Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

swift keystone authentication : This server could not verify that you are authorized to access the document you requested

I am able to get the swift authentication through tempauth. But when I am using keystoneauth it is failing. The proxy-server.conf: [pipeline:main] pipeline=gatekeeper cache catch_errors healthcheck formpost authtoken keystoneauth tempauth proxy-logging dlo name_check proxy-server and opertor roles have been configured as: operator_roles = admin,swiftoperator,ResellerAdmin

Using tempauth: curl -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' http://localhost:8080/auth/v1.0 generates * About to connect() to localhost port 8080 (#0) * Trying 127.0.0.1... * Connected to localhost (127.0.0.1) port 8080 (#0)

GET /auth/v1.0 HTTP/1.1 User-Agent: curl/7.29.0 Host: localhost:8080 Accept: / X-Storage-User: test:tester X-Storage-Pass: testing

< HTTP/1.1 200 OK < X-Storage-Url: http://localhost:8080/v1/AUTH_test < X-Auth-Token: AUTH_tk1a65d757f499482eb37290b212e8a131 < Content-Type: text/html; charset=UTF-8 < X-Storage-Token: AUTH_tk1a65d757f499482eb37290b212e8a131 < X-Trans-Id: tx26e500d645354409a3c97-0054c23f92 < Content-Length: 0 < Date: Fri, 23 Jan 2015 12:33:22 GMT < * Connection #0 to host localhost left intact and the command gives the correct output swift -A http://localhost:8080/auth/v1.0 -U test:tester -K testing stat Account: AUTH_test Containers: 0 Objects: 0 Bytes: 0 X-Put-Timestamp: 1422016563.04302 X-Timestamp: 1422016563.04302 X-Trans-Id: txabadfd14ec224176b5059-0054c24032 Content-Type: text/plain; charset=utf-8

But facing issues with keystone.
In step 1: I am able to create create the token.

curl -d '{"auth":{"passwordCredentials":{"username": "demo", "password": "demo_pwd"},"tenantName":"demo"}}' -H "Content-type: application/json" http://localhost:5000/v2.0/tokens | python -mjson.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 3855 100 3758 100 97 11071 285 --:--:-- --:--:-- --:--:-- 11118 { "access": { "metadata": { "is_admin": 0, "roles": [ "09afce5a5e7b4e8c8197e39bd21ba6f5", "ed99b5357f3d4270b5c98730d50eb48e" ] }, "serviceCatalog": [ { "endpoints": [ { "adminURL": "http://localhost:8774/v2/602f0101b8ac4c47a85faa81d5638abc", "id": "e8abaef805434e2abfd398cafd675b6d", "internalURL": "http://localhost:8774/v2/602f0101b8ac4c47a85faa81d5638abc", "publicURL": "http://localhost:8774/v2/602f0101b8ac4c47a85faa81d5638abc", "region": "regionOne" } ], "endpoints_links": [], "name": "nova", "type": "compute" }, { "endpoints": [ { "adminURL": "http://localhost:9696", "id": "3eb2f592a093460a860bf6d9281e665d", "internalURL": "http://localhost:9696", "publicURL": "http://localhost:9696", "region": "regionOne" } ], "endpoints_links": [], "name": "neutron", "type": "network" }, { "endpoints": [ { "adminURL": "http://localhost:8776/v2/602f0101b8ac4c47a85faa81d5638abc", "id": "44cc97c468c145c59792d4b256fa3e95", "internalURL": "http://localhost:8776/v2/602f0101b8ac4c47a85faa81d5638abc", "publicURL": "http://localhost:8776/v2/602f0101b8ac4c47a85faa81d5638abc", "region": "regionOne" } ], "endpoints_links": [], "name": "cinderv2", "type": "volumev2" }, { "endpoints": [ { "adminURL": "http://localhost:9292", "id": "1af674de70dc493f8044d2f8b2534679", "internalURL": "http://localhost:9292", "publicURL": "http://localhost:9292", "region": "regionOne" } ], "endpoints_links": [], "name": "glance", "type": "image" }, { "endpoints": [ { "adminURL": "http://localhost:8777", "id": "463f6349156e4dbe9097b73423a7e308", "internalURL": "http://localhost:8777", "publicURL": "http://localhost:8777", "region": "regionOne" } ], "endpoints_links": [], "name": "ceilometer", "type": "metering" }, { "endpoints": [ { "adminURL": "http://localhost:8000/v1", "id": "4083ac3a3cef4d3fa738cbf39ee62c0e", "internalURL": "http://localhost:8000/v1", "publicURL": "http://localhost:8000/v1", "region": "regionOne" } ], "endpoints_links": [], "name": "heat-cfn", "type": "cloudformation" }, { "endpoints": [ { "adminURL": "http://localhost:8776/v1/602f0101b8ac4c47a85faa81d5638abc", "id": "709edc64493544f1af8531968d1ee8f8", "internalURL": "http://localhost:8776/v1/602f0101b8ac4c47a85faa81d5638abc", "publicURL": "http://localhost:8776/v1/602f0101b8ac4c47a85faa81d5638abc", "region": "regionOne" } ], "endpoints_links": [], "name": "cinder", "type": "volume" }, { "endpoints": [ { "adminURL": "http://localhost:8004/v1/602f0101b8ac4c47a85faa81d5638abc", "id": "8f36fed5b453464989924c8be006fb6f", "internalURL": "http://localhost:8004/v1/602f0101b8ac4c47a85faa81d5638abc", "publicURL": "http://localhost:8004/v1/602f0101b8ac4c47a85faa81d5638abc", "region": "regionOne" } ], "endpoints_links": [], "name": "heat", "type": "orchestration" }, { "endpoints": [ { "adminURL": "http://localhost:8080", "id": "1e07b5b5edd9458299848c956ceaee02", "internalURL": "http://localhost:8080/v1/AUTH_602f0101b8ac4c47a85faa81d5638abc", "publicURL": "http://localhost:8080/v1/AUTH_602f0101b8ac4c47a85faa81d5638abc", "region": "regionOne" } ], "endpoints_links": [], "name": "swift", "type": "object-store" }, { "endpoints": [ { "adminURL": "http://localhost:35357/v2.0", "id": "2673a551b35748529b8b755696038d42", "internalURL": "http://localhost:5000/v2.0", "publicURL": "http://localhost:5000/v2.0", "region": "regionOne" } ], "endpoints_links": [], "name": "keystone", "type": "identity" } ], "token": { "audit_ids": [ "bj3u6kuOT82coGrFSzSTfQ" ], "expires": "2015-01-23T13:38:39Z", "id": "771133f1df6b49f18193938429e3a774", "issued_at": "2015-01-23T12:38:39.559761", "tenant": { "description": "Demo Tenant", "enabled": true, "id": "602f0101b8ac4c47a85faa81d5638abc", "name": "demo" } }, "user": { "id": "59862a257e5a40eab1fd92e097681eb0", "name": "demo", "roles": [ { "name": "swiftoperator" }, { "name": "ResellerAdmin" } ], "roles_links": [], "username": "demo" } } }

Step2: Using the token received above: curl -v -H “X-Auth-Token: 771133f1df6b49f18193938429e3a774” http://localhost:8080/v1/AUTH_602f0101b8ac4c47a85faa81d5638abc * Input domain encoded as `UTF-8' * Could not resolve host: xn--771133f1df6b49f18193938429e3a774-qb2t; Name or service not known * Closing connection 0 curl: (6) Could not resolve host: xn--771133f1df6b49f18193938429e3a774-qb2t; Name or service not known * About to connect() to localhost port 8080 (#1) * Trying 127.0.0.1... * Connected to localhost (127.0.0.1) port 8080 (#1)

GET /v1/AUTH_602f0101b8ac4c47a85faa81d5638abc HTTP/1.1 User-Agent: curl/7.29.0 Host: localhost:8080 Accept: /

< HTTP/1.1 401 Unauthorized < Content-Length: 131 < Content-Type: text/html; charset=UTF-8 < Www-Authenticate: Swift realm="AUTH_602f0101b8ac4c47a85faa81d5638abc" < WWW-Authenticate: Keystone uri='http://localhost:35357' < X-Trans-Id: txf816ac2a6b7e470b97369-0054c241a3 < Date: Fri, 23 Jan 2015 12:42:11 GMT < * Connection #1 to host localhost left intact <html>

Unauthorized

This server could not verify that you are authorized to access the document you requested.

</html>

So the command: swift -A http://localhost:8080/auth/v1.0 -U demo:demo -K demo_pwd stat

too fails:

File "/usr/bin/swift", line 10, in <module> sys.exit(main()) File "/usr/lib/python2.7/site-packages/swiftclient/shell.py", line 1287, in main globals()'st_%s' % args[0] File "/usr/lib/python2.7/site-packages/swiftclient/shell.py", line 492, in st_stat stat_result = swift.stat() File "/usr/lib/python2.7/site-packages/swiftclient/service.py", line 443, in stat raise SwiftError('Account not found', exc=err) swiftclient.service.SwiftError: 'Account not found'

Any clue or help?