Ask Your Question

latest_release's profile - activity

2016-12-13 04:52:21 -0600 received badge  Teacher (source)
2016-12-13 04:52:21 -0600 received badge  Necromancer (source)
2016-12-08 03:40:43 -0600 received badge  Famous Question (source)
2016-12-08 03:40:43 -0600 received badge  Notable Question (source)
2016-08-25 10:54:34 -0600 received badge  Famous Question (source)
2016-04-21 07:23:42 -0600 asked a question Swift endpoint request changes from v3 to v1 on proxy-server

I defined the swift proxy-server endpoint as pointing to http://192.168.1.177:8080/v3/AUTH_%(tenant_id)s and the request is being made the return is http://192.168.1.177:8080/v3/AUTH_e0bcc2c4619d4a8f97e797c4d6353617, which is good, but surprisingly the storage services (account-server, container-server object-server), Recieve http://192.168.1.177:8080/v1/AUTH_e0bcc2c4619d4a8f97e797c4d6353617 as there request from proxy-server NOTE the difference in v3 to v1.

This later leads a an error response of

swiftclient.exceptions.ClientException: Account Head Failed: http://192.168.1.177:8080/v3/AUTH_e0bcc2c4619d4a8f97e797c4d6353617 400 Bad Request

What is wrong i just don't understand

2016-04-19 08:06:30 -0600 received badge  Famous Question (source)
2016-01-14 11:44:25 -0600 received badge  Taxonomist
2015-11-08 14:34:38 -0600 received badge  Notable Question (source)
2015-10-19 01:55:17 -0600 answered a question I can't create User on keyston

You may need to install the missing module wrapt with this command sudo pip install --upgrade wrapt then try to create the user again.

NOTE If you can you can just try to create users with python scripts. I find that to be easy than to run commandline.

2015-10-16 02:50:04 -0600 answered a question how can I configure glance to work with swift with Keystone v3 API?

Alright Darren-wang The same problem you were facing i to was facing it configuring keystone v3 to work well with glance.

I finally got it working pretty well and here are the following steps I did for it to work. ie glance and keystone v3

Download the lastest version of glance in my case it was glance 1.1.0, You can either use the package manager, apt-getor you can just https://launchpad.net/glance/liberty/... NOTE when you choose to download from the link above you will have to install the dependencies manually. which are quite very many in my case I had to install them manully around 12+. Ensure you have the lastest update installed.

Install the lastest keystone middleware pip install --upgrade keystonemiddleware

In glance-api.conf --> Section | [keystone_authtoken]

You configurations should have something similar change it according to your needs.

paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = http://192.168.1.142:5000
auth_url = http://192.168.1.142:35357
auth_plugin = password
project_domain_name=glance
user_domain_name=glance
project_name=glance
username = glance
password = glance

Under that section you will see | [paste_deploy] it should be

[paste_deploy]
config_file = /etc/glance/glance-api-paste.ini
flavor=keystone

glance-api-paste.ini or /etc/glance/glance-api-paste.ini

Move to secion [filter:authtoken]

paste.filter_factory = keystonemiddleware.auth_token:filter_factory
delay_auth_decision = true
auth_uri = http://192.168.1.142:5000
auth_url = http://192.168.1.142:35357
auth_plugin = password
project_domain_name=glance
user_domain_name=glance
project_name=glance
username = glance
password = glance

Again change it according to your local settings

NOTE: The configurations you applied in glance-api.conf should be the same as glance-registry.conf, and the configurations you applied in glance-api-registry.ini should also apply to glance-registry-ini.

NOTE The project_domain_name, user_domain_name, project_name, username, password, should be valid as for me they are the ones I used I wanted the name to remain the same based on the service that is why everthing is glance.

NOTE Ensure that keystone is working Very well. and you have tested it. with swift or any other service.

I failed to configure the CL(commandline) for glance. but here is a piece of python script to help.

from keystoneclient.v3 import client
from keystoneclient.auth.identity import v3
from keystoneclient import session
#from keystoneclient import client
from keystoneclient.v3.client import exceptions
#from glanceclient import Client 
from glanceclient.v2 import Client 
IMAGE_ENDPOINT="http://192.168.1.103:9292/v2"

auth = v3.Password(
                    auth_url="http://192.168.1.125:5000/v3/",
                    user_domain_name="glance",
                    username="glance", 
                    password="glance",
                    project_domain_name="glance",
                    project_name="glance"
                )

sess = session.Session(auth=auth)
#keystone = client.Client(session=sess)
#print keystone.projects.list()


token =  auth.get_token(sess)
#glance = Client(endpoint=IMAGE_ENDPOINT, session=sess)
glance = Client(endpoint=IMAGE_ENDPOINT, token=token)
#image = glance.images.create(name="Test Image S8software")

print glance.images.list().next()

WARNING It appears that there is a bug in using session with keystone v3. If you pass session to glanceclient.Client, in keystone it will attempt and https:// resulting in 400. I will confirm and file a bug. but when yo up pass token=token ... (more)

2015-10-15 03:23:13 -0600 received badge  Student (source)
2015-10-15 00:39:22 -0600 commented question Strange Issues, Integrating Glance with Keystone v3

Could it be the version of glance am using whichs 0.15.0 and keystone version is is 1.7.2. Let me try your suggestion.

2015-10-14 10:27:10 -0600 received badge  Popular Question (source)
2015-10-14 06:44:01 -0600 received badge  Famous Question (source)
2015-10-14 04:27:17 -0600 asked a question Strange Issues, Integrating Glance with Keystone v3

Please help, I know such question could have been asked by after two days of searching not real success.

I setup swift to work with keystone v3 and it worked fined. But when I attempted to integrate `glance(0.15.0)` authentication always returns 401. Here is a master piece of python code I was using to list images from glance server.

from keystoneclient.v3 import client
from keystoneclient.auth.identity import v3
from keystoneclient import session
#from keystoneclient import client
from keystoneclient.v3.client import exceptions
from glanceclient import Client 

IMAGE_ENDPOINT="http://192.168.1.5:9292/v2"

auth = v3.Password(
                    auth_url="http://192.168.1.142:5000/v3",
                    user_domain_name="glance",
                    username="glance", 
                    password="glance",
                    project_domain_name="glance",
                    project_name="glance"
                )

sess = session.Session(auth=auth)
#keystone = client.Client(session=sess)
#print keystone.projects.list()

token =  auth.get_token(sess)
#print token 
glance = Client(endpoint=IMAGE_ENDPOINT, token=token)
print glance.images.list().next()

I followed a simple setup of glance and here is what is suggested.

And here is what is in my glance-api.conf and glance-registry.conf

paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = http://192.168.1.142:5000/
auth_url = http://192.168.1.142:35357/
auth_plugin = password
project_domain_name=glance
user_domain_name=glance
project_name=glance
username = glance
password = glance

Am perfomed some analysis on the keystone authentication module on glance controller the response from the authentication server is 200, showing success but they still show an error

When I analysed the request being sent to the authentication server. no data is send to the server all which could have been kind of password username domain

Response Code from Auth server

2015-10-14 12:12:59.159 14685 DEBUG keystoneclient.session [-] RESPONSE <Response [200]>  _http_log_response /usr/lib/python2.7/dist-packages/keystoneclient/session.py:207
2015-10-14 12:12:59.159 14685 DEBUG keystoneclient.session [-] HEADERS None  _http_log_response /usr/lib/python2.7/dist-packages/keystoneclient/session.py:208
2015-10-14 12:12:59.159 14685 DEBUG keystoneclient.session [-] TEXT None  _http_log_response /usr/lib/python2.7/dist-packages/keystoneclient/session.py:209
2015-10-14 12:12:59.159 14685 DEBUG keystoneclient.session [-] STATAUS CODE None  _http_log_response /usr/lib/python2.7/dist-packages/keystoneclient/session.py:210
2015-10-14 12:12:59.159 14685 DEBUG keystoneclient.session [-] RESP: [200] date: Wed, 14 Oct 2015 09:12:59 GMT content-type: application/json content-length: 335 vary: X-Auth-Token x-distribution: Ubuntu

Request Being sent to the Authentication server

2015-10-14 12:12:58.831 14685 DEBUG keystoneclient.auth.identity.v3 [-] Making authentication request to http://192.168.1.142:35357/v3/auth/tokens get_auth_ref /usr/lib/python2.7/dist-packages/keystoneclient/auth/identity/v3.py:126
2015-10-14 12:12:59.151 14685 DEBUG keystoneclient.session [-] URL http://192.168.1.142:35357/v3  _http_log_request /usr/lib/python2.7/dist-packages/keystoneclient/session.py:171
2015-10-14 12:12:59.151 14685 DEBUG keystoneclient.session [-] METHOED GET  _http_log_request /usr/lib/python2.7/dist-packages/keystoneclient/session.py:172
2015-10-14 12:12:59.152 14685 DEBUG keystoneclient.session [-] DATA None  _http_log_request /usr/lib/python2.7/dist-packages/keystoneclient/session.py:173
2015-10-14 12:12:59.152 ...
(more)
2015-10-14 02:19:26 -0600 received badge  Popular Question (source)
2015-10-13 08:05:12 -0600 commented question OpenStack Identity Service. python-keystone

Ensure you are having an update debian repo, ask the package may be new. Also try to post the error message you are getting.

2015-10-13 08:01:12 -0600 commented question how can I configure glance to work with swift with Keystone v3 API?

Are you having swift working well with keystone v3?, If yes then try using the same authentication configuration of swift on the proxyserver to the glance-api.conf, glance-registry.conf

2015-09-23 08:25:43 -0600 received badge  Notable Question (source)
2015-09-04 02:16:18 -0600 received badge  Scholar (source)
2015-09-04 01:45:39 -0600 received badge  Popular Question (source)
2015-09-03 12:48:16 -0600 answered a question Swift Unable re-verifiy keystone v3 token from keystone v3 It self

After Six hours of dedicated migration from keystone v2 to keystone v3 I got it working very well. and I will create blog post how to to perform clear migrations from keystone v2 to keystone v3, using openstack services. I my case it was swift. but should apply to all others.

I was using keystone client that I entirely wrong in python, looks like it is the one is much simpler when you are making your migrations.

This are the steps that I did in order get keystone v3 working with swift 1) Create the identify keystone service with the following names . name: keystone service type identity 2) Create the object-store service with the following names name: ObjectStore (any name should work) service type: object-store

3) Define the endpoint for identity service AKA keystone both admin, internal and public follow steps below i) Get the identity service id you created above ii) Then create the endpint passing the Id of the service, and the service type

endpoint = client.Client(endpoint="http://192.168.1.142:5000/v3", token="S8@Wangolo")
        s = S8EndpointManager(client=endpoint)
        s.new_endpoint(service_id="db5f0c178ecd428abdd40e4bb563e978", url="http://192.168.1.142:35357/v3", region="object-store", interface="admin")

 NOTE: `the interace="admin". Run the same command this time interface="public" and after interface="internal"
 But for the public and internal interface the url changes to  "http://192.168.1.142:5000/v3" only the port.

4) Create the endpoint for the object-store service just the you did with the keystone identity service.

i) Use the object store ID, ii) Create url for both interface "public", "admin", "internal" iii) URL should be pointing to the proxy-server of the storage nodes.

Hope this helps

NOTE: even the users who you create matters alot there project, domain, roles work. For me it failed to work when swift user has the swiftoperator role when I re-created with the admin role it worked.

2015-09-03 06:53:08 -0600 commented answer Keystone v3 Bug Domain always falls on default

Thanks, as you said, i changed user_domain to user_domain_name, an it works. THANKS, and also got it working with sessions.

2015-09-03 06:52:09 -0600 received badge  Supporter (source)
2015-09-03 06:50:45 -0600 asked a question Swift Unable re-verifiy keystone v3 token from keystone v3 It self

I made a migration from keystone v2 to keystone v3. that is a setup a new server running keystone v3, and re-configured the storage proxy-server to handle v3 authenticated.

The user is authenticated very well from keystone v3 and the token is returned nicely and can even see it. But the proxy-server raises the following debugging info.

Sep  3 14:40:44 jet-client-1 proxy-server: Invalid user token - rejecting request
Sep  3 14:40:44 jet-client-1 proxy-server: Authorization failed for token
Sep  3 14:40:44 jet-client-1 proxy-server: Invalid user token - rejecting request

when I do connection.get_auth() a lengthy token is returned to me. from keystone v3

On the client side where I inititiate the connection here is what is going on

swiftclient.exceptions.ClientException: Account GET failed: http://192.168.1.142:8080/v1/AUTH_4cff695e9b754d44bdcfeff16d82ef3a?format=json 401 Unauthorized   Authentication required

The keystone v3 returns even the project url http://192.168.1.142:8080/v1/AUTH_4cff695e9b754d44bdcfeff16d82ef3a?format=json but proxy-server can't do it's job.

Here are my proxy-server.conf authtoken configurations.

[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_host=192.168.1.142
auth_port=35357
auth_protocol=https
auth_uri = http://192.168.1.142:5000/
auth_url = http://192.168.1.142:35357/
auth_plugin = password
project_domain_name= swift
user_domain_name=swift
project_name =swift
username = swift
password = swift
auth_version = 3
#delay_auth_decision = true
#cache = swift.cache
#include_service_catalog = True

Is there something am doing wrong.

2015-09-03 01:12:06 -0600 received badge  Enthusiast
2015-09-01 08:40:20 -0600 asked a question Keystone v3 Bug Domain always falls on default

This should be a bug on keystone v3, I try to a authenticate a user but the end point auth always defaults to a default installation domain even though I pass a valid user domain during auth.

Here is how I do it

from keystoneclient.v3 import client
from keystoneclient.auth.identity import v3
from keystoneclient import session
#from keystoneclient import client
from keystoneclient.v3.client import exceptions

keystone = client.Client(user_domain="TestDomainAgain",
                        username="dev@s8-software.com", password="Test",
                        project_domain_name="TestDomain",
                        project_name="S8Wangolo",
                        auth_url="http://192.168.1.142:5000/v3"
                       )

The above always resulted in the following error

keystoneclient.openstack.common.apiclient.exceptions.Unauthorized: The request you have made requires authentication. (HTTP 401)

When I hooked in the endpoint and put some debugging message on the password module I realized that the domain I pass was ignored silently. Here we go below

AUTH PAYLOAD  {u'user': {u'domain': {u'id': u'default'}, u'password': u'Test', u'name': u'dev@s8-software.com'}}
USER INFO  {u'domain': {u'id': u'default'}, u'password': u'Test', u'name': u'dev@s8-software.com'}
Password Is  Test UserName is  dev@s8-software.com
DOMAIN REF  {'enabled': True, u'description': u'Owns users and tenants (i.e. projects) available on Identity API v2.', 'name': u'Default', 'id': u'default'} ID  default

The domain I pass in silently ignored and the default is used, which in these cases is seems to be v2. It seems they are trying to locate the user in the default domain with pain because he does not exists.

1) Am i missing something in the client.Client 2) Is it a bug

Am using Ubuntu 14.04 Icehouse.

2015-08-21 01:50:40 -0600 received badge  Notable Question (source)
2015-08-21 01:50:40 -0600 received badge  Popular Question (source)
2015-06-30 10:14:46 -0600 asked a question Dedicated Replication Network not recieving replication.

Hey every body. Am trying to build a simple file storage application in django and swift. Everything works fine users can create accounts and even upload, share and stream there data, but I can't get the information to be replicated.

I have setup up two separate nodes all on ubuntu 14.04

  • Storage server on *192.168.1.5 (Physical Node) *
  • Replication network or server. 192.168.1.142 (Physical Node)
  • Proxy server runs on 192.168.1.115 (virtual box)

    I have followed several swift documentation on how to setup a dedicated replication network, but there seems to be no success. When I set up a replication on SAIO it works quite well that I can see the replication status of both the account, container and object. But if i change the replication interface to the replication network nothing seems to be happening.

Interesting is that I can see the creation of object folder only, on the replication network, but no data inside the object folder. but neither the account or the container shows up on the replication network. Here are my current configuration on both the replication network and the storage server.

  • Replication Network Account Server

    [DEFAULT] devices = /srv/1/node mount_check=false bind_ip=192.168.1.142 bind_port = 6052 user = swift log_facility = LOG_LOCAL2 recon_cache_path = /var/cache/swift

    [pipeline:main] pipeline = recon account-server

    [app:account-server] use = egg:swift#account set log_name = account-server set log_facility = LOG_LOCAL2 set log_level = INFO set log_requests = true set log_address = /dev/log replication_server = True

    [filter:recon] use = egg:swift#recon

    [account-replicator] vm_test_mode = yes

    [account-reaper]

Storage server account

[DEFAULT]
devices = /srv/1/node
mount_check=false
bind_ip=192.168.1.5
bind_port = 6012
user = swift
log_facility = LOG_LOCAL2

[pipeline:main]
pipeline = account-server

[app:account-server]
use = egg:swift#account
set log_name = account-server
set log_facility = LOG_LOCAL2
set log_level = INFO
set log_requests = true
set log_address = /dev/log

[account-reaper]

* The above is the same for both container and account*

Storage rings

# Object Ring
swift-ring-builder object.builder create 18 3 1
swift-ring-builder object.builder add z1-192.168.1.5:6010R192.168.1.142:6050/sdc1 1
swift-ring-builder object.builder add z2-192.168.1.5:6020R192.168.1.142:6060/sdc2 1
swift-ring-builder object.builder add z3-192.168.1.5:6030R192.168.1.142:6070/sdc3 1
swift-ring-builder object.builder add z4-192.168.1.5:6040R192.168.1.142:6080/sdc4 1
swift-ring-builder object.builder rebalance

# Container Ring
swift-ring-builder container.builder create 18 3 1
swift-ring-builder container.builder add z1-192.168.1.5:6011R192.168.1.142:6051/sdc1 1
swift-ring-builder container.builder add z2-192.168.1.5:6021R192.168.1.142:6061/sdc2 1
swift-ring-builder container.builder add z3-192.168.1.5:6031R192.168.1.142:6071/sdc3 1
swift-ring-builder container.builder add z4-192.168.1.5:6041R192.168.1.142:6081/sdc4 1
swift-ring-builder container.builder rebalance

#ACCOUNT RING
swift-ring-builder account.builder create 18 3 1
swift-ring-builder account.builder add z1-192.168.1.5:6012R192.168.1.142:6052/sdc1 1
swift-ring-builder account.builder add z2-192.168.1.5:6022R192.168 ...
(more)