details on how to make swift work with keystonw
hi i am trying to make keystone work with swift. there is less documnetation on how it can be done. i have followed the instruction provided by this site : http://
but whenever i try to test it
error account not found was observed
any help or suggestion.
Question information
- Language:
- English Edit question
- Status:
- Answered
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Revision history for this message
|
#1 |
You can separate these two projects for debugging.
1. Make sure that your keystone working well for authenticating a username/ password
2. Does Keystone return X-Storage-Url and X-Auth-Token for you . While test it with curl command.
3. Does Swift works with tempauth ?
4. Can you access swift by a validated token ?
There're too many possibles in your case though . Let's decrease the scope .
Revision history for this message
|
#2 |
yes keystone is working well for authenticating
yes swift works well with tempauth
this is output with curl
curl -d '{"auth": {"tenantName": "demoTenant", "passwordCreden
% Total % Received % Xferd Average Speed Time Time Time Current
100 1309 100 1199 100 110 4541 416 --:--:-- --:--:-- --:--:-- 4558
{
"access": {
{
],
},
{
],
},
{
],
},
{
],
}
],
"token": {
"id": "e87623ed-
}
},
"user": {
"id": "2",
"name": "demoUser",
{
},
{
}
]
}
}
Revision history for this message
|
#3 |
{
],
}
The end point url of swift-proxy is incorrect .
the object-store should look like
http://
Other endpointTemplates could refer
https:/
Revision history for this message
|
#4 |
hi still having the problem with swift and keystone intregation.
i defined end point templates for swift in the followint manner.
sudo keystone-manage endpointTemplates add RegionOne swift http://
proxy-server.conf
[DEFAULT]
bind_port = 8080
user = swift
[pipeline:main]
pipeline = catch_errors healthcheck cache authtoken swiftauth proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_autocreate = true
[filter:swiftauth]
use = egg:keystone#
keystone_url = http://
keystone_
keystone_
keystone_
[filter:authtoken]
paste.filter_
auth_protocol = http
service_port = 5000
service_host = 130.237.215.18
auth_port = 35357
auth_host = 130.237.215.18
admin_token = 999888777666
delay_auth_decision = 0
[filter:
use = egg:swift#
[filter:cache]
use = egg:swift#memcache
set log_name = cache
memcache_servers = 130.237.
[filter:
use = egg:swift#
here is my keystone .conf
[DEFAULT]
# Show more verbose log output (sets INFO log level output)
verbose = False
# Show debugging output in logs (sets DEBUG log level output)
debug = False
# Which backend store should Keystone use by default.
# Default: 'sqlite'
# Available choices are 'sqlite' [future will include LDAP, PAM, etc]
default_store = sqlite
# Log to this file. Make sure you do not set the same log
# file for both the API and registry servers!
log_dir = /var/log/keystone
log_file = keystone.log
# List of backends to be configured
backends = keystone.
#For LDAP support, add: ,keystone.
# Dictionary Maps every service to a header.Missing services would get header
# X_(SERVICE_NAME) Key => Service Name, Value => Header Name
service-
'nova' : 'X-Server-
'swift' : 'X-Storage-Url',
'cdn' : 'X-CDN-
# Address to bind the API server
# TODO Properties defined within app not available via pipeline.
service_host = 0.0.0.0
# Port the bind the API server to
service_port = 5000
# Address to bind the Admin API server
admin_host = 0.0.0.0
# Port the bind the Admin API server to
admin_port = 35357
#Role that allows to perform admin operations.
keystone-admin-role = Admin
#Role that allows to perform service admin operations.
keystone-
#Tells whether password user need to be hashed in the backend
hash-password = True
[keystone.
# SQLAlchemy connection string for the reference implementation registry
# server. Any valid SQLAlchemy connection string is fine.
# See: http://
sql_connection = mysql:/
backend_entities = ['UserRoleAssoc
# Period in seconds after which SQLAlchemy should reestablish its connection
# to the database.
sql_idle_timeout = 30
[pipeline:admin]
pipeline =
urlrewritef
admin_api
[pipeline:
pipeline =
urlrewritef
legacy_auth
RAX-
service_api
[app:service_api]
paste.app_factory = keystone.
[app:admin_api]
paste.app_factory = keystone.
[filter:
paste.filter_
[filter:
paste.filter_
[filter:
paste.filter_
[filter:debug]
paste.filter_
i dont know whats wrong with my configuration. can u please help me.
Revision history for this message
|
#5 |
hi i figured it out . i just define the service catlog in wrong way. but
now i am facing other error. whenever i try to verify that keystone is
providing authentication to swift i saw error .
the error says
account head failed . 500 internal server error.
this may be due to by default keystone use https. in order to resolv it i
change auth_urí to http and auth_protocol to http in both keystone.conf and
proxy.conf but still facing same error .
any suggestion please its urgent
On Mon, Apr 2, 2012 at 5:15 PM, sanjaya dahal <
<email address hidden>> wrote:
> Your question #192041 on Keystone changed:
> https:/
>
> Status: Answered => Open
>
> You are still having a problem:
> hi still having the problem with swift and keystone intregation.
> i defined end point templates for swift in the followint manner.
> sudo keystone-manage endpointTemplates add RegionOne swift
> http://
> http://
> http://
> proxy server.conf
>
> proxy-server.conf
>
> [DEFAULT]
> bind_port = 8080
> user = swift
>
> [pipeline:main]
> pipeline = catch_errors healthcheck cache authtoken swiftauth proxy-server
>
>
> [app:proxy-server]
> use = egg:swift#proxy
> allow_autocreate = true
>
> [filter:swiftauth]
> use = egg:keystone#
> keystone_url = http://
> keystone_
> keystone_
> keystone_
>
>
> [filter:authtoken]
> paste.filter_
> auth_protocol = http
> service_port = 5000
> service_host = 130.237.215.18
> auth_port = 35357
> auth_host = 130.237.215.18
> admin_token = 999888777666
> delay_auth_decision = 0
>
> [filter:
> use = egg:swift#
>
> [filter:cache]
> use = egg:swift#memcache
> set log_name = cache
> memcache_servers = 130.237.
>
> [filter:
> use = egg:swift#
>
>
> here is my keystone .conf
>
> [DEFAULT]
> # Show more verbose log output (sets INFO log level output)
> verbose = False
>
> # Show debugging output in logs (sets DEBUG log level output)
> debug = False
>
> # Which backend store should Keystone use by default.
> # Default: 'sqlite'
> # Available choices are 'sqlite' [future will include LDAP, PAM, etc]
> default_store = sqlite
>
> # Log to this file. Make sure you do not set the same log
> # file for both the API and registry servers!
> log_dir = /var/log/keystone
> log_file = keystone.log
>
> # List of backends to be configured
> backends = keystone.
> #For LDAP support, add: ,keystone.
>
> # Dictionary Maps every service to a header.Missing services would get
> header
> # X_(SERVICE_NAME) Key => Service Name, Value => Header Name
> service-
> 'nova' : 'X-Server-
> 'swift' : 'X-Storage-Url',
> 'cdn' : 'X-CDN-
>
> # Address to bind the API server
> # TODO Properties defined within app not available via pipeline.
> service_host = 0.0.0.0
>
> # Port the bind the API server to
> service_port = 5000
>
> # Address to bind the Admin API server
> admin_host = 0.0.0.0
>
> # Port the bind the Admin API server to
> admin_port = 35357
>
> #Role that allows to perform admin operations.
> keystone-admin-role = Admin
>
> #Role that allows to perform service admin operations.
> keystone-
>
> #Tells whether password user need to be hashed in the backend
> hash-password = True
>
> [keystone.
> # SQLAlchemy connection string for the reference implementation registry
> # server. Any valid SQLAlchemy connection string is fine.
> # See: http://
> sql_connection = mysql:/
> backend_entities = ['UserRoleAssoc
> 'User', 'Credentials', 'EndpointTempla
> 'Service']
>
> # Period in seconds after which SQLAlchemy should reestablish its
> connection
> # to the database.
> sql_idle_timeout = 30
>
> [pipeline:admin]
> pipeline =
> urlrewritefilter
> admin_api
>
> [pipeline:
> pipeline =
> urlrewritefilter
> legacy_auth
> RAX-KEY-extension
> service_api
>
> [app:service_api]
> paste.app_factory = keystone.
>
> [app:admin_api]
> paste.app_factory = keystone.
>
> [filter:
> paste.filter_
>
> [filter:
> paste.filter_
>
> [filter:
> paste.filter_
> keystone.
>
>
> [filter:debug]
> paste.filter_
>
>
> i dont know whats wrong with my configuration. can u please help me.
>
> --
> You received this question notification because you asked the question.
>
Revision history for this message
|
#6 |
hi still getting error can u help me plaese
this is output from my dashboard
Environment:
Request Method: GET
Request URL: http://
Django Version: 1.3
Python Version: 2.7.2
Installed Applications:
['dashboard',
'django.
'django.
'django.
'django.
'django_
'django_
'mailer']
Installed Middleware:
('django.
'django.
'django.
'django.
'django_
'django.
'django.
'dashboard.
Traceback:
File "/usr/lib/
111. response = callback(request, *callback_args, **callback_kwargs)
File "/usr/lib/
23. return view_func(request, *args, **kwargs)
File "/usr/lib/
74. containers = api.swift_
File "/usr/lib/
775. return [Container(c) for c in swift_api(
File "/usr/lib/
306. return ContainerResult
File "/usr/lib/
389. raise ResponseError(
Exception Type: ResponseError at /dash/1/containers/
Exception Value: 500: Internal Server Error
i also tried this command in order to check
swift -A http://
Account HEAD failed: http://
i cant resolv it out and have no idea what is causing problem so can u please help me
Revision history for this message
|
#8 |
Could you please try to authenticate user/password from Keystone API endpoint first ?
Example for API v1.0 :
curl -v -H "X-Auth_User: %username%" -H "X-Auth-Key: %password% "http://
In your swift client response , I think keystone should work properly .
And Keystone will return
X-AUTH-TOKEN and X-Storage-Url Headers
After That , please send request to Swift-proxy API endpoint directly for creating an account . Example as follow.
curl -X PUT -v -H "X-AUTH-Token: %Token%" http://
In normal condition , you will receive 201 created.
If sill failed , you have to check the permission of target disk mounting point .
Can you help with this problem?
Provide an answer of your own, or ask sanjaya dahal for more information if necessary.