Ask Your Question

unable to make swift3 (s3 emulation layer) work with openstack swift

asked 2016-06-01 21:51:06 -0500

harshalx gravatar image

updated 2016-06-03 06:41:52 -0500

Hello All, I think I've done everything in my capacity to make swift3 work with my swift setup, but haven't achieved success. I've gone through every link on this and any other forums where people have discussed this topic and problems they faced. Still, I am unable to make it work. I think its something trivial i'm missing, but I just cannot place it. Maybe, different pairs of eyes might help.

I have a standalone swift setup. I only have keystone and swift installed on the same node.

Following are the key sections of my proxy-server.conf

    [pipeline:main] pipeline = catch_errors gatekeeper healthcheck proxy-logging cache swift3 s3token authtoken keystoneauth container_sync bulk tempurl ratelimit container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server 

 use = egg:swift3#swift3

use = egg:swift3#s3token
auth_uri = http://controller:35357/

My swift setup is working perfectly since I can do a swift stat with demo users creds and get a listing.

root@ip-10-3-6-196:~/s3curl# swift stat
                    Account: AUTH_62da107fd06e47ccb6847dddad3aeb2f
                 Containers: 1
                    Objects: 2
                      Bytes: 18
X-Account-Project-Domain-Id: default
                X-Timestamp: 1464460733.01697
                 X-Trans-Id: tx552f464bc08e458aa34ee-00574f9f54
               Content-Type: text/plain; charset=utf-8
              Accept-Ranges: bytes

The demo user credential file looks like this:

root@ip-10-3-6-196:~/s3curl# cat ~/
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=password
export OS_AUTH_URL=http://controller:35357/v3
export OS_AUTH_TYPE=password

When I try to test my swift3 setup I get the following behavior:

root@ip-10-3-6-196:~/s3curl# ./ --id=demo -- http://controller:8080
<?xml version='1.0' encoding='UTF-8'?>
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><RequestId>tx07431322c1b048e5b4a46-00574fa042</RequestId></Error>

At this point the keystone log throws out an error that authorization failed:

2016-06-02 02:56:02.947976 2016-06-02 02:56:02.947 24690 INFO keystone.common.wsgi [req-eb5035d8-8214-4c09-8734-afc8b63b35d4 - - - - -] POST http://controller:35357/v2.0/s3tokens
2016-06-02 02:56:02.972134 2016-06-02 02:56:02.971 24690 WARNING keystone.common.wsgi [req-eb5035d8-8214-4c09-8734-afc8b63b35d4 - - - - -] Authorization failed. The request you have made requires authentication. from

My s3curl creds file looks like this:

root@ip-10-3-6-196:~/s3curl# cat ~/.s3curl
%awsSecretAccessKeys = (
    # personal account
    demo => {
        id => '17d78418385d45009b50946c0b1efa60',
        key => 'ba6bf79ceb254bd3803f6f115ae6fb31',
    admin => {
        id => '47f853e5bc8a46e494fe8ff31c90e907',
        key => '5f4d399a83a04692aaa0400606712463',


and to verify whether the creds I've entered are right, here is the creds listing:

root@ip-10-3-6-196:~/s3curl# os ec2 credentials list --user demo
Access - 17d78418385d45009b50946c0b1efa60
Secret - ba6bf79ceb254bd3803f6f115ae6fb31
Project Id - a872cf5cc6544087a67985963cb33df4
User Id - 94a6cdd3f3794f678d56b25cfe384303

Could anyone please let me know what I might be missing due to which the swift3 setup refuses to cooperate with me? Please let me know if you need any more info from me. I will be happy to provide.

edit retag flag offensive close merge delete


Harshalx have you been able to resolve this issue? I am getting the same SignatureDoesNotMatch errors when using s3curl and s3cmd with a Mitaka RDO install. The one notable difference that I see is that you have a entry for s3token that I don't. That was not in the S3 api documentation.

OpticzAKZ gravatar imageOpticzAKZ ( 2016-09-08 09:01:07 -0500 )edit

1 answer

Sort by ยป oldest newest most voted

answered 2016-10-25 07:03:34 -0500 gravatar image

updated 2016-10-25 18:13:15 -0500


1) try to add your swift host (where you're calling) to 'endpoints' variable in, smth like that:

my @endpoints = ( 'controller' );

2) And just found another possible cause - keystone's API v2 is hardcoded in :

    def _json_request(self, creds_json):
        headers = {'Content-Type': 'application/json'}
            response ='%s/v2.0/s3tokens' % self._request_uri,
                                     headers=headers, data=creds_json,

if you disabled Keystone's API v2, you will get this error. Check this issue and, if V2 disabled, enable it back.

Hope this'll help.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2016-06-01 21:51:06 -0500

Seen: 814 times

Last updated: Oct 25 '16