swift user role not listed

asked 2014-12-17 20:07:35 -0600

ilya1725 gravatar image

updated 2014-12-18 17:04:32 -0600

I'm battling the same old Authentication problem with Swift. One listed here.

My question is:

  1. My user-role-list doesn't list and roles for swift:
root@lab-srv2544:/etc/swift# keystone user-role-list --user-id=admin
|                id                |   name   |             user_id              |            tenant_id             |
| 31086269092b4e29b9b2c8edc7526296 | _member_ | c061d2c159fc463da0d41e239d447f93 | f014f61da1244cfd9e6823b178af4bc9 |
| 35bc1b6e311249c091573f3a56b1d79d |  admin   | c061d2c159fc463da0d41e239d447f93 | f014f61da1244cfd9e6823b178af4bc9 |
root@lab-srv2544:/etc/swift# keystone user-role-list --user-id=swift
  1. However, when I try to add the role for swift user I get this error:
root@lab-srv2544:/etc/swift# keystone user-role-add --user=swift --tenant=service --role=admin
Conflict occurred attempting to store role grant - User d08f067266ea48fd988d33f82111b146 already has role 35bc1b6e311249c091573f3a56b1d79d in tenant 6acb448ffff74a4bbc6fd6167ed722cb (HTTP 409)

Any ideas how to resolve this?

Thank you.

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted

answered 2014-12-18 17:02:43 -0600

giraffedata gravatar image

I see you are trying to add roles for user 'swift' in tenant 'service', but listing the roles for user 'swift' in some other tenant. What do you see if you add --tenant=service tothe user-role-add command?

edit flag offensive delete link more


Sorry, can you list the command you want me to try exactly? Because, if I understand your comment correctly that is exactly what I'm doing - use --tenant=service during the user-role-add command.

ilya1725 gravatar imageilya1725 ( 2014-12-18 18:35:47 -0600 )edit

answered 2014-12-18 23:05:38 -0600

Manoj Krishnan gravatar image

updated 2014-12-18 23:09:06 -0600

You already having user swift user with admin role, So only Keystone blocking you from adding the same user (swift) with same role (admin).

you can check swift user role by using the below command.

keystone --os-username swift --os-password <swift_password> --os-tenant-name service --os-region-name <region_name> user-role-list
edit flag offensive delete link more


So I get this output:

| 35bc1b6e311249c091573f3a56b1d79d | admin | d08f067266ea48fd988d33f82111b146 | 6acb448ffff74a4bbc6fd6167ed722cb |

Which indicates that swift has admin role. Why is that swift stat still complains that it is Unauthorized?

ilya1725 gravatar imageilya1725 ( 2014-12-19 00:30:36 -0600 )edit

Yes, you have a swift user with admin role. Can you please share the output of following command.

 keystone endpoint-list

I think you have configured endpoints for object-store service (swift) with port 8888 but the endpoint of swift uses 8080 port.

Manoj Krishnan gravatar imageManoj Krishnan ( 2014-12-19 01:18:47 -0600 )edit

First line:

| 02453bc0111a467193edabf7c723419e | regionOne | http://localhost:8080/v1/AUTH_%(tenant_id)s | http://localhost:8080/v1/AUTH_%(tenant_id)s |    http://localhost:8080    | 2b1f137621ed49f7a3c1b7757480988b |
ilya1725 gravatar imageilya1725 ( 2014-12-19 10:32:08 -0600 )edit

Second line:

| ce424de8544b4b64841671e14d8b7ed0 | regionOne |          http://localhost:5000/v2.0         |          http://localhost:5000/v2.0         | http://localhost:35357/v2.0 | 57b2d585af8c473686e6b6c3b0bedf63 |
ilya1725 gravatar imageilya1725 ( 2014-12-19 10:32:53 -0600 )edit

I've checked the output from keystone endpoint-list and the 8888 port is not used. All the ports are 8080.

ilya1725 gravatar imageilya1725 ( 2014-12-19 17:09:51 -0600 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-12-17 20:07:35 -0600

Seen: 409 times

Last updated: Dec 18 '14