Ask Your Question
1

swift user role not listed

asked 2014-12-17 20:07:35 -0500

ilya1725 gravatar image

updated 2014-12-18 17:04:32 -0500

I'm battling the same old Authentication problem with Swift. One listed here.

My question is:

  1. My user-role-list doesn't list and roles for swift:
root@lab-srv2544:/etc/swift# keystone user-role-list --user-id=admin
+----------------------------------+----------+----------------------------------+----------------------------------+
|                id                |   name   |             user_id              |            tenant_id             |
+----------------------------------+----------+----------------------------------+----------------------------------+
| 31086269092b4e29b9b2c8edc7526296 | _member_ | c061d2c159fc463da0d41e239d447f93 | f014f61da1244cfd9e6823b178af4bc9 |
| 35bc1b6e311249c091573f3a56b1d79d |  admin   | c061d2c159fc463da0d41e239d447f93 | f014f61da1244cfd9e6823b178af4bc9 |
+----------------------------------+----------+----------------------------------+----------------------------------+
root@lab-srv2544:/etc/swift# keystone user-role-list --user-id=swift
root@lab-srv2544:/etc/swift#
  1. However, when I try to add the role for swift user I get this error:
root@lab-srv2544:/etc/swift# keystone user-role-add --user=swift --tenant=service --role=admin
Conflict occurred attempting to store role grant - User d08f067266ea48fd988d33f82111b146 already has role 35bc1b6e311249c091573f3a56b1d79d in tenant 6acb448ffff74a4bbc6fd6167ed722cb (HTTP 409)
root@lab-srv2544:/etc/swift#

Any ideas how to resolve this?

Thank you.

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
1

answered 2014-12-18 17:02:43 -0500

giraffedata gravatar image

I see you are trying to add roles for user 'swift' in tenant 'service', but listing the roles for user 'swift' in some other tenant. What do you see if you add --tenant=service tothe user-role-add command?

edit flag offensive delete link more

Comments

Sorry, can you list the command you want me to try exactly? Because, if I understand your comment correctly that is exactly what I'm doing - use --tenant=service during the user-role-add command.

ilya1725 gravatar imageilya1725 ( 2014-12-18 18:35:47 -0500 )edit
0

answered 2014-12-18 23:05:38 -0500

Manoj Krishnan gravatar image

updated 2014-12-18 23:09:06 -0500

You already having user swift user with admin role, So only Keystone blocking you from adding the same user (swift) with same role (admin).

you can check swift user role by using the below command.

keystone --os-username swift --os-password <swift_password> --os-tenant-name service --os-region-name <region_name> user-role-list
edit flag offensive delete link more

Comments

So I get this output:

| 35bc1b6e311249c091573f3a56b1d79d | admin | d08f067266ea48fd988d33f82111b146 | 6acb448ffff74a4bbc6fd6167ed722cb |

Which indicates that swift has admin role. Why is that swift stat still complains that it is Unauthorized?

ilya1725 gravatar imageilya1725 ( 2014-12-19 00:30:36 -0500 )edit

Yes, you have a swift user with admin role. Can you please share the output of following command.

 keystone endpoint-list

I think you have configured endpoints for object-store service (swift) with port 8888 but the endpoint of swift uses 8080 port.

Manoj Krishnan gravatar imageManoj Krishnan ( 2014-12-19 01:18:47 -0500 )edit

First line:

| 02453bc0111a467193edabf7c723419e | regionOne | http://localhost:8080/v1/AUTH_%(tenant_id)s | http://localhost:8080/v1/AUTH_%(tenant_id)s |    http://localhost:8080    | 2b1f137621ed49f7a3c1b7757480988b |
ilya1725 gravatar imageilya1725 ( 2014-12-19 10:32:08 -0500 )edit

Second line:

| ce424de8544b4b64841671e14d8b7ed0 | regionOne |          http://localhost:5000/v2.0         |          http://localhost:5000/v2.0         | http://localhost:35357/v2.0 | 57b2d585af8c473686e6b6c3b0bedf63 |
ilya1725 gravatar imageilya1725 ( 2014-12-19 10:32:53 -0500 )edit

I've checked the output from keystone endpoint-list and the 8888 port is not used. All the ports are 8080.

ilya1725 gravatar imageilya1725 ( 2014-12-19 17:09:51 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-12-17 20:07:35 -0500

Seen: 337 times

Last updated: Dec 18 '14