Swift Config keystoneauth

asked 2015-07-05 11:28:15 -0500

hi, What is the difference between using keystoneauth and not using it in the pipeline option of proxy-server.conf? Config: Openstack Kilo using RDO packstack. If I use keystoneauth as follows:

pipeline = catch_errors healthcheck cache authtoken  keystoneauth proxy-server

then I get

#swift list
Account GET failed: 401 Unauthorized

(the auth key is edited)

However, if I delete keystoneauth in the pipeline, everything is fine, I can see containers and there are no errors.

my keystoneauth section is:

use = egg:swift#keystoneauth
operator_roles = admin,member,SwiftOperator,_member_
is_admin = true
reseller_prefix = AUTH_

What does keystoneauth do and what do I lose by not including it in pipeline? Where should I look for clues as to why its failing? --debug option shows not much more info:

DEBUG:requests.packages.urllib3.connectionpool:"GET /v1/AUTH_ab7c4a02a02a02a02a02a02a02a02a02?format=json HTTP/1.1" 401 131
INFO:swiftclient:REQ: curl -i -X GET -H "X-Auth-Token: abcadd85dd85dd85dd85dd85dd85dd85dd85"
INFO:swiftclient:RESP STATUS: 401 Unauthorized

Service end points also look to be fine handling the correct "AUTH_" format.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2015-07-05 12:32:23 -0500

I resolved why the unauthorized issue occurred. The admin_uri and identity_uri were pointing to the wrong server. It should point to the Keystone server. Instead they were incorrectly pointing to the swift proxy server.

Once they were updated, I could get container list and swift stat was working.

I would still like to understand how not using keystoneauth was allowing access to the containers. If anyone can throw more light on how the pipeline works, please post your comment.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-07-05 11:28:15 -0500

Seen: 192 times

Last updated: Jul 05 '15