Ask Your Question
0

swiftclient Account HEAD failed with 401 Unauthorized

asked 2015-02-19 08:57:24 -0500

eugene.goldberg gravatar image

I have fresh Fedora 21 install, on top of which I installed keystone and swift.

I ran the following keystone command to establish a swift endpoint:

keystone endpoint-create --region RegionOne --service_id 8c90a8900abe45ad83aa5b04df957e80 --publicurl "http://127.0.0.1:8080/v1/AUTH_c36b8bb29ea947ce922f42389004648b" --adminurl http://127.0.0.1:8080/v1 --internalurl http://127.0.0.1:8080/v1

This endpoint reads like this:

6c063f73bc0041e09a0c0d65193e0285 | RegionOne | http://127.0.0.1:8080/v1/AUTH_c36b8bb29ea947ce922f42389004648b | http://127.0.0.1:8080/v1 | http://127.0.0.1:8080/v1 | 8c90a8900abe45ad83aa5b04df957e80

my proxy-server.conf looks like this:

[DEFAULT]
bind_ip = 0.0.0.0
bind_port = 8080
workers = 8
user = swift

[pipeline:main]
pipeline = healthcheck cache authtoken keystone proxy-server

[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true

[filter:cache]
use = egg:swift#memcache
memcache_servers = 127.0.0.1:11211

[filter:catch_errors]
use = egg:swift#catch_errors

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:keystone]
use = egg:swift#keystoneauth
operator_roles = admin, SwiftOperator
is_admin = true
cache = swift.cache

[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
admin_tenant_name = service
admin_user = swift
admin_password = swift
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
auth_uri = http://127.0.0.1:5000
signing_dir = /tmp/keystone-signing-swift

When I attempt to run swift --debug stat I get the following error in my output:

DEBUG:keystoneclient.session:REQ: curl -i -X POST http://127.0.0.1:35357/v2.0/tokens -H "Content-Type: application/json" -H "Accept: application/json" -H "User-Agent: python-keystoneclient" -d '{"auth": {"tenantName": "admin", "passwordCredentials": {"username": "admin", "password": "mast3r"}}}'
INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): 127.0.0.1
DEBUG:requests.packages.urllib3.connectionpool:"POST /v2.0/tokens HTTP/1.1" 200 2423
DEBUG:keystoneclient.session:RESP: [200] {'date': 'Thu, 19 Feb 2015 14:55:28 GMT', 'content-type': 'application/json', 'content-length': '2423', 'vary': 'X-Auth-Token', 'connection': 'keep-alive'}
RESP BODY: {"access": {"token": {"issued_at": "2015-02-19T14:55:28.411086", "expires": "2015-02-19T15:55:28Z", "id": "MIIEzwYJKoZIhvcNAQcCoIIEwDCCBLwCAQExCTAHBgUrDgMCGjCCAyUGCSqGSIb3DQEHAaCCAxYEggMSeyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxNS0wMi0xOVQxNDo1NToyOC40MTEwODYiLCAiZXhwaXJlcyI6ICIyMDE1LTAyLTE5VDE1OjU1OjI4WiIsICJpZCI6ICJwbGFjZWhvbGRlciIsICJ0ZW5hbnQiOiB7ImRlc2NyaXB0aW9uIjogIkFkbWluIFRlbmFudCIsICJlbmFibGVkIjogdHJ1ZSwgImlkIjogImMzNmI4YmIyOWVhOTQ3Y2U5MjJmNDIzODkwMDQ2NDhiIiwgIm5hbWUiOiAiYWRtaW4ifX0sICJzZXJ2aWNlQ2F0YWxvZyI6IFt7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6ODA4MC92MSIsICJyZWdpb24iOiAiUmVnaW9uT25lIiwgImludGVybmFsVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6ODA4MC92MSIsICJpZCI6ICI0NTJlZmM4MTQwMTE0ZDQ0YTA0ZTI1MmU3YjA5NDVlYSIsICJwdWJsaWNVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4MDgwL3YxL0FVVEhfYzM2YjhiYjI5ZWE5NDdjZTkyMmY0MjM4OTAwNDY0OGIifV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUiOiAib2JqZWN0LXN0b3JlIiwgIm5hbWUiOiAic3dpZnQifV0sICJ1c2VyIjogeyJ1c2VybmFtZSI6ICJhZG1pbiIsICJyb2xlc19saW5rcyI6IFtdLCAiaWQiOiAiYTJiOGUyM2VhYTQwNDM3OGIyZmIzNGNmMjE3ZWZiZTkiLCAicm9sZXMiOiBbeyJuYW1lIjogImFkbWluIn1dLCAibmFtZSI6ICJhZG1pbiJ9LCAibWV0YWRhdGEiOiB7ImlzX2FkbWluIjogMCwgInJvbGVzIjogWyJlM2M0ODBjMmZkNjE0MmY1OTRiODUzOWIwMDJhNmI2ZCJdfX19MYIBgTCCAX0CAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVW5zZXQxDjAMBgNVBAcMBVVuc2V0MQ4wDAYDVQQKDAVVbnNldDEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIIBAK4f3QLEVEB1hzFjTzS-22+YZ48jvN+g+3zyxPgN-l5XIfYCJQ+JX5MR9GyDE2prMsi9S29KcH3n1ZPJV1ZC9RpX94ViGiJQyA1B4IquJPXcDI1g9vVRcKdlIQVsGq0n5wIO8PVq9ESoPXU-Cp3SbBzcn5x08Vlg0ZdFIRAwV0vuq7AJPye5FiiTQgBJI7tpMkkKHC8LSUj02GcOB4EK76Tqp44XrPkOeeX91Oh8MBfy5Vf9zBWuoah9lCGKiaES+pgGT+k363Ktsjk66LBkKGMtUl1WJcYeCg5+Me7NpVjbBFTEq8imSz8nqP7rJINNttWds1Zj3Oin0vzw8lBWVb4=", "tenant": {"description": "Admin Tenant", "enabled": true, "id": "c36b8bb29ea947ce922f42389004648b", "name": "admin"}}, "serviceCatalog": [{"endpoints": [{"adminURL": "http://127.0.0.1:8080/v1", "region": "RegionOne", "internalURL": "http://127.0.0.1:8080/v1", "id": "452efc8140114d44a04e252e7b0945ea", "publicURL": "http://127.0.0.1:8080/v1/AUTH_c36b8bb29ea947ce922f42389004648b"}], "endpoints_links": [], "type": "object-store", "name": "swift"}], "user": {"username": "admin", "roles_links": [], "id": "a2b8e23eaa404378b2fb34cf217efbe9", "roles": [{"name": "admin"}], "name": "admin"}, "metadata": {"is_admin": 0, "roles": ["e3c480c2fd6142f594b8539b002a6b6d"]}}}

WARNING:keystoneclient.httpclient:Failed to retrieve management_url from token
DEBUG:iso8601.iso8601:Parsed 2015-02-19T15:55:28Z into {'tz_sign': None, 'second_fraction': None, 'hour': u'15', 'daydash': u'19', 'tz_hour': None, 'month': None, 'timezone': u'Z', 'second': u'28', 'tz_minute': None, 'year': u'2015', 'separator': u'T', 'monthdash': u'02', 'day': None, 'minute': u'55'} with default timezone <iso8601.iso8601.Utc object at 0x7fca3b68bdd0>
DEBUG:iso8601.iso8601:Got u'2015' for 'year' with default None
DEBUG:iso8601.iso8601:Got u'02' for 'monthdash' with default 1
DEBUG:iso8601.iso8601:Got 2 for 'month' with default 2
DEBUG:iso8601.iso8601:Got u'19' for 'daydash' with default 1
DEBUG:iso8601.iso8601:Got 19 for 'day' with default 19
DEBUG:iso8601.iso8601 ...
(more)
edit retag flag offensive close merge delete

3 answers

Sort by » oldest newest most voted
1

answered 2015-02-19 09:27:10 -0500

Hi, Your proxy-server.conf should be like this:

[DEFAULT]
bind_port = 8080
user = swift

[pipeline:main]
pipeline = healthcheck cache authtoken keystoneauth proxy-server

[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true

[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = Member,admin,swiftoperator

[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory

# Delaying the auth decision is required to support token-less
# usage for anonymous referrers ('.r:*').
delay_auth_decision = true
# auth_* settings refer to the Keystone server
auth_protocol = http
auth_host = controller
auth_port = 35357
# the service tenant and swift username and password created in Keystone
admin_tenant_name = service
admin_user = swift
admin_password = swift

[filter:cache]
use = egg:swift#memcache

[filter:catch_errors]
use = egg:swift#catch_errors

[filter:healthcheck]
use = egg:swift#healthcheck

Also your /etc/memcached.conf file should have -l proxy-server-ip

edit flag offensive delete link more

Comments

I have modified my proxy-server.conf per your example. Could you, please, post an entire line from the memcached.conf which contains the -l proxy-server-ip line?

eugene.goldberg gravatar imageeugene.goldberg ( 2015-02-19 09:52:03 -0500 )edit

Its just -l proxy-server-ip. Here the ip of your proxy-server has to be placed after -l

Varsha gravatar imageVarsha ( 2015-02-19 10:52:22 -0500 )edit
0

answered 2015-12-29 02:32:17 -0500

Hi. I have a same problem and I don't know how to solve it. All methods that described on this site didn't help me.

edit flag offensive delete link more
0

answered 2015-05-11 07:19:20 -0500

junneyang gravatar image

i encountered the same eproblem, i have tried all the methods provided on this wbstite, waiting for your help !!! the traceback as below:

[root@devstack OpenStack]# swift --debug stat /usr/lib/python2.6/site-packages/keystoneclient/access.py:20: DeprecationWarning: The oslo namespace package is deprecated. Please use oslo_utils instead. from oslo.utils import timeutils DEBUG:keystoneclient.auth.identity.v2:Making authentication request to http://controller0:35357/v2.0/tokens INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): controller0 DEBUG:requests.packages.urllib3.connectionpool:"POST /v2.0/tokens HTTP/1.1" 200 1395 DEBUG:iso8601.iso8601:Parsed 2015-05-10T10:03:22Z into {'tz_sign': None, 'second_fraction': None, 'hour': u'10', 'daydash': u'10', 'tz_hour': None, 'month': None, 'timezone': u'Z', 'second': u'22', 'tz_minute': None, 'year': u'2015', 'separator': u'T', 'monthdash': u'05', 'day': None, 'minute': u'03'} with default timezone DEBUG:iso8601.iso8601:Got u'2015' for 'year' with default None DEBUG:iso8601.iso8601:Got u'05' for 'monthdash' with default 1 DEBUG:iso8601.iso8601:Got 5 for 'month' with default 5 DEBUG:iso8601.iso8601:Got u'10' for 'daydash' with default 1 DEBUG:iso8601.iso8601:Got 10 for 'day' with default 10 DEBUG:iso8601.iso8601:Got u'10' for 'hour' with default None DEBUG:iso8601.iso8601:Got u'03' for 'minute' with default None DEBUG:iso8601.iso8601:Got u'22' for 'second' with default None INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): controller0 DEBUG:requests.packages.urllib3.connectionpool:"HEAD /v1/AUTH_fc5fe691bf5647e7b4d9987842fb7c97 HTTP/1.1" 401 0 INFO:swiftclient:REQ: curl -i http://controller0:8080/v1/AUTH_fc5fe691bf5647e7b4d9987842fb7c97 (http://controller0:8080/v1/AUTH_fc5fe...) -I -H "X-Auth-Token: 2e5c8b48e8d14bde9c0d1be076f39f91" INFO:swiftclient:RESP STATUS: 401 UnauthorizedINFO:swiftclient:RESP HEADERS: [('content-length', '0'), ('connection', 'keep-alive'), ('x-trans-id', 'tx3219a54648b14a3da8570-00554f1eda'), ('date', 'Sun, 10 May 2015 09:03:22 GMT'), ('content-type', 'text/html; charset=UTF-8'), ('www-authenticate', 'Swift realm="AUTH_fc5fe691bf5647e7b4d9987842fb7c97"')] DEBUG:keystoneclient.auth.identity.v2:Making authentication request to http://controller0:35357/v2.0/tokens INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): controller0 DEBUG:requests.packages.urllib3.connectionpool:"POST /v2.0/tokens HTTP/1.1" 200 1395 DEBUG:iso8601.iso8601:Parsed 2015-05-10T10:03:23Z into {'tz_sign': None, 'second_fraction': None, 'hour': u'10', 'daydash': u'10', 'tz_hour': None, 'month': None, 'timezone': u'Z', 'second': u'23', 'tz_minute': None, 'year': u'2015', 'separator': u'T', 'monthdash': u'05', 'day': None, 'minute': u'03'} with default timezone DEBUG:iso8601.iso8601:Got u'2015' for 'year' with default None DEBUG:iso8601.iso8601:Got u'05' for 'monthdash' with default 1 DEBUG:iso8601.iso8601:Got 5 for 'month' with default 5 DEBUG:iso8601.iso8601:Got u'10' for 'daydash' with default 1 DEBUG:iso8601.iso8601:Got 10 for 'day' with default 10 DEBUG:iso8601.iso8601:Got u'10' for 'hour' with default None DEBUG:iso8601.iso8601:Got u'03' for 'minute' with default None DEBUG:iso8601.iso8601:Got u'23' for 'second' with default None INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): controller0 DEBUG:requests.packages.urllib3.connectionpool:"HEAD /v1/AUTH_fc5fe691bf5647e7b4d9987842fb7c97 HTTP/1.1" 401 ... (more)

edit flag offensive delete link more

Comments

Hi, how's this problem actually be solved ?

ddxgz gravatar imageddxgz ( 2015-07-20 06:12:25 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2015-02-19 08:57:24 -0500

Seen: 2,370 times

Last updated: May 11 '15