service-create \ --name=swift \ --type=object-store \ --description="Object Storage Service" +-------------+---------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Object Storage Service | | id | 272efad2d1234376cbb911c1e5a5a6ed | | name | swift | | type | object-store | +-------------+----------------------------------+

$ keystone --token 012345SECRET99TOKEN012345 \ --endpoint http://192.168.206.130:35357/v2.0/ \ endpoint-create \ --region RegionOne \ --service_id=272efad2d1234376cbb911c1e5a5a6ed \ --publicurl 'http://127.0.0.1:8888/v1/AUTH_%(tenant_id)s' \ --adminurl 'http://127.0.0.1:8888/' \ --internalurl 'http://127.0.0.1:8888/v1/AUTH_%(tenant_id)s'

I can see the object store enpoint

curl -d '{"auth": {"tenantName": "openstackDemo", "passwordCredentials":{"username": "adminUser", "password": "password"}}}' -H "Content-type: application/json" http://192.168.40.205:35357/v2.0/tokens | python -mjson.tool

        {
            "endpoints": [
                {
                    "adminURL": "http://127.0.0.1:8888/", 
                    "internalURL": "http://127.0.0.1:8888/v1/AUTH_dd4a5cd309ff4ae2be0460e6968f80c5", 
                    "publicURL": "http://127.0.0.1:8888/v1/AUTH_dd4a5cd309ff4ae2be0460e6968f80c5", 
                    "region": "RegionOne"
                }
            ], 
            "endpoints_links": [], 
            "name": "swift", 
            "type": "storage"
        },

My /etc/swift/proxy-server.conf is

[DEFAULT] bind_port = 8888 user = swift

[pipeline:main] pipeline = catch_errors healthcheck cache authtoken keystone proxy-server

[app:proxy-server] use = egg:swift#proxy account_autocreate = true

[filter:keystone] paste.filter_factory = keystone.middleware.swift_auth:filter_factory operator_roles = admin, swiftoperator

[filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory

Delaying the auth decision is required to support token-less

usage for anonymous referrers ('.r:*').

delay_auth_decision = 10 service_port = 5000 service_host = 127.0.0.1 auth_port = 35357 auth_host = 127.0.0.1 auth_token = 012345SECRET99TOKEN012345 admin_token = 012345SECRET99TOKEN012345 auth_protocol = http

[filter:cache] use = egg:swift#memcache set log_name = cache

[filter:catch_errors] use = egg:swift#catch_errors

[filter:healthcheck] use = egg:swift#healthcheck

However, swift cannot find the enpoint, nor to the curl commands from http://docs.openstack.org/trunk/openstack-compute/install/content/verify-swift-installation.html (http://docs.openstack.org/trunk/opens...)

$ swift -V 2.0 -A http://192.168.40.205:5000/v2.0 -U openstackDemo:adminUser -K opencloud stat There is no object-store endpoint on this auth server.

$ curl -k -v -H 'X-Storage-User: openstackDemo:adminUser' -H 'X-Storage-Pass: password' http://192.168.40.205:5000/auth/v1.0 * About to connect() to 192.168.40.205 port 5000 (#0) * Trying 192.168.40.205... connected

GET /auth/v1.0 HTTP/1.1 User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3 Host: 192.168.40.205:5000 Accept: / X-Storage-User: openstackDemo:adminUser X-Storage-Pass: password

< HTTP/1.1 404 Not Found < Content-Length: 154 < Content-Type: text/html; charset=UTF-8 < Date: Thu, 24 May 2012 11:05:51 GMT < <html> <head> <title>404 Not ...

(more)
edit flag offensive delete link more
0

answered 2012-04-07 00:52:47 -0500

binary-huang gravatar image

I use python-keystoneclient to create user,role,tenant,service and endpoint in keystone. And you should set auto_account_create in proxy-server.conf to true so when an account isn't in swift, swift can create it automatically.

After you install python-keystoneclient, you can use the command 'keystone' to manage user, role, service...

2012/4/6 smallma question191760@answers.launchpad.net

Your question #191760 on Keystone changed: https://answers.launchpad.net/keystone/+question/191760 (https://answers.launchpad.net/keyston...)

smallma posted a new comment: Hello Binary,

Could you tell me how do you create user,role,tenant,service and endpoint? I always can't find account > <. Please help me out.

Thanks,

Rain.


You received this question notification because you asked the question.

edit flag offensive delete link more
0

answered 2012-04-06 06:28:13 -0500

s-rain gravatar image

Hello Binary,

Could you tell me how do you create user,role,tenant,service and endpoint? I always can't find account > <. Please help me out.

Thanks,

Rain.

edit flag offensive delete link more
0

answered 2012-04-04 05:23:52 -0500

binary-huang gravatar image

In proxy-server.conf

[filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory service_port = 5000 service_host = 127.0.0.1 auth_port = 35357 auth_host = 127.0.0.1 auth_token = ADMIN admin_token = ADMIN

add the auth protocol

auth_protocol = http

2012/4/3 sanjaya dahal question191760@answers.launchpad.net

Your question #191760 on Keystone changed: https://answers.launchpad.net/keystone/+question/191760 (https://answers.launchpad.net/keyston...)

sanjaya dahal posted a new comment: hi i am also having similar problem. can u please inform me where should i set auth_token protocol to http .


You received this question notification because you asked the question.

edit flag offensive delete link more
0

answered 2012-03-30 02:58:46 -0500

binary-huang gravatar image

I've find out what's wrong. Because the keystone auth_token middleware use https as its default protocol, but my machine doesn't support. So I set the auth_token protocol to http and it works.

edit flag offensive delete link more
0

answered 2012-03-29 15:17:29 -0500

tonytkdk gravatar image

how about to close this ticket :>

edit flag offensive delete link more
0

answered 2012-03-29 15:16:45 -0500

tonytkdk gravatar image

Congratulation :>

I saw SSL handshake info now .

code 400, message Bad request syntax ('\x16\x03\x01\x00\xcc\x01\x00\x00\xc8\x03\x01Opy\xbd\xc5a<a\x8c\xc8\xb8&amp;\xbc\xa4\xab\xb5\xd9\xa5\xe9\x183\xa5`\xe6_u?\x0e\x9d\x86\x1f\x17\x00\x00z\xc0\x14\xc0')< p="">

edit flag offensive delete link more
0

answered 2012-03-29 04:23:05 -0500

binary-huang gravatar image

Thanks for your reply. But I've find out what's wrong. Because the keystone auth_token middleware use https as its default protocol, but my machine doesn't support. So I set the auth_token protocol to http and it works.

2012/3/28 Hugo Kou question191760@answers.launchpad.net

Your question #191760 on Keystone changed: https://answers.launchpad.net/keystone/+question/191760 (https://answers.launchpad.net/keyston...)

Status: Open => Answered

Hugo Kou proposed the following answer: could it possible on the permission of /srv/node/* ?


If this answers your question, please go to the following page to let us know that it is solved:

https://answers.launchpad.net/keystone/+question/191760/+confirm?answer_id=0 (https://answers.launchpad.net/keyston...)

If you still need help, you can reply to this email or go to the following page to enter your feedback: https://answers.launchpad.net/keystone/+question/191760 (https://answers.launchpad.net/keyston...)

You received this question notification because you asked the question.

edit flag offensive delete link more
0

answered 2012-03-28 13:26:39 -0500

tonytkdk gravatar image

could it possible on the permission of /srv/node/* ?

edit flag offensive delete link more
0

answered 2012-04-03 14:08:13 -0500

sdtranquility gravatar image

hi i am also having similar problem. can u please inform me where should i set auth_token protocol to http .

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2012-03-26 14:38:18 -0500

Seen: 1,984 times

Last updated: May 24 '12