Ask Your Question
1

swift user : how to give read only access to containers

asked 2014-07-07 00:23:06 -0500

Anand TS gravatar image

Hi all,

I have installed openstack using rdo packstack in a single node and gave swift storage 10 GB. Created project with users having admin access and member role.

I created set of containers via admin user. I need to give users in that project read only access to the containers. In my case when login as users to the dashboard users can't even see the set of containers.

Also I created a pseudo folder in one container in which If I click on that pseudo folder dashboard goes to

"something went wrong"

and If I try to delete it says "

Error: You are not allowed to delete object "

. I don't know what is happening here.

I checked the swift services and all services are runnning fine.

[root@icehouse ~(keystone_admin)]# for i in `ls /etc/init.d/openstack-swift-*`; do $i status; done
openstack-swift-account (pid  11050) is running...
openstack-swift-account-auditor (pid  10395) is running...
openstack-swift-account-reaper (pid  10367) is running...
openstack-swift-account-replicator (pid  11017) is running...
openstack-swift-container (pid  10748) is running...
openstack-swift-container-auditor (pid  10556) is running...
openstack-swift-container-replicator (pid  10517) is running...
openstack-swift-container-updater (pid  11183) is running...
openstack-swift-object (pid  11127) is running...
openstack-swift-object-auditor (pid  10690) is running...
openstack-swift-object-expirer is stopped
openstack-swift-object-replicator (pid  11155) is running...
openstack-swift-object-updater (pid  10720) is running...
openstack-swift-proxy (pid  10935) is running...

where to check the logs of swift? I can see only swift-startup.log in my setup.

If someone can shed some light here I would really appreciate that.

edit retag flag offensive close merge delete

Comments

have you setup the environment variables for admin. source openrc admin admin

Syed Awais Ali gravatar imageSyed Awais Ali ( 2014-07-07 01:31:51 -0500 )edit

Hi S.A.Ali,

I have Keystonerc_admin file in my root directory like this,

  export OS_USERNAME=admin
    export OS_TENANT_NAME=admin
    export OS_PASSWORD=pass
    export OS_AUTH_URL=http://10.54.3.71:5000/v2.0/
    export PS1='[\u@\h \W(keystone_admin)]\$ '

What to mention in my proxy-server.conf . I'm using keystone authentication.

Now In /etc/swift/proxy-server.conf, under filter:keystone, I have

[filter:keystone]
use = egg:swift#keystoneauth
operator_roles = admin, SwiftOperator, _member_
is_admin = true

I need to mention anything here?

Anand TS gravatar imageAnand TS ( 2014-07-07 02:00:55 -0500 )edit

No, the thing i was about to quote was certain operation are not permissible if you are not admin. so if you type in command line source openrc admin admin and then try deleting object. just try to execute this command before deleting it.

Syed Awais Ali gravatar imageSyed Awais Ali ( 2014-07-07 03:29:25 -0500 )edit

I can delete,upload objects in to a container using admin login or using an admin user of a tenant, But when an account(project) normal user cannot do all these operations. That is my query.

Anand TS gravatar imageAnand TS ( 2014-07-07 04:25:08 -0500 )edit

@Anand TS actually there are certain operations that you cannot perform as a demo user. So admin user has all the privileges. Admin user can see all instances, while specific users can only see their instances. Similarly there are certain actions that only admins can perform and normal users cannot. hope that helps

Syed Awais Ali gravatar imageSyed Awais Ali ( 2014-07-07 12:03:07 -0500 )edit

1 answer

Sort by ยป oldest newest most voted
1

answered 2014-07-09 05:05:44 -0500

Anand TS gravatar image

After in depth search in internet I found temporary work around for the issue, " When I click on pseudo folder, dashboard goes to something went wrong" . This is related to the bug here .

When I edit the file /usr/share/openstack-dashboard/openstack_dashboard/dashboards/project/containers/templates/containers/index.html and edited 16th and 21st line of index.html , it works perfect.

After editing my file will be something like this,

16th line <a href="{% url horizon:project:containers:index %}{{ container_name }}/">{{ container_name }}</a> : /

21st line <a href="{% url horizon:project:containers:index %}{{ container_name }}/{{ folder.1 }}">{{ folder.0 }}</a> /

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-07-07 00:23:06 -0500

Seen: 2,328 times

Last updated: Jul 09 '14