Ask Your Question
0

swift and keystone integration problem

asked 2013-09-06 16:04:14 -0500

henry1987 gravatar image

updated 2013-09-06 21:45:26 -0500

Jobin gravatar image

Hi there,

I am wondering if someone can help me about how to get swift and keystone work together?

The following is the system set up:

1) The instruction I followed is "Installing OpenStack Storage on Ubuntu", not SAIO: http://docs.openstack.org/trunk/openstack-object-storage/admin/content/installing-openstack-object-storage-on-ubuntu.html

2) The OS is Ubuntu 12.04 64 LTS

3) Architecture:

I have 7 VMs on a single physical box. The physical box has CentOS 6.3, and VMs have Ubuntu 12.04 The followings are VM names and IP address, and description

 keystone, 192.168.1.154 , for authentication
 sproxy,     192.168.1.155, proxy server
 snode01,  192.168.1.156,  storage node 1
 snode02,  192.168.1.157,  storage node 2
 snode03,  192.168.1.158,  storage node 3
 snode04,  192.168.1.159, storage node 4
 snode05,  192.168.1.160, storage node 5

4) on keystone, i have the following created:

a) users:   swift and admin

b) tenants: admin and service

c) roles: Member, _member_, admin, KeystoneAdmin, KeystoneServiceAdmin

d) swift is added "service" tenant with "admin" role

e) services:   name: swift; type: object-store

f) end point: This part puzzles me. Some one used port 8888, someone used 8080. I guess if I use
   8888, in swift-proxy-server.conf, I need to set the port to be 8888 as well.

  another thing is about version "v1". Can I use "v2"?     But any way, I created the following endpoints for swift:

     +-------------+---------------------------------------------------+
|   Property  |                       Value                                                |
+-------------+----------------------------------------------------------------+
|   adminurl  |           http://192.168.1.154:8888/v1                      |
|      id     |          878f926925634667b74f2053f616adfe                   |
| internalurl | http://192.168.1.154:8888/v1/AUTH_%(tenant_id)s |
|  publicurl  | http://192.168.1.154:8888/v1/AUTH_%(tenant_id)s  |
|    region   |                     RegionOne                                            |
|  service_id |          1771a9ca06d34c4bbdcecdd6c8f865fd               |
+-------------+-----------------------------------------------------------------+

5) swift proxy-server.conf :

The following is the settings. I got a few questions here

question 1: user =swift. why swift? I got a user called swift in keystone, I got a user called swift in my Ubuntu OS

question 2: admin_user=swift How is this swift different from the one above?

question 3: admin_tenant_name, should this one be "service" or "admin"?

[DEFAULT]

bind_port = 8888

user = swift

[pipeline:main]

pipeline = healthcheck cache authtoken keystoneauth proxy-server


....
# auth_* settings refer to the Keystone server

auth_protocol = http

auth_host = 192.168.1.154

auth_port = 35357

# the same admin_token as provided in keystone.conf
admin_token = ADMIN

# the service tenant and swift userid and password created in Keystone

admin_tenant_name = service

admin_user = swift

admin_password = stack

6) add zones

The followings are part of scripts to add zones. My question for this part are the port numbers 6000, 6001, and 6002 are the same for different storage nodes. are these right?

#
#zone 1 -- snode01
#
swift-ring-builder account.builder add r1z1-192.168.1.156:6002/vdb1 100 <br>
swift-ring-builder container.builder add r1z1-192.168.1.156:6001/vdb1 100 <br>
swift-ring-builder object.builder add r1z1-192.168.1.156:6000/vdb1 100 <br>


#
#zone 2 -- snode02
#<br>
swift-ring-builder account.builder add r1z2-192.168.1.157:6002/vdb1 100<br>
swift-ring-builder container.builder add r1z2-192.168.1.157:6001/vdb1 100<br>
swift-ring-builder ...
(more)
edit retag flag offensive close merge delete
add a comment

1 answer

Sort by » oldest newest most voted
1

answered 2013-09-07 22:48:40 -0500

ketchup gravatar image

question 1: user =swift. why swift? I got a user called swift in keystone, I got a user called swift in my Ubuntu OS

This is not the OS user. This is the user you create in Keystone configuration in the service tenant. The user is what Keystone uses to communicate with Swift.

question 2: admin_user=swift How is this swift different from the one above?

This is a proxy-server entry that establishes the Keystone user that will be used to communicate with the proxy services. Again, this is not the OS user. You can make this whatever you want, but it has to be consisted in the proxy-server.conf and in Keystone.

question 3: admin_tenant_name, should this one be "service" or "admin"? The tenant name is service in this case, assuming you are referring to the proxy-server.conf. The tenant is a container for services, objects, accounts, etc.

another thing is about version "v1". Can I use "v2"? But any way, I created the following endpoints for swi

V1 is the authentication method used by Swift. V2 is used by Keystone. You should be using v1 for service endpoint definitions in keystone config. This is what Keystone will use to communicate with Swift. The client will make the connection to v2, through Keystone. Then Keystone will initiate communicate with Swift on v1.

The followings are part of scripts to add zones. My question for this part are the port numbers 6000, 6001, and 6002 are the same for different storage nodes. are these right?

Yes, these ports should be the same for the different storage nodes. These the ports that the different elements of Swift use for communication.

One very useful switch to troubleshoot swift connection is the –debug switch. Use it with the swift stat command. It will give you the curl output of what the command is trying to do. Usually the error you are seeing is an indicator that you have mismatching port configurations between Keystone and Swift. For example, did you configure Keystone over SSL? If so, you should adjust your config and your tests to use HTTPS. If you are using port 8888 for swift in the keystone endpoint config and port 8080 in the proxy-server.conf you will get this error. Also try port 5000 for your Keystone URL. And try to curl to the URL directly to make sure you can establish communication. Finally, make sure our admin token is configured the same in Keystone as it is in proxy-server.conf. Then watch /var/log/messages on the proxy node for any errors and /var/log/keystone/keystone.log for keystone errors.

edit flag offensive delete link more

Comments

1) I verified by keystone endpoint-list, the port used is 8888, the proxy-server.conf used 8888 as well
2) swift --debug stat has RESP: [200]. with information about token issued time, and expiration time etc. However after the response body, I still get [Errno 111] ECONNREFUSED
3) /var/log/messages on proxy node is empty, dmesg shows only swift-proxy start and stop, syslog shows no meaningful log message
4) keystone.log on keystone node is empty (I cleaned it first, then run swift --debug stat)

henry1987 gravatar imagehenry1987 ( 2013-09-11 11:36:08 -0500 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2013-09-06 16:04:14 -0500

Seen: 1,293 times

Last updated: Sep 07 '13

Related questions

keystone in swift

How to fix 401 error when I ran swift command to get authorizaition through keystone?

Keystone Kerberos configuration

keystone user-list too slow

where is swift API key

swift container-sync not working

problem with keystone-manage db_sync

devstack keystone authentication

handoff handing about swift

SWauth issues in OpenStack Swift