Ask Your Question
0

swift and Cyberduck

asked 2011-08-24 07:11:58 -0500

chaupv79 gravatar image

Hi everybody

Can someone show me how to make a connection between cyberduck in window to swift storage?

currently i have a situation as below

1) I have swift.1.4.3 installed, I have swauth1.0.2 installed

  • I have already created an admin user:

    swauth-add-user -A http://192.168.0.82:8080/auth/ -K secure_key -a test tester testing

  • And make sure it works:

    swift -A http://192.168.0.82:8080/auth/v1.0 -U test:tester -K testing stat -v

2) I have cyberduck 4.1 installed on window7

=> my problem is: when I make a connection on Swift(Open Stack storage) to my swift on ubuntu 10.04 LTS then it requires user and API Access key

I input as below

username: test.tester API access key: testing

my purpose is to see something like picture or files that stored in ubuntu swift will display in cyberduck,

But...

after a while, cyberduck authenticating as test.tester then, it returns nothing, there is no cyberduck swift connection displaying.

Can anyone help me on this matter?

Thank in advance

edit retag flag offensive close merge delete

30 answers

Sort by ยป oldest newest most voted
1

answered 2012-06-24 08:39:06 -0500

jih1103 gravatar image

If you want to make any user or container, then use the 'curl' and upload/download/verify the stat or list ... then use the 'swift'

EX:> curl>>**************************

>> Below, I have made the user 'ssluser', accout 'sslacct', and password 'sslpass'

curl -k -v -H 'X-Storage-User: sslacct:ssluser' -H 'X-Storage-Pass: sslpass' https://192.168.56.101/auth/v1.0

  • About to connect() to 192.168.56.101 port 443 (#0)
  • Trying 192.168.56.101... connected
  • Connected to 192.168.56.101 (192.168.56.101) port 443 (#0)
  • successfully set certificate verify locations:
  • CAfile: none CApath: /etc/ssl/certs
  • SSLv3, TLS handshake, Client hello (1):
  • SSLv3, TLS handshake, Server hello (2):
  • SSLv3, TLS handshake, CERT (11):
  • SSLv3, TLS handshake, Server finished (14):
  • SSLv3, TLS handshake, Client key exchange (16):
  • SSLv3, TLS change cipher, Client hello (1):
  • SSLv3, TLS handshake, Finished (20):
  • SSLv3, TLS change cipher, Client hello (1):
  • SSLv3, TLS handshake, Finished (20):
  • SSL connection using AES256-SHA
  • Server certificate:
  • subject: C=KO; emailAddress=jih1103@paran.com
  • start date: 2012-06-21 06:21:35 GMT
  • expire date: 2012-07-21 06:21:35 GMT
  • SSL: unable to obtain common name from peer certificate > GET /auth/v1.0 HTTP/1.1 > User-Agent: curl/7.21.3 (x86_64-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18 > Host: 192.168.56.101 > Accept: / > X-Storage-User: sslacct:ssluser > X-Storage-Pass: sslpass > < HTTP/1.1 200 OK < X-Storage-Url: https://127.0.0.1/v1/AUTH_65918ac5-ec88-4b32-8509-b68fd019d6bb (https://127.0.0.1/v1/AUTH_65918ac5-ec...) < X-Storage-Token: AUTH_tkf7f78ee834784f9aa557b658a85cdebc < X-Auth-Token: AUTH_tkf7f78ee834784f9aa557b658a85cdebc < Content-Length: 108 < Date: Thu, 21 Jun 2012 06:55:00 GMT <
  • Connection #0 to host 192.168.56.101 left intact
  • Closing connection #0
  • SSLv3, TLS alert, Client hello (1): {"storage": {"default": "local", "local": "https://127.0.0.1/v1/AUTH_65918ac5-ec88-4b32-8509-b68fd019d6bb"}}root@swiftmain:/etc/swift# curl -k -i -H "X-Auth-Token: AUTH_tkf7f78ee834784f9aa557b658a85cdebc" -X PUT https://127.0.0.1/v1/AUTH_65918ac5-ec88-4b32-8509-b68fd019d6bb/sslcontainer (https://127.0.0.1/v1/AUTH_65918ac5-ec...) HTTP/1.1 201 Created Content-Length: 18 Content-Type: text/html; charset=UTF-8 Date: Thu, 21 Jun 2012 07:00:07 GMT

201 Created

>> Below, I have made the container 'sslcontainer'

curl -k -i -H "X-Auth-Token: AUTH_tkf7f78ee834784f9aa557b658a85cdebc" -X PUT https://127.0.0.1/v1/AUTH_65918ac5-ec88-4b32-8509-b68fd019d6bb/sslcontainer (https://127.0.0.1/v1/AUTH_65918ac5-ec...) HTTP/1.1 201 Created Content-Length: 18 Content-Type: text/html; charset=UTF-8 Date: Thu, 21 Jun 2012 07:00:07 GMT

201 Created

swift>>************************

>> Below, I have up/down/check the object in any container : lib.tar is object, sslcont1 is container, and sslacct:ssluser is account...

swift -v -A https://192.168.56.101/auth/v1.0 -U sslacct:ssluser -K sslpass upload sslcont1 lib.tar

lib.tar

swift -v -A https://192.168.56.101/auth/v1.0 -U sslacct:ssluser -K sslpass download sslcont1 lib.tar

lib.tar

swift -v -A https://192.168.56.101/auth/v1.0 -U sslacct:ssluser -K sslpass delete sslcont1 lib.tar

lib.tar

root@swiftmain:~# swift -v -A https://192.168.56.101/auth/v1.0 -U ... (more)

edit flag offensive delete link more
0

answered 2011-10-04 14:32:34 -0500

novikov gravatar image

You must add user as admin i.e. with -a option for swauth-add-user or make a container and give specific rights (for read or write) on it for concrete user, I don`t know how exactly - so just use admin account for first time.

edit flag offensive delete link more
0

answered 2011-09-15 10:55:32 -0500

moubarik-siham gravatar image

Hi everybody, thank you so much for your suggestion, it helps me a lot so here is what done

i installed swift-1.4.2 and swauth.1.0.2, and i modified the porxy-server.conf here is the result :

+++++++++++++++++++/etc/swift/proxy-serve.conf+++++++++++++++++++++++++++++++++

[DEFAULT] bind_port = 443 #bind_ip = 192.168.3.20 user = root log_facility = LOG_LOCAL1 cert_file = /etc/swift/cert.crt key_file = /etc/swift/cert.key

[pipeline:main] pipeline = healthcheck cache tempauth proxy-server

[app:proxy-server] use = egg:swift#proxy allow_account_management = true

[filter:tempauth] use = egg:swift#tempauth user_admin_admin = admin .admin .reseller_admin user_test_tester = testing .admin https://192.168.3.20:443/v1/AUTH_test user_test2_tester2 = testing2 .admin user_test3_tester3 = testing3 .admin

[filter:swauth] use = egg:swift#swauth default_swift_cluster = local#https://192.168.3.20:443/v1#https://127.0.0.1:443/v1 user_admin_admin = admin .admin .reseller_admin user_test_tester = testing .admin https://192.168.3.20:443/v1/AUTH_test user_test2_tester2 = testing2 .admin user_test7_tester7 = testing7. admin user_test3_tester3 = testing3 .admin

[filter:healthcheck] use = egg:swift#healthcheck

[filter:cache] use = egg:swift#memcache memcache_servers = 192.168.3.20:11211 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ but i can't create another user: so i used test:tester testing and test2:tester2 testing2 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ oot@dtv-110702:/etc/swift# curl -k -v -H 'X-Storage-User: test2:tester2' -H 'X-Storage-Pass: testing2' https://192.168.3.20/auth/v1.0 * About to connect() to 192.168.3.20 port 443 (#0) * Trying 192.168.3.20... connected * Connected to 192.168.3.20 (192.168.3.20) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using AES256-SHA * Server certificate: * subject: C=af; ST=maarif; L=casablanca; O=netfective; OU=ne; CN=r00t; emailAddress=moubarik.siham@yahoo.fr * start date: 2011-09-14 09:49:39 GMT * expire date: 2011-10-14 09:49:39 GMT * common name: r00t (does not match '192.168.3.20') * issuer: C=af; ST=maarif; L=casablanca; O=netfective; OU=ne; CN=r00t; emailAddress=moubarik.siham@yahoo.fr * SSL certificate verify result: self signed certificate (18), continuing anyway.

GET /auth/v1.0 HTTP/1.1 User-Agent: curl/7.21.3 (x86_64-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18 Host: 192.168.3.20 Accept: / X-Storage-User: test2:tester2 X-Storage-Pass: testing2

< HTTP/1.1 200 OK < X-Storage-Url: https://127.0.0.1:443/v1/AUTH_test2 < X-Storage-Token: AUTH_tkafc1df9ed9494caeb013500aadbdecf7 < X-Auth-Token: AUTH_tkafc1df9ed9494caeb013500aadbdecf7 < Content-Length: 0 < Date: Thu, 15 Sep 2011 10:36:17 GMT < * Connection #0 to host 192.168.3.20 left intact * Closing connection #0 * SSLv3, TLS alert, Client hello (1): ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ root@dtv-110702:/etc/swift# curl -v -H 'X-Auth-Token: AUTH_tkafc1df9ed9494caeb013500aadbdecf7' https://192.168.3.20:443/v1/AUTH_test2 * About to connect() to 192.168.3.20 port 443 (#0) * Trying 192.168 ...

(more)
edit flag offensive delete link more
0

answered 2011-09-15 05:08:28 -0500

chaupv79 gravatar image

Hi Moubariksiham,

Marcelo has answered you, now you have a right person to ask.

@Marcelo: I just guess for the situation

Thank You

edit flag offensive delete link more
0

answered 2011-09-15 00:58:10 -0500

btorch gravatar image

I don't think you looked at the github information for swauth close enough. Setting users on the "swauth" filter section is useless. That is only for the "tempauth section"

Your proxy configuration should have (as the github site mentions):

1) You need to add swauth to the pipeline and remove tempauth

[pipeline:main] pipeline = catch_errors cache swauth proxy-server

2) Make sure you have at least [filter:swauth] use = egg:swauth#swauth set log_name = swauth super_admin_key = swauthkey

3) Then you can also add the "default_swift_cluster" to the swauth filter section default_swift_cluster = local#https://192.168.0.20:443//v1#https://127.0.0.1:443/v1

edit flag offensive delete link more
0

answered 2011-09-15 00:40:53 -0500

chaupv79 gravatar image
  • re-install swift-1.4.2 and swauth.1.0.2,

  • you should use swauth filter in proxy-conf, don't use tempauth.

  • look at https://github.com/gholt/swauth to install swauth

and try to copy user to [filter:swauth] session

[filter:swauth] use = egg:swift#swauth default_swift_cluster = local#https://192.168.0.20:443//v1#https://127.0.0.1:443/v1 user_admin_admin = admin .admin .reseller_admin user_test_tester = testing .admin user_test2_tester2 = testing2 .admin user_test7_tester7 = testing7. admin user_test3_tester3 = testing3 .admin

  • make sure you have ssl option

  • restart swift

edit flag offensive delete link more
0

answered 2011-09-14 09:58:02 -0500

moubarik-siham gravatar image

tks so much for the request chau Pham

i can't create the test7 swauth-add-user -K admin -A https://192.168.3.20:443/auth/ -a test7 tester7 testing7 Account creation failed: 500 Internal Server Error User creation failed: 500 Internal Server Error

root@dtv-110702:/etc/swift# curl -k -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' https://192.168.3.20/auth/v1.0 * About to connect() to 192.168.3.20 port 443 (#0) * Trying 192.168.3.20... connected * Connected to 192.168.3.20 (192.168.3.20) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using AES256-SHA * Server certificate: * subject: C=af; ST=maarif; L=casablanca; O=netfective; OU=ne; CN=r00t; emailAddress=moubarik.siham@yahoo.fr * start date: 2011-09-14 09:49:39 GMT * expire date: 2011-10-14 09:49:39 GMT * common name: r00t (does not match '192.168.3.20') * issuer: C=af; ST=maarif; L=casablanca; O=netfective; OU=ne; CN=r00t; emailAddress=moubarik.siham@yahoo.fr * SSL certificate verify result: self signed certificate (18), continuing anyway.

GET /auth/v1.0 HTTP/1.1 User-Agent: curl/7.21.3 (x86_64-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18 Host: 192.168.3.20 Accept: / X-Storage-User: test:tester X-Storage-Pass: testing

< HTTP/1.1 500 Internal Server Error < Content-Type: text/plain < Content-Length: 742 < Date: Wed, 14 Sep 2011 09:55:30 GMT < Connection: close < Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/eventlet/wsgi.py", line 336, in handle_one_response result = self.application(self.environ, start_response) File "/usr/local/lib/python2.7/dist-packages/swift-1.4.3-py2.7.egg/swift/common/middleware/healthcheck.py", line 38, in __call__ return self.app(env, start_response) File "/usr/local/lib/python2.7/dist-packages/swift-1.4.3-py2.7.egg/swift/common/middleware/memcache.py", line 32, in __call__ return self.app(env, start_response) File "/usr/local/lib/python2.7/dist-packages/swift-1.4.3-py2.7.egg/swift/common/middleware/tempauth.py", line 136, in __call__ '%s' % (account_id, key)) Exception: Could not create account for user test:tester * Closing connection #0 * SSLv3, TLS alert, Client hello (1): root@dtv-110702:/etc/swift#

can you help me please

edit flag offensive delete link more
0

answered 2011-09-14 01:38:23 -0500

chaupv79 gravatar image

Hi Moubariksiham,

I am just an end-user, I have a little experience on swift, you may ask others guy to help you, buy anyway, I try to help you with all i have.

swauth-add-user -A https://192.168.3.20:443/auth/ -K admin -a test7 tester7 testing7 (1) swauth-add-user -K admin -A https://192.168.3.20:443/auth/ -a test7 tester7 testing7 (2)

=> i use the (2) command.

please try to add test7 tester7 testing7 to /etc/swift/proxy-server.conf as below:

.....

[filter:tempauth] use = egg:swift#tempauth user_admin_admin = admin .admin .reseller_admin user_test_tester = testing .admin user_test2_tester2 = testing2 .admin user_test7_tester7 = testing7. admin user_test3_tester3 = testing3 .admin

....

from terminal:

swift-init stop all startmain

swauth-add-user -K admin -A https://192.168.3.20:443/auth/ -a test7 tester7 testing7

edit flag offensive delete link more
0

answered 2011-09-11 09:19:19 -0500

Hi Moubariksiham, What happens when do you do what it says and use the '-k' option with curl? -Joe Arnold

edit flag offensive delete link more
0

answered 2011-09-09 10:45:55 -0500

moubarik-siham gravatar image

also i have this error with this commande :

curl -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' https://192.168.3.20:443/auth/v1.0

  • About to connect() to 192.168.3.20 port 443 (#0)
  • Trying 192.168.3.20... connected
  • Connected to 192.168.3.20 (192.168.3.20) port 443 (#0)
  • successfully set certificate verify locations:
  • CAfile: none CApath: /etc/ssl/certs
  • SSLv3, TLS handshake, Client hello (1):
  • SSLv3, TLS handshake, Server hello (2):
  • SSLv3, TLS handshake, CERT (11):
  • SSLv3, TLS alert, Server hello (2):
  • SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
  • Closing connection #0 curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2011-08-24 07:11:58 -0500

Seen: 910 times

Last updated: Jun 24 '12