Unable to authenticate to Swift using keystone [closed]
Hi,
I have deployed Swift and Keystone to my SLES 11 SP3 servers for testing purposes following these http://docs.openstack.org/trunk/install-guide/install/zypper/content/ch_swift.html (Swift) and http://docs.openstack.org/trunk/install-guide/install/zypper/content/ch_keystone.html (Keystone) instruction for SLES -Havanna. Got all services on all servers running nicely, but now when I tried to verify the Swift setup from Swift proxy server, using command swift -V 2.0 -A $OS_AUTH_URL -U service:swift -K $OS_PASSWORD stat, I'm getting error [Errno 111] Connection refused.
Before issuing that command, I did setup those variables export OS_PASSWORD=[PASSWORD DEFINED AT proxy-server.conf TO admin_password AND AT IDENTITY SERVICE TO swift USER] and export OS_AUTH_URL=http://[IDENTITYSERV_HOSTNAME]:5000/v2.0 at Swift proxy server.
Also tried to get the Swift stat at proxy serv with command swift --os-auth-url http://[IDENTITYSERV_HOSTNAME]:5000/v2.0 --os-tenant-name service --os-username swift --os-password [PASSWORD DEFINED FOR USER swift AT IDENTITY SERVER] stat, got same error as before. Also tried command swift --os-auth-url http://[PROXYSERV_HOSTNAME]:8080/auth/v1.0 --os-tenant-name service --os-username swift --os-password [PASSWORD DEFINED FOR USER swift AT IDENTITY SERVER] stat, that just got stuck doing nothing.
I have set up tenant for swift at identity server keystone tenant-create --name=service --description="Service Tenant" and user keystone user-create --name=swift --pass=[PASSWORD], created admin role and mapped those together keystone user-role-add --user=swift --tenant=service --role=admin as instructed in the Keystone guide.
I have tried to google a solution to this error and verified that my http://pastebin.ubuntu.com/6694115/ (proxy-server.conf) contains same field and information that other users have used. From the identity server, he's my keystone.conf http://pastebin.ubuntu.com/6694179/ (keystone.conf) file.
As per my understanding, servers are listening correct ports so that should't be an issue.
At Swift Proxy server, netstat -ant:
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN
and at the Keystone Identity server, netstat -ant:
tcp 0 0 0.0.0.0:35357 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN
So now I'm quite lost what is the issue in this case. Everything should be just like instructed, but still no-go. Thanks in advance for any help.
try with with --debug option to see wha is going. Ensure that you are able to run all the keystone command. Also ensure that you have give right permissions for the directory /srv on storage node with user as swift etc. This error is very generic and may confuse you that it is authentication issue.
looks like repeat of https://ask.openstack.org/en/question/2543/swiftkeystone-authentication-failure/ See if your also missing on same.
Found that answer and checked and did all things (users, tenants, service endpoints) mentioned in it before posting this. Regarding to service endpoint creation, I have found two types of syntax that should be used, "http://IP:8080/v1/AUTH_\$(tenant_id)s" and "http://IP:8080/v1/AUTH_$(tenant_id)s"
Later one doesn't have backslash after AUTH_. Which one is the correct format?
The backslash is only needed so that the shell does not expand $() as a shell command by itself. how does "keystone catalog" output look like around the table for "object-store" ?