Ask Your Question

zaitcev's profile - activity

2015-08-18 15:15:18 -0500 commented question swift - Account HEAD failed: 401 Unauthorized - Kilo CentOS 7

there may be something in /var/log/swift/swift.log, but I would not hold my breath

2015-07-05 02:39:39 -0500 answered a question swift-init proxy start "bind_port wasn't properly set in the config file" the first few lines of proxy-server.conf: [DEFAULT]

The message is caused by conf() missing the 'bind_port' key or the value not converting to int. Therefore, it's either 1) space at the end of the 8080, another invisible character, or 2) another bind_port down file.

2015-07-05 02:34:02 -0500 commented question can't access swift remotelly

host=<keystonemachine>, port=8080 <====== makes no sense, you said keystone and swift are on separate VMs, 8080 is not served by keystone

2015-06-01 18:33:41 -0500 answered a question swift-proxy service not start on opensuse 13.2

There's not much you can do but obtain the PyECLib, liberasurecode, gf-complete, and jerasure packages by any means necessary.

Fedora has test RPMs in review phase if you want to use those: - PyECLib - liberasurecode - jerasure - gf-complete

At this point if may be easier to create a sacrificial VM and pollute the heck of it with pip.

2015-05-13 11:46:29 -0500 commented answer Is there any API/command which gives me all the swift zones and region information?

Swift itself does not maintain any kind of run-time registry of services. So you either need to piece together a script with ssh that runs "swift-init status", or get some kind of monitoring agents. In real life people just run recon instead.

2015-05-13 11:44:21 -0500 answered a question define swift replica count by region?

No, there's no way to do what you want. You might accomplish a similar effect by screwing around with weights, but that only approximates your goal statistically.

If you're really dead-set on controlled, lopsided distributions, you need some kind of federation.

2015-05-13 11:37:30 -0500 answered a question Does swift-get-nodes return same result from any of the swift nodes?

swift-get-nodes extracts the information from the ring and ring only. Essentially it performs the lookup that a proxy or back-end server would do if given the same parameters. Its operation or output may have nothing to do with what is actually going on in the cluster in cases when you neglect to update the ring on the nodes or fail to run the necessary services.

The traditional location for running swift-get-nodes is the same management workstation that runs the builder, and not a cluster node at all.

2015-04-22 11:10:26 -0500 answered a question How to upload a file using PUT with Swift API?

Your curl is waiting for the standard input. You need to supply the file you're uploading with -T.

2015-04-22 11:06:15 -0500 answered a question Is it necessary that the swift-proxy and keystone on the same subnet

This has nothing to do with any subnets. Just typo in addresses or hostnames, or maybe a firewall somewhere.

2015-04-22 11:05:01 -0500 answered a question openstack swift install problem´╝Üswiftclient.service.SwiftError: 'Account not found'

If this is the first account, most likely permissions are screwed up in the back-end storage, so accounts are not created. The stat doesn't expect that to happen and aborts.

2015-04-16 20:12:12 -0500 answered a question what is the latest version of swift supported on RHEL 6 ?

If you mean what is the latest version that RDO supports on RHEL 6, then it's 2.2.0. The latest version in RHEL OSP is 1.13.1 on RHEL 6.5. If you use the community source, then using stock RPMs from RHEL 6 and EPEL, you can use everything up to and including 2.2.2. However, anything that uses EC requires PyECLib, which I did not plan to package for RHEL 6. You'd need to build it from source yourself.

2015-03-25 10:32:51 -0500 answered a question Does swift 1.0 supports object versioning ?

If the question is about Swift releases, the 1.0 did not support object versions. The first release that did was 1.5.0, committed in June 2012. It was part of OpenStack Essex release.

2015-03-23 21:07:14 -0500 answered a question Is there a problem with the openstack repos?

In my case, it was the NSS getting screwed somehow. I downloaded the nss*-3.16.1-14.el6.x86_64.rpm and nspr-4.10.6-1.el6_5.x86_64.rpm, installed, and everything worked again without any tinkering with /etc/yum.conf or other.

2015-03-09 12:28:11 -0500 answered a question where is the password storage in Icehouse Swift?

In OpenStack installations, the default and main auth is Keystone (see ). Keystone stores credentials in main MySQL server of the cluster, or, alternatively, in a dedicated SQLite database. The swauth is used in standalone Swift installations without the rest of OpenStack. It stores credentials within Swift itself. The TempAuth is used in testing and in stub installations where Swift only has 1 app client. It uses passwords defined in proxy-server.conf.

2015-03-02 12:00:13 -0500 answered a question Adding a new datacentre (swift object store)

You don't need to overload on replicas like that, althogh the just-in Kota's patch for efficient replication makes it more palatable. Remember that in most clusters, number of zones far exceeds the replication factor (e.g. 15 zones and 3 replicas).

The data is not going anywhere no matter what, but if you go all-out, you're going to degrade the performance of the cluster significantly while replication sorts it out.

_I think_ the old partitions should not move if you do the +3 thing, because the new balance is very good (I am taking about the builder before the "overload"). So, it's a smart call, but I expect it do you no good because of the amount of data you have to transfer anyway to fill out those 3 new replicas. So I suspect that dragging it out would cause less degradation, even though partitions may move due to unbalance at each step.

2015-03-02 11:54:46 -0500 commented answer Quick swift install question

There's no way to guess the administrator's intentions here, because running combined nodes is possible. Therefore, information log about what's present.

2015-02-24 20:12:32 -0500 commented answer failed upgrade swift from 1.7 to 1.13 on centos 6.5

I was against that stupid prefix thing when it was introduced, but I wasn't on core back then and could not veto it.

2015-02-24 20:08:27 -0500 answered a question No replication or single replica

You don't use set_replicas initially, but specify the replicas in create subcommand. But later you can change the number of replicas using set_replicas as you expect.

Note that you must guess the correct partition power for the future expansion. It cannot be changed.

2015-01-29 13:56:02 -0500 commented answer unable to create containers

That was my guess too. Typically /srv/node/xxx are mounted, so _they_ get the permissions, but not the mount point itself. In SAIO, however, you chown the /srv/node/xxx without mounting anything.

2015-01-29 13:53:06 -0500 commented question swift stat [Errno 111] Connection refused Icehouse

Swift always logs to syslog. The default facility is local0. So, if you don't do anything, the log ends in /var/log/messages, /var/log/syslog, or such. The convention is to redirect it to /var/log/swift/swift.log in rsyslog.conf. Track that down.

2015-01-19 11:54:11 -0500 commented question How do I create a Swift only user

Denial is different from adding roles. Swift allows all access to the user with the same name as the tenant (such as zaitcev:zaitcev). It's called "owner" and works regardless of e.g. swiftoperator role.

2015-01-18 00:05:20 -0500 commented question object-replicator: rsync error: error in file IO

I don't think rsyncs can be that different. Most likely it's either SSL-wrapped rsync listening on normal socket, or something other than rsync altogether. Check with running "rsync", should return literal account, container, object per line.

2015-01-18 00:01:14 -0500 commented question swift diskfull in Zones

Proxy and replicators cannot know what disks are full. Swift does not have any kind of dynamic status map. If you have devices of varying size, you should use weights to make bigger devices take more patitions.

2015-01-18 00:01:14 -0500 received badge  Enthusiast
2015-01-16 10:23:19 -0500 commented question swift stat Account HEAD failed 503 Internal Server Error

This is unrelated to the problem, but Keystone users often end with that double-port thing (:8080:8080). That is invalid and needs fixing, but I don't know just how you accomplished that, so I have no suggestions.

2015-01-16 10:23:19 -0500 received badge  Commentator
2015-01-16 10:21:48 -0500 answered a question swift stat Account HEAD failed 503 Internal Server Error

You can see that proxy tries to connect to swift2 (and gets connection refused), while the question's premise states that storage nodes are swift1 and swift3. Sounds like ring does not match where the servers are started. You can examine the actual ring with "swift-ring-builder account.builder". Without additional arguments it would print the ring. Make sure it contains the 2 storage nodes and not the proxy node, make sure that storage nodes do actually run the account/container/object servers, and that ports listed in the ring match the configurations of the running servers.

2015-01-16 10:12:32 -0500 commented question How do I create a Swift only user

Sounds about right. You don't need any ACLs after step2. Better yet, you can just use swiftoperator in most cases.

2015-01-13 23:00:50 -0500 answered a question How to enable swift bulk operation?I

Use -X POST, not DELETE.

2015-01-12 17:18:53 -0500 commented answer swift change replication address

This really is a problem of IP renumbering, isn't it? As such, you could take two paths: (1) all-up renumbering to the new "global" network (with a downtime), or (2) route "new" network into the "old" one and migrate node by node.

2015-01-12 17:13:47 -0500 answered a question swift container-server.conf error

You must have a use= statement in the [filter:recon] section. Or, you could run without recon if the cluster is small.

2015-01-12 17:10:56 -0500 commented question SWIFT API to the disk

look at and . Looks using AsyncClient.putAsync.

Anyway, hit me and Clay on IRC or by e-mail.

2015-01-12 16:48:33 -0500 answered a question Cannot use swift-init to check swift services status on Fedora 21

I don't think you can do what you want, sorry. The reason being that SystemD uses process control groups, therefore (in most cases) PID files are not created at all.

If you want to use swift-init to manage your cluster, you should use it to start it as well check status. If you use systemctl command to start the cluster, you should use systemctl status subcommand. This actually applies to older systems too, such as RHEL 6, where you either use swift-init for everything, or you use service/chkconfig for everything. So even before systemd you could not mix them, although status checking happened to work because of PID files being compatible. But we always discouraged this practice.

Note that if you use swift-init, the SElinux context is not going to be set correctly. Therefore, it may only be used on systems where SElinux is not run in Enforcing more.

2015-01-12 16:43:21 -0500 answered a question Does Swift send updates when objects have been modified in a container?

No, there's no pub-sub in Swift. Not in core, anway. Middleware may provide something like that, although personally I'm not aware of such.

There's a heavy-duty solution that a bigger problem, called "ZeroVM", which permits to run apps on Swift nodes. That hammer is definitely big enough for your problem, I'm just not sure you can use it, depending on who owns the cluster and how much effort you're willing to expend.

A more hacky approach that I can think of is to configure StatD middleware to inform a listener. Again you must own the cluster to configure it.

Note that Swift has internal update notification, supported by so-called "updater" processes. They are used to collect summary numbers and cannot be used from the outside. Don't even bother trying to tap into those.

2015-01-12 16:38:16 -0500 answered a question Centos7: swift proxy-server fails to start after configuring ceilometer

You cannot follow the suggestions in bug 1262264 blindly. People were trying to hash out a good combination of permissions there, so none of what they propose appears to help you directly. The root problem you're trying to solve is to let Ceilometerer middleware to write, while running inside Swift (it's a middleware, duh). So, just chown swift.swift for everything it needs, such as /var/log/ceilometer/swift-proxy*.log and chmod a+r on it so that Ceilometer itself can read it after its middleware wrote it. Probably not the most elegant way to do it, but should be bulletproof.

2015-01-12 16:27:17 -0500 edited answer swift http/1.1 401 unauthorized

The token looks broken, probably edited. I know of no auth system that generates tokens like "AUTH_a995798a5721451e81daaf695eec8eca" (althogh certainly there could be one out there).

For Keystone, parameters are usually like this (if UUID, not PKI):

token "id": "4ae2ee60868b48e99c6c5d7d35d9b9d5" "publicURL": "http://kvm-rei.zaitcev.lan:8080/v1/AUTH_ea15004eb664450dae0a3302d98fd28b"


curl -v -X HEAD -H "X-Auth-Token: 4ae2ee60868b48e99c6c5d7d35d9b9d5" http://kvm-rei.zaitcev.lan:8080/v1/AU...

For tempauth, parameters are usually like this:

x-auth-token: AUTH_tkcadf8292b8324abab37b9c0b219c2b84 x-storage-url:


curl -v -k -X HEAD -H "X-Auth-Token: AUTH_tkcadf8292b8324abab37b9c0b219c2b84"

It's very, very unlikely that the above combination of AUTH_a995798a5721451e81daaf695eec8eca and http://controllerip:8080/v1/AUTH_test is valid. Do not edit your tokens when passing to curl. Use my examples for guidance.