Revision history [back]

click to hide/show revision 1
initial version

Swift Keystone Authentication Fails

Hello Team,

I am unable to login to Swift using the Keystone integration. Here is sample output when I try to get swift status:

vagrant@swift:~$ swift -A http://172.16.0.201:5000/v2.0 -U service:swift -K swift stat Auth GET failed: http://172.16.0.201:5000/v2.0 200 OK

I tried adding TempAuth entries to the Proxy config as well, but that is not working for me either. Please see my Proxy Config file contents below:

172.16.0.203 is my Swift Server 172.16.0.201 is my Controller Node, which runs Keystone

[DEFAULT] bind_port = 443 cert_file = /etc/swift/cert.crt key_file = /etc/swift/cert.key user = swift log_facility = LOG_LOCAL1

[pipeline:main] pipeline = catch_errors healthcheck cache authtoken keystoneauth proxy-server

[app:proxy-server] use = egg:swift#proxy account_autocreate = true allow_account_management = true

[filter:tempauth] use = egg:swift#tempauth user_admin_admin = admin .admin .rseller_admin

[filter:healthcheck] use = egg:swift#healthcheck

[filter:cache] use = egg:swift#memcache

[filter:keystone] paste.filter_factory = keystoneclient.middleware.swift_auth:filter_factory operator_roles = Member,admin

[filter:authtoken] paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory service_port = 5000 service_host = 172.16.0.201 auth_port = 35357 auth_host = 172.16.0.201 auth_protocol = http auth_token = ADMIN admin_token = ADMIN admin_tenant_name = service admin_user = swift admin_password = swift cache = swift.cache

[filter:catch_errors] use = egg:swift#catch_errors

[filter:swift3] use = egg:swift#swift3

[filter:keystoneauth] use = egg:swift#keystoneauth operator_roles = admin, swiftoperator

[filter:swiftauth] use = egg:keystone#swiftauth keystone_url = http://172.16.0.201:5000/v2.0 keystone_admin_token = 999888777666 keystone_swift_operator_roles = Admin, SwiftOperator keystone_tenant_user_admin = true

[filter:tokenauth] paste.filter_factory = keystone.middleware.auth_token:filter_factory auth_protocol = http auth_host = 172.16.0.201 auth_port = 35357 auth_uri = http://172.16.0.201:5000/ admin_token = 999888777666 delay_auth_decision = 0 memecache_host = 172.16.0.203:11211

The keystone endpoint was successfully created: +----------------------------------+-----------+------------------------------------------------+------------------------------------------------+-------------------------------------------+----------------------------------+ | id | region | publicurl | internalurl | adminurl | service_id | +----------------------------------+-----------+------------------------------------------------+------------------------------------------------+-------------------------------------------+----------------------------------+ | 3bb430404e1f4da0a8f22fdfa8b906a2 | RegionOne | http://172.16.0.201:8773/services/Cloud | http://172.16.0.201:8773/services/Cloud | http://172.16.0.201:8773/services/Admin | fcfddafdc36b4708a3bfddd39cd5bd57 | | 6cc1aedc3e154344922b34100a0a5c95 | RegionOne | https://172.16.0.203:443/v1/AUTH_$(tenant_id)s | https://172.16.0.203:443/v1/AUTH_$(tenant_id)s | https://172.16.0.203:443/v1 | 0c342438b82a461f98494ef7f7d3abb7 | | 78fda6ce75034e8b821aadaef72b3a8b | RegionOne | http://172.16.0.201:8776/v1/%(tenant_id)s | http://172.16.0.201:8776/v1/%(tenant_id)s | http://172.16.0.201:8776/v1/%(tenant_id)s | 2410a1924e764513805b9d6f62639226 | | 9bf69ed68d404a959521f1099e0aae5b | RegionOne | http://172.16.0.201:5000/v2.0 | http://172.16.0.201:5000/v2.0 | http://172.16.0.201:35357/v2.0 | 839a2b67a6f1450fa8666507e49476d3 | | b4d2945af5d24e50aae51c935452f36d | RegionOne | http://172.16.0.201:9292/v1 | http://172.16.0.201:9292/v1 | http://172.16.0.201:9292/v1 | 3a172fa1190a40ddb8bedafdffc26e08 | | e5e3664088be4295942bce38e611f420 | RegionOne | http://172.16.0.201:8774/v2/$(tenant_id)s | http://172.16.0.201:8774/v2/$(tenant_id)s | http://172.16.0.201:8774/v2/$(tenant_id)s | d3b23588d58e4f7f9563a8e8af650128 | +----------------------------------+-----------+------------------------------------------------+------------------------------------------------+-------------------------------------------+----------------------------------+

Also, the swift user is an admin in the service tenant: vagrant@swift:~$ keystone tenant-list +----------------------------------+----------+---------+ | id | name | enabled | +----------------------------------+----------+---------+ | 9106c2e5f44840f39bac59be3c9d4e12 | cookbook | True | | b334b98cc9f241d59367e848e253e3cf | service | True | +----------------------------------+----------+---------+

vagrant@swift:~$ keystone user-role-list --user swift --tenant_id b334b98cc9f241d59367e848e253e3cf +----------------------------------+----------+----------------------------------+----------------------------------+ | id | name | user_id | tenant_id | +----------------------------------+----------+----------------------------------+----------------------------------+ | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | ac30c7cd0d234f7baa95d2cf9032d38b | b334b98cc9f241d59367e848e253e3cf | | fb981f22fd5d4cf39a558e13eabbca91 | admin | ac30c7cd0d234f7baa95d2cf9032d38b | b334b98cc9f241d59367e848e253e3cf | +----------------------------------+----------+----------------------------------+----------------------------------+

Any advice would be appreciated