Unable to authenticate to Swift using keystone [closed]

asked 2014-01-04 18:53:35 -0600

JakkeL gravatar image

updated 2014-01-05 16:18:46 -0600

torgomatic gravatar image


I have deployed Swift and Keystone to my SLES 11 SP3 servers for testing purposes following these http://docs.openstack.org/trunk/install-guide/install/zypper/content/ch_swift.html (Swift) and http://docs.openstack.org/trunk/install-guide/install/zypper/content/ch_keystone.html (Keystone) instruction for SLES -Havanna. Got all services on all servers running nicely, but now when I tried to verify the Swift setup from Swift proxy server, using command swift -V 2.0 -A $OS_AUTH_URL -U service:swift -K $OS_PASSWORD stat, I'm getting error [Errno 111] Connection refused.

Before issuing that command, I did setup those variables export OS_PASSWORD=[PASSWORD DEFINED AT proxy-server.conf TO admin_password AND AT IDENTITY SERVICE TO swift USER] and export OS_AUTH_URL=http://[IDENTITYSERV_HOSTNAME]:5000/v2.0 at Swift proxy server.

Also tried to get the Swift stat at proxy serv with command swift --os-auth-url http://[IDENTITYSERV_HOSTNAME]:5000/v2.0 --os-tenant-name service --os-username swift --os-password [PASSWORD DEFINED FOR USER swift AT IDENTITY SERVER] stat, got same error as before. Also tried command swift --os-auth-url http://[PROXYSERV_HOSTNAME]:8080/auth/v1.0 --os-tenant-name service --os-username swift --os-password [PASSWORD DEFINED FOR USER swift AT IDENTITY SERVER] stat, that just got stuck doing nothing.

I have set up tenant for swift at identity server keystone tenant-create --name=service --description="Service Tenant" and user keystone user-create --name=swift --pass=[PASSWORD], created admin role and mapped those together keystone user-role-add --user=swift --tenant=service --role=admin as instructed in the Keystone guide.

I have tried to google a solution to this error and verified that my http://pastebin.ubuntu.com/6694115/ (proxy-server.conf) contains same field and information that other users have used. From the identity server, he's my keystone.conf http://pastebin.ubuntu.com/6694179/ (keystone.conf) file.

As per my understanding, servers are listening correct ports so that should't be an issue.

At Swift Proxy server, netstat -ant:

tcp 0 0* LISTEN

and at the Keystone Identity server, netstat -ant:

tcp 0 0* LISTEN

tcp 0 0* LISTEN

So now I'm quite lost what is the issue in this case. Everything should be just like instructed, but still no-go. Thanks in advance for any help.

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by koolhead17
close date 2014-01-20 02:28:42.190824


try with with --debug option to see wha is going. Ensure that you are able to run all the keystone command. Also ensure that you have give right permissions for the directory /srv on storage node with user as swift etc. This error is very generic and may confuse you that it is authentication issue.

dheeru gravatar imagedheeru ( 2014-01-04 21:09:24 -0600 )edit

looks like repeat of https://ask.openstack.org/en/question/2543/swiftkeystone-authentication-failure/ See if your also missing on same.

koolhead17 gravatar imagekoolhead17 ( 2014-01-06 00:57:09 -0600 )edit

Found that answer and checked and did all things (users, tenants, service endpoints) mentioned in it before posting this. Regarding to service endpoint creation, I have found two types of syntax that should be used, "http://IP:8080/v1/AUTH_\$(tenant_id)s" and "http://IP:8080/v1/AUTH_$(tenant_id)s"

JakkeL gravatar imageJakkeL ( 2014-01-06 13:20:07 -0600 )edit

Later one doesn't have backslash after AUTH_. Which one is the correct format?

JakkeL gravatar imageJakkeL ( 2014-01-06 13:20:41 -0600 )edit

The backslash is only needed so that the shell does not expand $() as a shell command by itself. how does "keystone catalog" output look like around the table for "object-store" ?

dirk gravatar imagedirk ( 2014-01-07 15:10:31 -0600 )edit

1 answer

Sort by ยป oldest newest most voted

answered 2014-01-11 13:56:45 -0600

JakkeL gravatar image

Problem solved. During the MySQL db creation, db was secured as was http://docs.openstack.org/trunk/install-guide/install/zypper/content/basics-database-controller.html (instructed) . This causes situation where installation script cannot communicate with db even when db is bind to servers ip. Following error "CRITICAL keystone [-] (OperationalError) (2003, "Can't connect to MySQL server on 'HOSTNAME' (111)") None None" was logged when command openstack-db --init --service keystone --password KEYSTONE_DBPASS was given. At this time, after securing db, manually edited MySQL db to approve root connection also from other then localhost and everything works.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2014-01-04 18:53:35 -0600

Seen: 1,178 times

Last updated: Jan 11 '14