Ask Your Question
0

details on how to make swift work with keystonw

asked 2012-03-29 12:20:01 -0500

sdtranquility gravatar image

hi i am trying to make keystone work with swift. there is less documnetation on how it can be done. i have followed the instruction provided by this site : http://keystone.openstack.org/configuringservices.html (http://keystone.openstack.org/configu...) but whenever i try to test it error account not found was observed any help or suggestion.

edit retag flag offensive close merge delete

8 answers

Sort by » oldest newest most voted
0

answered 2012-03-29 15:14:46 -0500

tonytkdk gravatar image

You can separate these two projects for debugging.

  1. Make sure that your keystone working well for authenticating a username/ password

  2. Does Keystone return X-Storage-Url and X-Auth-Token for you . While test it with curl command.

  3. Does Swift works with tempauth ?

  4. Can you access swift by a validated token ?

There're too many possibles in your case though . Let's decrease the scope .

edit flag offensive delete link more
0

answered 2012-03-29 15:30:20 -0500

sdtranquility gravatar image

yes keystone is working well for authenticating yes swift works well with tempauth this is output with curl curl -d '{"auth": {"tenantName": "demoTenant", "passwordCredentials":{"username": "demoUser", "password": "password"}}}' -H "Content-type: application/json" http://130.237.215.18:35357/v2.0/tokens | python -mjson.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1309 100 1199 100 110 4541 416 --:--:-- --:--:-- --:--:-- 4558 { "access": { "serviceCatalog": [ { "endpoints": [ { "adminURL": "http://130.237.215.18:8774/v1.1/2", "internalURL": "http://130.237.215.18:8774/v1.1/2", "publicURL": "http://130.237.215.18:8774/v1.1/2", "region": "RegionOne" } ], "name": "nova", "type": "compute" }, { "endpoints": [ { "adminURL": "http://130.237.215.18:9292/v1", "internalURL": "http://130.237.215.18:9292/v1", "publicURL": "http://130.237.215.18:9292/v1", "region": "RegionOne" } ], "name": "glance", "type": "image" }, { "endpoints": [ { "adminURL": "http://130.237.215.18:35357/v2.0", "internalURL": "http://130.237.215.18:5000/v2.0", "publicURL": "http://130.237.215.18:5000/v2.0", "region": "RegionOne" } ], "name": "identity", "type": "identity" }, { "endpoints": [ { "adminURL": "http://130.237.215.18:8080/v1.0", "internalURL": "http://130.237.215.18:8080/v1.0", "publicURL": "http://130.230.215.18:8080/v1.0", "region": "RegionOne" } ], "name": "swift", "type": "object-store" } ], "token": { "expires": "2012-03-30T11:53:27", "id": "e87623ed-0e75-474c-9437-a98d06c6ddb0", "tenant": { "id": "2", "name": "demoTenant" } }, "user": { "id": "2", "name": "demoUser", "roles": [ { "id": "2", "name": "Member", "tenantId": "2" }, { "id": "2", "name": "Member" } ] } }

edit flag offensive delete link more
0

answered 2012-03-29 15:56:07 -0500

tonytkdk gravatar image

{ "endpoints": [ { "adminURL": "http://130.237.215.18:8080/v1.0", "internalURL": "http://130.237.215.18:8080/v1.0", "publicURL": "http://130.230.215.18:8080/v1.0", "region": "RegionOne" } ], "name": "swift", "type": "object-store" }

The end point url of swift-proxy is incorrect .

the object-store should look like

http://130.237.215.18:8080/v1/AUTH_%25tenant_id%25 (http://130.237.215.18:8080/v1/AUTH_%t...)

Other endpointTemplates could refer https://github.com/openstack/keystone/blob/master/etc/default_catalog.templates (https://github.com/openstack/keystone...)

edit flag offensive delete link more
0

answered 2012-04-02 15:13:24 -0500

sdtranquility gravatar image

hi still having the problem with swift and keystone intregation. i defined end point templates for swift in the followint manner. sudo keystone-manage endpointTemplates add RegionOne swift http://130.237.215.18:8080/v1/AUTH_%25tenant_id%25 (http://130.237.215.18:8080/v1/AUTH_%t...) http://130.237.215.18:8080/v1/ http://130.237.215.18:8080/v1/AUTH_%25tenant_id%25 (http://130.237.215.18:8080/v1/AUTH_%t...) 1 1. here is my swift proxy server.conf

proxy-server.conf

[DEFAULT] bind_port = 8080 user = swift

[pipeline:main] pipeline = catch_errors healthcheck cache authtoken swiftauth proxy-server

[app:proxy-server] use = egg:swift#proxy allow_autocreate = true

[filter:swiftauth] use = egg:keystone#swiftauth keystone_url = http://130.237.215.18/v2.0 keystone_admin_token = 999888777666 keystone_tenant_user_admin = true keystone_swiftoperator_roles = Admin, swiftoperator

[filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory auth_protocol = http service_port = 5000 service_host = 130.237.215.18 auth_port = 35357 auth_host = 130.237.215.18 admin_token = 999888777666 delay_auth_decision = 0

[filter:healthcheck] use = egg:swift#healthcheck

[filter:cache] use = egg:swift#memcache set log_name = cache memcache_servers = 130.237.215.18:11211

[filter:catch_errors] use = egg:swift#catch_errors

here is my keystone .conf

[DEFAULT]

Show more verbose log output (sets INFO log level output)

verbose = False

Show debugging output in logs (sets DEBUG log level output)

debug = False

Which backend store should Keystone use by default.

Default: 'sqlite'

Available choices are 'sqlite' [future will include LDAP, PAM, etc]

default_store = sqlite

Log to this file. Make sure you do not set the same log

file for both the API and registry servers!

log_dir = /var/log/keystone log_file = keystone.log

List of backends to be configured

backends = keystone.backends.sqlalchemy #For LDAP support, add: ,keystone.backends.ldap

Dictionary Maps every service to a header.Missing services would get header

X_(SERVICE_NAME) Key => Service Name, Value => Header Name

service-header-mappings = { 'nova' : 'X-Server-Management-Url', 'swift' : 'X-Storage-Url', 'cdn' : 'X-CDN-Management-Url'}

Address to bind the API server

TODO Properties defined within app not available via pipeline.

service_host = 0.0.0.0

Port the bind the API server to

service_port = 5000

Address to bind the Admin API server

admin_host = 0.0.0.0

Port the bind the Admin API server to

admin_port = 35357

#Role that allows to perform admin operations. keystone-admin-role = Admin

#Role that allows to perform service admin operations. keystone-service-admin-role = KeystoneServiceAdmin

#Tells whether password user need to be hashed in the backend hash-password = True

[keystone.backends.sqlalchemy]

SQLAlchemy connection string for the reference implementation registry

server. Any valid SQLAlchemy connection string is fine.

See: http://bit.ly/ideIpI

sql_connection = mysql://keystone:keystone@130.237.215.18/keystone backend_entities = ['UserRoleAssociation', 'Endpoints', 'Role', 'Tenant', 'User', 'Credentials', 'EndpointTemplates', 'Token', 'Service']

Period in seconds after which SQLAlchemy should reestablish its connection

to the database.

sql_idle_timeout = 30

[pipeline:admin] pipeline = urlrewritefilter
admin_api

[pipeline:keystone-legacy-auth] pipeline = urlrewritefilter legacy_auth RAX-KEY-extension service_api

[app:service_api] paste.app_factory = keystone.server:service_app_factory

[app:admin_api] paste.app_factory = keystone.server:admin_app_factory

[filter:urlrewritefilter] paste.filter_factory = keystone.middleware.url:filter_factory

[filter:legacy_auth] paste.filter_factory = keystone.frontends.legacy_token_auth:filter_factory

[filter:RAX-KEY-extension] paste.filter_factory = keystone.contrib.extensions.service.raxkey.frontend:filter_factory

[filter ... (more)

edit flag offensive delete link more
0

answered 2012-04-03 16:18:17 -0500

sdtranquility gravatar image

hi i figured it out . i just define the service catlog in wrong way. but now i am facing other error. whenever i try to verify that keystone is providing authentication to swift i saw error . the error says account head failed . 500 internal server error. this may be due to by default keystone use https. in order to resolv it i change auth_urí to http and auth_protocol to http in both keystone.conf and proxy.conf but still facing same error . any suggestion please its urgent

On Mon, Apr 2, 2012 at 5:15 PM, sanjaya dahal < question192041@answers.launchpad.net > wrote:

Your question #192041 on Keystone changed: https://answers.launchpad.net/keystone/+question/192041 (https://answers.launchpad.net/keyston...)

Status: Answered => Open

You are still having a problem: hi still having the problem with swift and keystone intregation. i defined end point templates for swift in the followint manner. sudo keystone-manage endpointTemplates add RegionOne swift http://130.237.215.18:8080/v1/AUTH_%25tenant_id%25 (http://130.237.215.18:8080/v1/AUTH_%t...) http://130.237.215.18:8080/v1/ http://130.237.215.18:8080/v1/AUTH_%25tenant_id%25 (http://130.237.215.18:8080/v1/AUTH_%t...) 1 1. here is my swift proxy server.conf

proxy-server.conf

[DEFAULT] bind_port = 8080 user = swift

[pipeline:main] pipeline = catch_errors healthcheck cache authtoken swiftauth proxy-server

[app:proxy-server] use = egg:swift#proxy allow_autocreate = true

[filter:swiftauth] use = egg:keystone#swiftauth keystone_url = http://130.237.215.18/v2.0 keystone_admin_token = 999888777666 keystone_tenant_user_admin = true keystone_swiftoperator_roles = Admin, swiftoperator

[filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory auth_protocol = http service_port = 5000 service_host = 130.237.215.18 auth_port = 35357 auth_host = 130.237.215.18 admin_token = 999888777666 delay_auth_decision = 0

[filter:healthcheck] use = egg:swift#healthcheck

[filter:cache] use = egg:swift#memcache set log_name = cache memcache_servers = 130.237.215.18:11211

[filter:catch_errors] use = egg:swift#catch_errors

here is my keystone .conf

[DEFAULT]

Show more verbose log output (sets INFO log level output)

verbose = False

Show debugging output in logs (sets DEBUG log level output)

debug = False

Which backend store should Keystone use by default.

Default: 'sqlite'

Available choices are 'sqlite' [future will include LDAP, PAM, etc]

default_store = sqlite

Log to this file. Make sure you do not set the same log

file for both the API and registry servers!

log_dir = /var/log/keystone log_file = keystone.log

List of backends to be configured

backends = keystone.backends.sqlalchemy #For LDAP support, add: ,keystone.backends.ldap

Dictionary Maps every service to a header.Missing services would get

header

X_(SERVICE_NAME) Key => Service Name, Value => Header Name

service-header-mappings = { 'nova' : 'X-Server-Management-Url', 'swift' : 'X-Storage-Url', 'cdn' : 'X-CDN-Management-Url'}

Address to bind the API server

TODO Properties defined within app not available via pipeline.

service_host = 0.0.0.0

Port the bind the API server to

service_port = 5000

Address to bind the Admin API server

admin_host = 0.0.0.0

Port the bind the Admin API server to

admin_port = 35357

#Role that allows to perform admin operations. keystone-admin-role = Admin

#Role that allows to perform ...

(more)
edit flag offensive delete link more
0

answered 2012-04-05 12:51:32 -0500

sdtranquility gravatar image

hi still getting error can u help me plaese this is output from my dashboard Environment:

Request Method: GET Request URL: http://130.237.215.18/dash/1/containers/

Django Version: 1.3 Python Version: 2.7.2 Installed Applications: ['dashboard', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'django_openstack', 'django_openstack.templatetags', 'mailer'] Installed Middleware: ('django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django_openstack.middleware.keystone.AuthenticationMiddleware', 'django.middleware.doc.XViewMiddleware', 'django.middleware.locale.LocaleMiddleware', 'dashboard.middleware.DashboardLogUnhandledExceptionsMiddleware')

Traceback: File "/usr/lib/pymodules/python2.7/django/core/handlers/base.py" in get_response 111. response = callback(request, callback_args, callback_kwargs) File "/usr/lib/pymodules/python2.7/django/contrib/auth/decorators.py" in _wrapped_view 23. return view_func(request, *args, *kwargs) File "/usr/lib/pymodules/python2.7/django_openstack/dash/views/containers.py" in index 74. containers = api.swift_get_containers(request) File "/usr/lib/pymodules/python2.7/django_openstack/api.py" in swift_get_containers 775. return [Container(c) for c in swift_api(request).get_all_containers()] File "/usr/lib/pymodules/python2.7/cloudfiles/connection.py" in get_all_containers 306. return ContainerResults(self, self.list_containers_info(parms)) File "/usr/lib/pymodules/python2.7/cloudfiles/connection.py" in list_containers_info 389. raise ResponseError(response.status, response.reason)

Exception Type: ResponseError at /dash/1/containers/ Exception Value: 500: Internal Server Error

i also tried this command in order to check

swift -A http://130.237.215.18:5000/v2.0 -U adminTenant:adminUser -K password -V 2.0 stat -v Account HEAD failed: http://130.237.215.18:8080/v1/AUTH_1 500 Internal Server Error

i cant resolv it out and have no idea what is causing problem so can u please help me

edit flag offensive delete link more
0

answered 2012-04-07 11:08:59 -0500

sdtranquility gravatar image

LinkedIn

I'd like to add you to my professional network on LinkedIn.

  • sanjaya

sanjaya dahals Student at Kungliga tekniska högskolan Stockholm County, Sweden

Confirm that you know sanjaya dahals: https://www.linkedin.com/e/-yu4qip-h0qk9cvz-4b/isd/6586144851/8I881U6Y/?hs=false&tok=38VXvHckeYcRc1 (https://www.linkedin.com/e/-yu4qip-h0...)


You are receiving Invitation to Connect emails. Click to unsubscribe: http://www.linkedin.com/e/-yu4qip-h0qk9cvz-4b/vFZbRNg-T_Z5dYZByphkdSgbwNa6TqAs1m7qYJskxyCSdQZbyfYGgq/goo/question192041%40answers%2Elaunchpad%2Enet/20061/I2282845167_1/?hs=false&tok=0REcA8zaCYcRc1 (http://www.linkedin.com/e/-yu4qip-h0q...)

(c) 2012 LinkedIn Corporation. 2029 Stierlin Ct, Mountain View, CA 94043, USA.

edit flag offensive delete link more
0

answered 2012-04-08 12:10:12 -0500

tonytkdk gravatar image

Could you please try to authenticate user/password from Keystone API endpoint first ?

Example for API v1.0 :

curl -v -H "X-Auth_User: %username%" -H "X-Auth-Key: %password% "http://%keystone_ip%:%service_port%/v1.0

In your swift client response , I think keystone should work properly . And Keystone will return X-AUTH-TOKEN and X-Storage-Url Headers

After That , please send request to Swift-proxy API endpoint directly for creating an account . Example as follow.

curl -X PUT -v -H "X-AUTH-Token: %Token%" http://%Swift-Proxy_IP%/v1/AUTH_1

In normal condition , you will receive 201 created.

If sill failed , you have to check the permission of target disk mounting point .

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2012-03-29 12:20:01 -0500

Seen: 91 times

Last updated: Apr 08 '12