Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

How to fix 401 error when I ran swift command to get authorizaition through keystone?

I'm trying to use keystone with MySql to work with proxy server authorization.

I have setup keystone with MySql. I can run command like "keystone user-list" and "keystone tenant-list". I can run curl command and it return correct information.

But, I got 401 error when I ran swift command. I ran:

swift -v -A http://localhost:9199/auth/v2.0 -U exampleTenant:exampleUser -K example stat

where exampleTenant is the tenan name, exampleUser is the user name, and example is the password.

and got:

Auth GET failed: http://localhost:9199/auth/v1.0/ 401 Unauthorized

I saw the following message in /var/log/syslog:

May 17 15:04:52 staging-proxy01-infra staging-proxy01-infra STDOUT: No handlers could be found for logger "keystone.middleware.auth_token" (txn: txe4126a2a5d7c45ed901554b23f80be01) May 17 15:04:53 staging-proxy01-infra staging-proxy01-infra STDOUT: No handlers could be found for logger "keystone.middleware.auth_token" (txn: tx837b389d9ec94e598007d01870171d2f)

Looks like it could not find auth_token. But, I can see auth_token.py in my keystone installation.

I have googled for similar situation, but got no where.

Could you help me with this?

Robert


Our system information:

Our company is Snapfish under HP. We are in the process of replacing our existing storage system with OpenStack, This is the last piece that we need to complete the tranformation. So, we can easily managing users.

Right now, keystone and swift-proxy are on the same box. And, I'm testing on the same box.

OS system: Ubuntu 12.04

Architecture: Linux 3.2.0-23-generic #36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

Package Info:

swift : Version: 1.4.8-0ubuntu2 swift-proxy: Version: 1.4.8-0ubuntu2 python-swift: Version: 1.4.8-0ubuntu2 keystone: Version: 2012.1+stable~20120824-a16a0ab9-0ubuntu2.3 python-keystone: Version: 2012.1+stable~20120824-a16a0ab9-0ubuntu2.3

Content of /etc/swift/prosy-server.conf:

[DEFAULT] bind_port = 9199 workers = 20 user = swift log_facility = LOG_LOCAL1 log_level = INFO log_name = staging-proxy01-infra log_requests = true

[pipeline:main] pipeline = informant healthcheck catch_errors cache authtoken swiftauth proxy-server

[filter:catch_errors] use = egg:swift#catch_errors

[app:proxy-server] use = egg:swift#proxy allow_account_management = true account_autocreate = true

[filter:healthcheck] use = egg:swift#healthcheck

[filter:cache] use = egg:swift#memcache

[filter:swiftauth] paste.filter_factory = keystone.middleware.swift_auth:filter_factory operator_roles = admin, SwiftOperator is_admin = false

[filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory service_protocol = http service_host = 127.0.0.1 service_port = 5000 auth_protocol = http auth_host = 127.0.0.1 auth_port = 35357

admin_tenant_name = service

admin_user = keystone

admin_password = storage

delay_auth_decision = 0

memcache_servers = 10.57.11.26:11211,10.57.11.25:11211,10.57.9.147:11211

[filter:informant] use = egg:informant#informant statsd_host = 10.57.11.26 metric_name_prepend = storage.


Content of /etc/keystone/keystone.conf:

[DEFAULT]

bind_host = 10.57.11.26

public_port = 5000 admin_port = 35357 admin_token = ADMIN compute_port = 8774 verbose = True debug = True log_config = /etc/keystone/logging.conf

================= Syslog Options ============================

Send logs to syslog (/dev/log) instead of to file specified

by log-file

use_syslog = False

Facility to use. If unset defaults to LOG_USER.

syslog_log_facility = LOG_LOCAL0

[sql]

connection = sqlite:////var/lib/keystone/keystone.db

connection = mysql://keystone:storage@staging-mysqlapi01-infra/keystone idle_timeout = 200

[ldap]

url = ldap://localhost

tree_dn = dc=example,dc=com

user_tree_dn = ou=Users,dc=example,dc=com

role_tree_dn = ou=Roles,dc=example,dc=com

tenant_tree_dn = ou=Groups,dc=example,dc=com

user = dc=Manager,dc=example,dc=com

password = freeipa4all

suffix = cn=example,cn=com

[identity] driver = keystone.identity.backends.sql.Identity


curl command work. When I ran:

curl -d '{"auth":{"passwordCredentials":{"username": "exampleUser", "password": "example"}}}' -H "Content-type: application/json" http://localhost:5000/v2.0/tokens | python -mjson.tool

I got:

% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 339 0 256 100 83 1259 408 --:--:-- --:--:-- --:--:-- 1273 { "access": { "serviceCatalog": {}, "token": { "expires": "2013-05-18T23:10:24Z", "id": "c9fcbf0f36144eabafd1e2d549901d4f" }, "user": { "id": "a64dcf7b1b324bf9bc7870b5e43e5f5f", "name": "exampleUser", "roles": [], "roles_links": [], "username": "exampleUser" } } }


But, when I ran swift:

swift -v -A http://localhost:9199/auth/v2.0 -U exampleTenant:exampleUser -K example stat

I got:

Auth GET failed: http://localhost:9199/auth/v2.0/ 401 Unauthorized

and I saw the message in /var/log/syslog with:

May 17 16:14:36 staging-proxy01-infra staging-proxy01-infra STDOUT: No handlers could be found for logger "keystone.middleware.auth_token" (txn: tx3ed2abe112b248d29d507c674d2683e3)

How to fix 401 error when I ran swift command to get authorizaition through keystone?

I'm trying to use keystone with MySql to work with proxy server authorization.

I have setup keystone with MySql. I can run command like "keystone user-list" and "keystone tenant-list". I can run curl command and it return correct information.

But, I got 401 error when I ran swift command. I ran:

 # swift -v -A http://localhost:9199/auth/v2.0 -U exampleTenant:exampleUser -K example stat

stat

where exampleTenant is the tenan name, exampleUser is the user name, and example is the password.

and got:

# Auth GET failed: http://localhost:9199/auth/v1.0/ 401 Unauthorized

Unauthorized

I saw the following message in /var/log/syslog:

May 17 15:04:52 staging-proxy01-infra staging-proxy01-infra STDOUT: No handlers could be found for logger "keystone.middleware.auth_token" (txn: txe4126a2a5d7c45ed901554b23f80be01)
May 17 15:04:53 staging-proxy01-infra staging-proxy01-infra STDOUT: No handlers could be found for logger "keystone.middleware.auth_token" (txn: tx837b389d9ec94e598007d01870171d2f)

tx837b389d9ec94e598007d01870171d2f)

Looks like it could not find auth_token. But, I can see auth_token.py in my keystone installation.

I have googled for similar situation, but got no where.

Could you help me with this?

Robert


Our system information:

Our company is Snapfish under HP. We are in the process of replacing our existing storage system with OpenStack, This is the last piece that we need to complete the tranformation. So, we can easily managing users.

Right now, keystone and swift-proxy are on the same box. And, I'm testing on the same box.

OS system: Ubuntu 12.04

Architecture: Linux 3.2.0-23-generic #36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

Package Info:

swift : Version: 1.4.8-0ubuntu2
swift-proxy: Version: 1.4.8-0ubuntu2
python-swift: Version: 1.4.8-0ubuntu2
keystone: Version: 2012.1+stable~20120824-a16a0ab9-0ubuntu2.3
python-keystone: Version: 2012.1+stable~20120824-a16a0ab9-0ubuntu2.3

2012.1+stable~20120824-a16a0ab9-0ubuntu2.3

Content of /etc/swift/prosy-server.conf:

[DEFAULT]
bind_port = 9199
workers = 20
user = swift
log_facility = LOG_LOCAL1
log_level = INFO
log_name = staging-proxy01-infra
log_requests = true

true [pipeline:main] pipeline = informant healthcheck catch_errors cache authtoken swiftauth proxy-server

proxy-server [filter:catch_errors] use = egg:swift#catch_errors

egg:swift#catch_errors [app:proxy-server] use = egg:swift#proxy allow_account_management = true account_autocreate = true

true [filter:healthcheck] use = egg:swift#healthcheck

egg:swift#healthcheck [filter:cache] use = egg:swift#memcache

egg:swift#memcache [filter:swiftauth] paste.filter_factory = keystone.middleware.swift_auth:filter_factory operator_roles = admin, SwiftOperator is_admin = false

false [filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory service_protocol = http service_host = 127.0.0.1 service_port = 5000 auth_protocol = http auth_host = 127.0.0.1 auth_port = 35357

admin_tenant_name = service

admin_user = keystone

admin_password = storage

35357 #admin_tenant_name = service #admin_user = keystone #admin_password = storage delay_auth_decision = 0

0 memcache_servers = 10.57.11.26:11211,10.57.11.25:11211,10.57.9.147:11211

10.57.11.26:11211,10.57.11.25:11211,10.57.9.147:11211 [filter:informant] use = egg:informant#informant statsd_host = 10.57.11.26 metric_name_prepend = storage.


storage.

Content of /etc/keystone/keystone.conf:

[DEFAULT]

bind_host = 10.57.11.26

[DEFAULT]
#bind_host = 10.57.11.26
public_port = 5000
admin_port = 35357
admin_token = ADMIN
compute_port = 8774
verbose = True
debug = True
log_config = /etc/keystone/logging.conf

/etc/keystone/logging.conf # ================= Syslog Options ============================

============================ # Send logs to syslog (/dev/log) instead of to file specified

specified # by log-file

`log-file` use_syslog = False

False # Facility to use. If unset defaults to LOG_USER.

LOG_USER. # syslog_log_facility = LOG_LOCAL0

[sql]

connection = sqlite:////var/lib/keystone/keystone.db

LOG_LOCAL0 [sql] #connection = sqlite:////var/lib/keystone/keystone.db connection = mysql://keystone:storage@staging-mysqlapi01-infra/keystone idle_timeout = 200

[ldap]

url = ldap://localhost

tree_dn = dc=example,dc=com

user_tree_dn = ou=Users,dc=example,dc=com

role_tree_dn = ou=Roles,dc=example,dc=com

tenant_tree_dn = ou=Groups,dc=example,dc=com

user = dc=Manager,dc=example,dc=com

password = freeipa4all

suffix = cn=example,cn=com

200 [ldap] #url = ldap://localhost #tree_dn = dc=example,dc=com #user_tree_dn = ou=Users,dc=example,dc=com #role_tree_dn = ou=Roles,dc=example,dc=com #tenant_tree_dn = ou=Groups,dc=example,dc=com #user = dc=Manager,dc=example,dc=com #password = freeipa4all #suffix = cn=example,cn=com [identity] driver = keystone.identity.backends.sql.Identity


keystone.identity.backends.sql.Identity

curl command work. When I ran:

# curl -d '{"auth":{"passwordCredentials":{"username": "exampleUser", "password": "example"}}}' -H "Content-type: application/json" http://localhost:5000/v2.0/tokens | python -mjson.tool

-mjson.tool

I got:

 % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
100 339 0 256 100 83 1259 408 --:--:-- --:--:-- --:--:-- 1273
{
    "access": {
        "serviceCatalog": {},
        "token": {
            "expires": "2013-05-18T23:10:24Z",
            "id": "c9fcbf0f36144eabafd1e2d549901d4f"
        },
        "user": {
            "id": "a64dcf7b1b324bf9bc7870b5e43e5f5f",
            "name": "exampleUser",
            "roles": [],
            "roles_links": [],
            "username": "exampleUser"
        }
    }
}


}

But, when I ran swift:

# swift -v -A http://localhost:9199/auth/v2.0 -U exampleTenant:exampleUser -K example stat

stat

I got:

Auth GET failed: http://localhost:9199/auth/v2.0/ 401 Unauthorized

Unauthorized

and I saw the message in /var/log/syslog with:

May 17 16:14:36 staging-proxy01-infra staging-proxy01-infra STDOUT: No handlers could be found for logger "keystone.middleware.auth_token" (txn: tx3ed2abe112b248d29d507c674d2683e3)

tx3ed2abe112b248d29d507c674d2683e3)

How to fix 401 error when I ran swift command to get authorizaition through keystone?

I'm trying to use keystone with MySql to work with proxy server authorization.

I have setup keystone with MySql. I can run command like "keystone user-list" and "keystone tenant-list". I can run curl command and it return correct information.

But, I got 401 error when I ran swift command. I ran:

 # swift -v -A http://localhost:9199/auth/v2.0 -U exampleTenant:exampleUser -K example stat

where exampleTenant is the tenan name, exampleUser is the user name, and example is the password.

and got:

# Auth GET failed: http://localhost:9199/auth/v1.0/ 401 Unauthorized

I saw the following message in /var/log/syslog:

May 17 15:04:52 staging-proxy01-infra staging-proxy01-infra STDOUT: No handlers could be found for logger "keystone.middleware.auth_token" (txn: txe4126a2a5d7c45ed901554b23f80be01)
May 17 15:04:53 staging-proxy01-infra staging-proxy01-infra STDOUT: No handlers could be found for logger "keystone.middleware.auth_token" (txn: tx837b389d9ec94e598007d01870171d2f)

Looks like it could not find auth_token. But, I can see auth_token.py in my keystone installation.

I have googled for similar situation, but got no where.


Our system information:

Our company is Snapfish under HP. We are in the process of replacing our existing storage system want to use keystone with OpenStack, This is the last piece that we need to complete the tranformation. So, openstack so we can easily managing users.

Right now, keystone and swift-proxy are on the same box. And, I'm testing on the same box.

OS system: Ubuntu 12.04

Architecture: Linux 3.2.0-23-generic #36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

Package Info:

swift : Version: 1.4.8-0ubuntu2
swift-proxy: Version: 1.4.8-0ubuntu2
python-swift: Version: 1.4.8-0ubuntu2
keystone: Version: 2012.1+stable~20120824-a16a0ab9-0ubuntu2.3
python-keystone: Version: 2012.1+stable~20120824-a16a0ab9-0ubuntu2.3

Content of /etc/swift/prosy-server.conf:

[DEFAULT]
bind_port = 9199
workers = 20
user = swift
log_facility = LOG_LOCAL1
log_level = INFO
log_name = staging-proxy01-infra
log_requests = true

[pipeline:main]
pipeline = informant healthcheck catch_errors cache authtoken swiftauth proxy-server

[filter:catch_errors]
use = egg:swift#catch_errors

[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:cache]
use = egg:swift#memcache

[filter:swiftauth]
paste.filter_factory = keystone.middleware.swift_auth:filter_factory
operator_roles = admin, SwiftOperator
is_admin = false

[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_protocol = http
service_host = 127.0.0.1
service_port = 5000
auth_protocol = http
auth_host = 127.0.0.1
auth_port = 35357
#admin_tenant_name = service
#admin_user = keystone
#admin_password = storage
delay_auth_decision = 0

memcache_servers = 10.57.11.26:11211,10.57.11.25:11211,10.57.9.147:11211

[filter:informant]
use = egg:informant#informant
statsd_host = 10.57.11.26
metric_name_prepend = storage.

Content of /etc/keystone/keystone.conf:

[DEFAULT]
#bind_host = 10.57.11.26
public_port = 5000
admin_port = 35357
admin_token = ADMIN
compute_port = 8774
verbose = True
debug = True
log_config = /etc/keystone/logging.conf

# ================= Syslog Options ============================
# Send logs to syslog (/dev/log) instead of to file specified
# by `log-file`
use_syslog = False

# Facility to use. If unset defaults to LOG_USER.
# syslog_log_facility = LOG_LOCAL0

[sql]
#connection = sqlite:////var/lib/keystone/keystone.db
connection = mysql://keystone:storage@staging-mysqlapi01-infra/keystone
idle_timeout = 200

[ldap]
#url = ldap://localhost
#tree_dn = dc=example,dc=com
#user_tree_dn = ou=Users,dc=example,dc=com
#role_tree_dn = ou=Roles,dc=example,dc=com
#tenant_tree_dn = ou=Groups,dc=example,dc=com
#user = dc=Manager,dc=example,dc=com
#password = freeipa4all
#suffix = cn=example,cn=com

[identity]
driver = keystone.identity.backends.sql.Identity

curl command work. When I ran:

# curl -d '{"auth":{"passwordCredentials":{"username": "exampleUser", "password": "example"}}}' -H "Content-type: application/json" http://localhost:5000/v2.0/tokens | python -mjson.tool

I got:

   % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
100 339 0 256 100 83 1259 408 --:--:-- --:--:-- --:--:-- 1273
{
    "access": {
        "serviceCatalog": {},
        "token": {
            "expires": "2013-05-18T23:10:24Z",
            "id": "c9fcbf0f36144eabafd1e2d549901d4f"
        },
        "user": {
            "id": "a64dcf7b1b324bf9bc7870b5e43e5f5f",
            "name": "exampleUser",
            "roles": [],
            "roles_links": [],
            "username": "exampleUser"
        }
    }
}

But, when I ran swift:

# swift -v -A http://localhost:9199/auth/v2.0 -U exampleTenant:exampleUser -K example stat

I got:

Auth GET failed: http://localhost:9199/auth/v2.0/ 401 Unauthorized

and I saw the message in /var/log/syslog with:

May 17 16:14:36 staging-proxy01-infra staging-proxy01-infra STDOUT: No handlers could be found for logger "keystone.middleware.auth_token" (txn: tx3ed2abe112b248d29d507c674d2683e3)

How to fix 401 error when I ran swift command to get authorizaition through keystone?

I'm trying to use keystone with MySql to work with proxy server authorization.

I have setup keystone with MySql. I can run command like "keystone user-list" and "keystone tenant-list". I can run curl command and it return correct information.

But, I got 401 error when I ran swift command. I ran:

 # swift -v -A http://localhost:9199/auth/v2.0 -U exampleTenant:exampleUser -K example stat

where exampleTenant is the tenan name, exampleUser is the user name, and example is the password.

and got:

# Auth GET failed: http://localhost:9199/auth/v1.0/ 401 Unauthorized

I saw the following message in /var/log/syslog:

May 17 15:04:52 staging-proxy01-infra staging-proxy01-infra STDOUT: No handlers could be found for logger "keystone.middleware.auth_token" (txn: txe4126a2a5d7c45ed901554b23f80be01)
May 17 15:04:53 staging-proxy01-infra staging-proxy01-infra STDOUT: No handlers could be found for logger "keystone.middleware.auth_token" (txn: tx837b389d9ec94e598007d01870171d2f)

Looks like it could not find auth_token. But, I can see auth_token.py in my keystone installation.

I have googled for similar situation, but got no where.


Our system information:

Our company is Snapfish under HP. We want to use keystone with openstack so we can easily managing users.

Right now, keystone and swift-proxy are on the same box. And, I'm testing on the same box.

OS system: Ubuntu 12.04

Architecture: Linux 3.2.0-23-generic #36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

Package Info:

swift : Version: 1.4.8-0ubuntu2
swift-proxy: Version: 1.4.8-0ubuntu2
python-swift: Version: 1.4.8-0ubuntu2
keystone: Version: 2012.1+stable~20120824-a16a0ab9-0ubuntu2.3
python-keystone: Version: 2012.1+stable~20120824-a16a0ab9-0ubuntu2.3

Content of /etc/swift/prosy-server.conf:

[DEFAULT]
bind_port = 9199
workers = 20
user = swift
log_facility = LOG_LOCAL1
log_level = INFO
log_name = staging-proxy01-infra
log_requests = true

[pipeline:main]
pipeline = informant healthcheck catch_errors cache authtoken swiftauth proxy-server

[filter:catch_errors]
use = egg:swift#catch_errors

[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:cache]
use = egg:swift#memcache

[filter:swiftauth]
paste.filter_factory = keystone.middleware.swift_auth:filter_factory
operator_roles = admin, SwiftOperator
is_admin = false

[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_protocol = http
service_host = 127.0.0.1
service_port = 5000
auth_protocol = http
auth_host = 127.0.0.1
auth_port = 35357
#admin_tenant_name = service
#admin_user = keystone
#admin_password = storage
delay_auth_decision = 0

memcache_servers = 10.57.11.26:11211,10.57.11.25:11211,10.57.9.147:11211

[filter:informant]
use = egg:informant#informant
statsd_host = 10.57.11.26
metric_name_prepend = storage.

Content of /etc/keystone/keystone.conf:

[DEFAULT]
#bind_host = 10.57.11.26
public_port = 5000
admin_port = 35357
admin_token = ADMIN
compute_port = 8774
verbose = True
debug = True
log_config = /etc/keystone/logging.conf

# ================= Syslog Options ============================
# Send logs to syslog (/dev/log) instead of to file specified
# by `log-file`
use_syslog = False

# Facility to use. If unset defaults to LOG_USER.
# syslog_log_facility = LOG_LOCAL0

[sql]
#connection = sqlite:////var/lib/keystone/keystone.db
connection = mysql://keystone:storage@staging-mysqlapi01-infra/keystone
idle_timeout = 200

[ldap]
#url = ldap://localhost
#tree_dn = dc=example,dc=com
#user_tree_dn = ou=Users,dc=example,dc=com
#role_tree_dn = ou=Roles,dc=example,dc=com
#tenant_tree_dn = ou=Groups,dc=example,dc=com
#user = dc=Manager,dc=example,dc=com
#password = freeipa4all
#suffix = cn=example,cn=com

[identity]
driver = keystone.identity.backends.sql.Identity

curl command work. When I ran:

# curl -d '{"auth":{"passwordCredentials":{"username": "exampleUser", "password": "example"}}}' -H "Content-type: application/json" http://localhost:5000/v2.0/tokens | python -mjson.tool

I got:

   % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
100 339 0 256 100 83 1259 408 --:--:-- --:--:-- --:--:-- 1273
{
    "access": {
        "serviceCatalog": {},
        "token": {
            "expires": "2013-05-18T23:10:24Z",
            "id": "c9fcbf0f36144eabafd1e2d549901d4f"
        },
        "user": {
            "id": "a64dcf7b1b324bf9bc7870b5e43e5f5f",
            "name": "exampleUser",
            "roles": [],
            "roles_links": [],
            "username": "exampleUser"
        }
    }
}

But, when I ran swift:

# swift -v -A http://localhost:9199/auth/v2.0 -U exampleTenant:exampleUser -K example stat

I got:

Auth GET failed: http://localhost:9199/auth/v2.0/ 401 Unauthorized

and I saw the message in /var/log/syslog with:

May 17 16:14:36 staging-proxy01-infra staging-proxy01-infra STDOUT: No handlers could be found for logger "keystone.middleware.auth_token" (txn: tx3ed2abe112b248d29d507c674d2683e3)