swift and Cyberduck

Hi Chau,

First of, is this a SAIO setup ? (I assume so)

- cyberduck only allows https connections. So you need to setup swift-proxy with SSL and on port 443. I don't remember if cyberduck will work with SSL on port 8080.

- Is this a typo "username: test.tester" ? it should be "test:tester"

- How does your proxy-server.conf looks like ?

Hi Marcelo,

Thank for your reply,

Yes, I followed SAIO to setup swift 1.4.3

- for cyberduck on window, I still don't know what happen while it cannot make a connection to swift server

- the username for login should be "test:tester"

- my proxy-server.conf as below:

[DEFAULT]
bind_port = 8080
user = root
log_facility = LOG_LOCAL1

#cert_file = /etc/swift/cert.crt
#key_file = /etc/swift/cert.key

[pipeline:main]
pipeline = healthcheck cache swauth proxy-server

[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true

[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test_tester3 = testing3

[filter:swauth]
use = egg:swauth#swauth
set log_name = swauth
super_admin_key = secure_key

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:cache]
use = egg:swift#memcache

I am still investigating on cyberduck and swift, to find out how to make a connection between them.
I have already change the port from 8080 to 443 but the problem still there.

look forward to hearing from your idea.

Thank you

Hi Chau/Marcelo,
Cyberduck should be honoring the port specified. We had this issue before see (http://trac.cyberduck.ch/ticket/5216). (However, I think you're correct that ssl is required.)

I'd be curious to know if honoring regressed in Cyberduck. Report findings!

Chau,
When you make the request on your ubuntu machine. Does the deployment work with 'https' on the command line?

Do either of these work?

swift -A https://192.168.0.82:8080/auth/v1.0 -U test:tester -K testing stat -v

-or-

curl -k -v -H 'X-Auth-User: test:tester' -H 'X-Auth-Key: testing' https://192.168.0.82:8080/auth/v1.0

-Joe

Hi Joe

swauth and swift don't work for "https" protocol and 443 port.

I am headache with that problems.

when i try to create new user chau:

swauth-add-user -A https://192.168.0.82:8080/auth/ -K secure_key -a chau chauer chauing

error as below:
========================
root@chaupv-desktop:~# swauth-add-user -A https://192.168.0.82:8080/auth/ -K secure_key -a chau chauer chauing
Traceback (most recent call last):
  File "/usr/local/bin/swauth-add-user", line 7, in <module>
    execfile(__file__)
  File "/root/swift/gholt-swauth-69fd700/bin/swauth-add-user", line 76, in <module>
    ssl=(parsed.scheme == 'https'))
  File "/root/swift/release/swift/common/bufferedhttp.py", line 168, in http_connect_raw
    conn.endheaders()
  File "/usr/lib/python2.6/httplib.py", line 904, in endheaders
    self._send_output()
  File "/usr/lib/python2.6/httplib.py", line 776, in _send_output
    self.send(msg)
  File "/usr/lib/python2.6/httplib.py", line 735, in send
    self.connect()
  File "/usr/lib/python2.6/httplib.py", line 1112, in connect
    self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
  File "/usr/lib/pymodules/python2.6/eventlet/green/ssl.py", line 310, in wrap_socket
    return GreenSSLSocket(sock, *a, **kw)
  File "/usr/lib/pymodules/python2.6/eventlet/green/ssl.py", line 47, in __init__
    super(GreenSSLSocket, self).__init__(sock.fd, *args, **kw)
  File "/usr/lib/python2.6/ssl.py", line 118, in __init__
    self.do_handshake()
  File "/usr/lib/pymodules/python2.6/eventlet/green/ssl.py", line 218, in do_handshake
    super(GreenSSLSocket, self).do_handshake)
  File "/usr/lib/pymodules/python2.6/eventlet/green/ssl.py", line 78, in _call_trampolining
    return func(*a, **kw)
  File "/usr/lib/python2.6/ssl.py", line 293, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [Errno 1] _ssl.c:480: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
=========================

when i try to test on user "tim" with "https":
curl -v -H 'X-Storage-User: tim:timmer' -H 'X-Storage-Pass: timming' https://192.168.0.80:8080/auth/v1.0

output=>
==============================
curl -v -H 'X-Storage-User: tim:timmer' -H 'X-Storage-Pass: timming' https://127.0.0.1:8080/auth/v1.0
* About to connect() to 127.0.0.1 port 8080 (#0)
* Trying 127.0.0.1... connected
* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
* successfully set certificate verify locations:
* CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Closing connection #0
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol=>
* About to connect() to 127.0.0.1 port 8080 (#0)
* Trying 127.0.0.1... connected
* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
* successfully set certificate verify locations:
* CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Closing connection #0
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

==============================

Do you have any idea? Joe?

Thank you

Hi Joe/Marcelo

Hi everybody

can anyone show me how to enable "https" on swift?

ok,

- First, you need to create the cert/key and also enable them in the proxy-server.conf (assuming you haven't done so already)
--> cert_file = /etc/swift/cert.crt
--> key_file = /etc/swift/cert.key

I'm also assuming here that your "bind_port" is set to 443

- Under the swauth section you will also need to add the "default_swift_cluster" option

default_swift_cluster = local#https://192.168.0.80:443//v1#https://127.0.0.1:443/v1

Then restart the proxy

- Now, you will need to either create a new swauth account/user so that it picks up the new storageUrl or change the storageUrl for the old account with "swauth-set-account-service " tool

Hi Marcelo,

I have followed your guideline as below

--------------------------------------------------
1) my configuration for swift proxy

[DEFAULT]
bind_port = 443
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key
user = root
log_facility = LOG_LOCAL1

#[pipeline:main]
#pipeline = healthcheck cache tempauth proxy-server
[pipeline:main]
pipeline = healthcheck cache swauth proxy-server

[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true

[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test_tester3 = testing3

[filter:swauth]
use = egg:swauth#swauth
set log_name = swauth
default_swift_cluster = local#https://192.168.0.15:443//v1#https://127.0.0.1:443/v1
super_admin_key = chaupv79

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:cache]
use = egg:swift#memcache

--------------------------------

2) when I create new users on "https"

swauth-add-user -A https://192.168.0.15:443/auth/ -K chaupv79 -a chau chauer chauing

=> error

root@chaupv-desktop:~/swift/trunk# swauth-add-user -A https://192.168.0.15:443/auth/ -K chaupv79 -a chau chauer chauing

Account creation failed: 500 Server Error
User creation failed: 500 Server Error

Do you know why, Marcelo?

sorry, default_swift_cluster should be:

default_swift_cluster = local#https://192.168.0.15:443/v1#https://127.0.0.1:443/v1

2) when I create new users on "https"

swauth-add-user -A https://192.168.0.15:443/auth/ -K chaupv79 -a chau chauer chauing

=> error

root@chaupv-desktop:~/swift/trunk# swauth-add-user -A https://192.168.0.15:443/auth/ -K chaupv79 -a chau chauer chauing

Account creation failed: 500 Server Error
User creation failed: 500 Server Error

Do you know why, Marcelo?

Sorry, I need to add enough information

I had created account before creating user

root@chaupv-desktop:~/swift/trunk# swauth-add-account -A https://192.168.0.15:443/auth/ -K chaupv79 chau

and the error 500 occurs =>

Account creation failed: 500 Server Error

What do the logs show?

Have you stopped all the swift services and started them again just in case? And also verified that all are indeed running

What is the output if you just do a swauth-list? Same error?

I also noticed that your cache line does not specify a memcache server but I believe it might default to localhost. Try restarting memcached as well

Chau Pham <email address hidden> wrote:

>Question #169028 on OpenStack Object Storage (swift) changed:
>https://answers.launchpad.net/swift/+question/169028
>
>Chau Pham gave more information on the question:
>Sorry, I need to add enough information
>
>I had created account before creating user
>
>root@chaupv-desktop:~/swift/trunk# swauth-add-account -A
>https://192.168.0.15:443/auth/ -K chaupv79 chau
>
>and the error 500 occurs =>
>
>Account creation failed: 500 Server Error
>
>--
>You received this question notification because you are a direct
>subscriber of the question.

Hi Marcelo,

Thank you for your reply.

to make sure I have restarted all server by

- swift-init stop all
- swift-init start all

after I reset all services, I dare to make sure all services are running.

I create swift account again

swauth-add-account -K chaupv79 -A https://192.168.0.15:443/auth/ chau

=> Account creation failed: 500 Server Error

Log
===================proxy.log===========
root@chaupv:~/swift/trunk# cat /var/log/swift/proxy.log
Aug 26 11:32:10 chaupv proxy-server - - 26/Aug/2011/02/32/10 HEAD /v1/AUTH_.auth/chau HTTP/1.0 404 - Swauth - - - - - - 0.0196
Aug 26 11:32:10 chaupv proxy-server - - 26/Aug/2011/02/32/10 PUT /v1/AUTH_.auth/chau HTTP/1.0 404 - Swauth - - - - - - 0.0009
root@chaupv:~/swift/trunk#

===================proxy.error==========
root@chaupv:~/swift/trunk# cat /var/log/swift/proxy.error
Aug 26 11:28:00 chaupv proxy-server Started child 5039
Aug 26 11:29:47 chaupv proxy-server SIGTERM received
Aug 26 11:29:47 chaupv proxy-server Exited
Aug 26 11:30:02 chaupv proxy-server Started child 5457
Aug 26 11:32:10 chaupv proxy-server STDOUT: EXCEPTION IN handle: Traceback (most recent call last):#012 File "/usr/local/lib/python2.6/dist-packages/swauth-1.0.3.dev-py2.6.egg/swauth/middleware.py", line 415, in handle#012 return self.handle_request(req)(env, start_response)#012 File "/usr/local/lib/python2.6/dist-packages/swauth-1.0.3.dev-py2.6.egg/swauth/middleware.py", line 482, in handle_request#012 req.response = handler(req)#012 File "/usr/local/lib/python2.6/dist-packages/swauth-1.0.3.dev-py2.6.egg/swauth/middleware.py", line 720, in handle_put_account#012 'account: %s %s' % (path, resp.status))#012Exception: Could not create account within main auth account: /v1/AUTH_.auth/chau 404 Not Found#012: {'SCRIPT_NAME': '/auth/v2/chau', 'webob.adhoc_attrs': {'start_time': 1314325930.8969491, 'bytes_transferred': '-', 'client_disconnect': False}, 'REQUEST_METHOD': 'PUT', 'PATH_INFO': '', 'SERVER_PROTOCOL': 'HTTP/1.0', 'QUERY_STRING': '', 'eventlet.posthooks': [(<bound method Swauth.posthooklogger of <swauth.middleware.Swauth object at 0x2be3190>>, (<Request at 0x2c3f3d0 PUT https://192.168.0.15/auth/v2/chau>,), {})], 'SERVER_NAME': '192.168.0.15', 'REMOTE_ADDR': '192.168.0.15', 'eventlet.input': <eventlet.wsgi.Input object at 0x2c28450>, 'HTTP_X_AUTH_ADMIN_KEY': 'chaupv79', 'wsgi.url_scheme': 'https', 'SERVER_PORT': '443', 'HTTP_X_AUTH_ADMIN_USER': '.super_admin', 'HTTP_X_CF_TRANS_ID': 'txc5b99ca4-ca75-4d69-bd65-1bd6e88bcde1', 'wsgi.input': <eventlet.wsgi.Input object at 0x2c28450>, 'HTTP_HOST': '192.168.0.15', 'swift.cache': <swift.common.memcached.MemcacheRing object at 0x2c3f290>, 'HTTPS': 'on', 'wsgi.multithread': True, 'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once': False, 'wsgi.errors': <swift.common.utils.LoggerFileObject object at 0x2b704d0>, 'wsgi.multiprocess': False, 'CONTENT_TYPE': None, 'HTTP_ACCEPT_ENCODING': 'identity'}

I will wait for your answer, Marcelo

Thank you

I will wait for your answer, Marcelo

Thank you

Hmm I noticed that you changed the "super_admin_key" from the first post of the proxy-server.conf to the second post. I assume this is a different SAIO setup as well, right ? since I noticed the IP changes as well.

Anyway,

Are you able to get anything from "swauth-list -K chaupv79 -A https://127.0.0.1:443/auth/ " ?

I haven't used this version of swauth "swauth-1.0.3.dev", there could be some bugs on that one I guess.

Hi Marcelo,

I appreciated your suggestion and your help.
I saw that there is something wrong in swift or some bug inside swift or cyberduck,

for an end-user, to install successful swift, it is a big challenge.
anyway, I will keep fighting with swift..... :))

I will make an installation carefully, and test again.
then i will inform you more detail.

Hi Marcelo,

I have solved my problem.

cyberduck in Mac OSX can connect to swift server now.
but cyberduck in Window cannot.

Thank for you help.

I want to install an image Windows 7 in swift but when installing it generates an error message
PS: I installed swift in ubuntu 11.04 that is installed in a virtual server esx I think that's the cause of the problem and I'm not sure if there is a solution plz help me

Hi Moubarik siham

I guess, you don't have enough resources, it means that you dont have enough RAM.

just in case, make sure you have at least 4 GB of RAM before doing with nova or swift

hi chau Pham

yes you were right i had problem with resources now when i resolved this i have a other problem , i can't enable https although I followed all the instructions here is the error :

nano /etc/swift/proxy-server.conf

[DEFAULT]
bind_port = 443
#bind_ip = 192.168.3.20
user = root
log_facility = LOG_LOCAL1
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key

[pipeline:main]
pipeline = healthcheck cache tempauth proxy-server

[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true

[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test3_tester3 = testing3 .admin

[filter:swauth]
use=egg:swift#tempauth
set log_name = swauth
default_swift_cluster = local#https://192.168.3.20:443/v1#https://127.0.0.1:443/v1
super_admin_key = admin

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:cache]
use = egg:swift#memcache
memcache_servers = 192.168.3.20:11211

++++++++++++++++++++++++++++++++++++++++++++++++++++++++
root@dtv-110702:/etc/swift# swauth-add-user -A https://192.168.3.20:443/auth/ -K admin -a test7 tester7 testing7

Traceback (most recent call last):
  File "/usr/bin/swauth-add-user", line 76, in <module>
    ssl=(parsed.scheme == 'https'))
  File "/usr/local/lib/python2.7/dist-packages/swift-1.4.3-py2.7.egg/swift/common/bufferedhttp.py", line 168, in http_connect_raw
    conn.endheaders()
  File "/usr/lib/python2.7/httplib.py", line 951, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 811, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 773, in send
    self.connect()
  File "/usr/lib/python2.7/httplib.py", line 1154, in connect
    self.timeout, self.source_address)
  File "/usr/lib/pymodules/python2.7/eventlet/green/socket.py", line 59, in create_connection
    raise error, msg
socket.error: [Errno 111] ECONNREFUSED
root@dtv-110702:/etc/swift# swauth-add-user -A https://192.168.3.20:443/auth/ -K admin -a test7 tester7 testing7
Traceback (most recent call last):
  File "/usr/bin/swauth-add-user", line 76, in <module>
    ssl=(parsed.scheme == 'https'))
  File "/usr/local/lib/python2.7/dist-packages/swift-1.4.3-py2.7.egg/swift/common/bufferedhttp.py", line 168, in http_connect_raw
    conn.endheaders()
  File "/usr/lib/python2.7/httplib.py", line 951, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 811, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 773, in send
    self.connect()
  File "/usr/lib/python2.7/httplib.py", line 1154, in connect
    self.timeout, self.source_address)
  File "/usr/lib/pymodules/python2.7/eventlet/green/socket.py", line 59, in create_connection
    raise error, msg
socket.error: [Errno 111] ECONNREFUSED

------------------------------------------------------------------------------
cat /var/log/swift/proxy/error

Sep 8 15:04:12 dtv-110702 proxy-server STDOUT: sr-esx54.netfective.com - - [08/Sep/2011 15:04:12] "#026#003#001#000�#001#000#000�#003#001Nh�L�θ#032z#031#��&��)*#026V�P�"l#026�#013#000�!�#000#000H#000��" 400 -
Sep 8 15:14:54 dtv-110702 proxy-server SIGTERM received
Sep 8 15:14:54 dtv-110702 proxy-server Exited
Sep 8 15:23:24 dtv-110702 proxy-server Started child 16678
Sep 8 15:39:25 dtv-110702 proxy-server STDOUT: sr-esx54.netfective.com - - [08/Sep/2011 15:39:25] code 400, message Bad HTTP/0.9 request type ('\x16\x03\x01\x00\x8b\x01\x00\x00\x87\x03\x01Nh\xc5\x8d\x11\xfb\xba\xe9f\xa8\xb9\xc9\x96\xe3%\xdd-=\xd2\xdb\xfc\x97\xb1\xb2\xe3\x1b\x90')
Sep 8 15:39:25 dtv-110702 proxy-server STDOUT: sr-esx54.netfective.com - - [08/Sep/2011 15:39:25] "#026#003#001#000�#001#000#000�#003#001Nhō#021���f��ɖ�%�-=�������#033� ���p#000#000H#000��" 400 -
Sep 8 15:39:27 dtv-110702 proxy-server STDOUT: sr-esx54.netfective.com - - [08/Sep/2011 15:39:27] code 400, message Bad request syntax ('\x16\x03\x01\x00\x8b\x01\x00\x00\x87\x03\x01Nh\xc5\x8f\x88\x8c\xe1\xe4\xaa\xd4f\xb3\xab\xc5\xff\xbb+\xeb\xb7PIR1\x87}\xf4\x1c\xe7\xac\xf2#\xd3\x00\x00H\x00\xff\xc0')
Sep 8 15:39:27 dtv-110702 proxy-server STDOUT: sr-esx54.netfective.com - - [08/Sep/2011 15:39:27] "#026#003#001#000�#001#000#000�#003#001Nhŏ������f�����+��PIR1�}�#034���#�#000#000H#000��" 400 -
Sep 8 16:08:39 dtv-110702 proxy-server STDOUT: dtv-110801.netfective.com - - [08/Sep/2011 16:08:39] code 400, message Bad HTTP/0.9 request type ('\x80n\x01\x03\x01\x00E\x00\x00\x00')
Sep 8 16:08:39 dtv-110702 proxy-server STDOUT: dtv-110801.netfective.com - - [08/Sep/2011 16:08:39] "�n#001#003#001#000E#000#000#000 #000#000#004#001#000�#000#000#005#000#000/#000#0005#000#0003#000#0009#000#0002#000#0008#000#000" 400 -
Sep 8 16:08:42 dtv-110702 proxy-server STDOUT: dtv-110801.netfective.com - - [08/Sep/2011 16:08:42] code 400, message Bad HTTP/0.9 request type ('\x80n\x01\x03\x01\x00E\x00\x00\x00')
Sep 8 16:08:42 dtv-110702 proxy-server STDOUT: dtv-110801.netfective.com - - [08/Sep/2011 16:08:42] "�n#001#003#001#000E#000#000#000 #000#000#004#001#000�#000#000#005#000#000/#000#0005#000#0003#000#0009#000#0002#000#0008#000#000" 400 -
Sep 8 16:08:43 dtv-110702 proxy-server STDOUT: dtv-110801.netfective.com - - [08/Sep/2011 16:08:43] code 400, message Bad HTTP/0.9 request type ('\x80n\x01\x03\x01\x00E\x00\x00\x00')
Sep 8 16:08:43 dtv-110702 proxy-server STDOUT: dtv-110801.netfective.com - - [08/Sep/2011 16:08:43] "�n#001#003#001#000E#000#000#000 #000#000#004#001#000�#000#000#005#000#000/#000#0005#000#0003#000#0009#000#0002#000#0008#000#000" 400 -
Sep 8 16:08:44 dtv-110702 proxy-server STDOUT: dtv-110801.netfective.com - - [08/Sep/2011 16:08:44] code 400, message Bad HTTP/0.9 request type ('\x80n\x01\x03\x01\x00E\x00\x00\x00')
Sep 8 16:08:44 dtv-110702 proxy-server STDOUT: dtv-110801.netfective.com - - [08/Sep/2011 16:08:44] "�n#001#003#001#000E#000#000#000 #000#000#004#001#000�#000#000#005#000#000/#000#0005#000#0003#000#0009#000#0002#000#0008#000#000" 400 -
Sep 8 16:08:44 dtv-110702 proxy-server STDOUT: dtv-110801.netfective.com - - [08/Sep/2011 16:08:44] code 400, message Bad HTTP/0.9 request type ('\x80n\x01\x03\x01\x00E\x00\x00\x00')
Sep 8 16:08:44 dtv-110702 proxy-server STDOUT: dtv-110801.netfective.com - - [08/Sep/2011 16:08:44] "�n#001#003#001#000E#000#000#000 #000#000#004#001#000�#000#000#005#000#000/#000#0005#000#0003#000#0009#000#0002#000#0008#000#000" 400 -
Sep 9 11:44:44 dtv-110702 proxy-server SIGTERM received
Sep 9 11:44:46 dtv-110702 proxy-server Exited

also i have this error with this commande :

# curl -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' https://192.168.3.20:443/auth/v1.0
* About to connect() to 192.168.3.20 port 443 (#0)
* Trying 192.168.3.20... connected
* Connected to 192.168.3.20 (192.168.3.20) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Closing connection #0
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

also i have this error with this commande :

# curl -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' https://192.168.3.20:443/auth/v1.0
* About to connect() to 192.168.3.20 port 443 (#0)
* Trying 192.168.3.20... connected
* Connected to 192.168.3.20 (192.168.3.20) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Closing connection #0
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

Hi Moubariksiham,
What happens when do you do what it says and use the '-k' option with curl?
-Joe Arnold

Hi Moubariksiham,

I am just an end-user, I have a little experience on swift, you may ask others guy to help you,
buy anyway, I try to help you with all i have.

swauth-add-user -A https://192.168.3.20:443/auth/ -K admin -a test7 tester7 testing7 (1)
swauth-add-user -K admin -A https://192.168.3.20:443/auth/ -a test7 tester7 testing7 (2)

=> i use the (2) command.

please try to add test7 tester7 testing7 to /etc/swift/proxy-server.conf as below:

.....

[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test7_tester7 = testing7. admin
user_test3_tester3 = testing3 .admin

....

from terminal:

swift-init stop all
startmain

swauth-add-user -K admin -A https://192.168.3.20:443/auth/ -a test7 tester7 testing7

if you still get error,

please try to install swift-1.4.2 and swauth.1.0.2
and try again.

when you install swauth, look at the tutorial at the webpage where you download swauth: https://github.com/gholt/swauth

curl -k -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' https://192.168.3.20/auth/v1.0

tks so much for the request chau Pham

i can't create the test7
swauth-add-user -K admin -A https://192.168.3.20:443/auth/ -a test7 tester7 testing7
Account creation failed: 500 Internal Server Error
User creation failed: 500 Internal Server Error

root@dtv-110702:/etc/swift# curl -k -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' https://192.168.3.20/auth/v1.0
* About to connect() to 192.168.3.20 port 443 (#0)
* Trying 192.168.3.20... connected
* Connected to 192.168.3.20 (192.168.3.20) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* subject: C=af; ST=maarif; L=casablanca; O=netfective; OU=ne; CN=r00t; <email address hidden>
* start date: 2011-09-14 09:49:39 GMT
* expire date: 2011-10-14 09:49:39 GMT
* common name: r00t (does not match '192.168.3.20')
* issuer: C=af; ST=maarif; L=casablanca; O=netfective; OU=ne; CN=r00t; <email address hidden>
* SSL certificate verify result: self signed certificate (18), continuing anyway.
> GET /auth/v1.0 HTTP/1.1
> User-Agent: curl/7.21.3 (x86_64-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: 192.168.3.20
> Accept: */*
> X-Storage-User: test:tester
> X-Storage-Pass: testing
>
< HTTP/1.1 500 Internal Server Error
< Content-Type: text/plain
< Content-Length: 742
< Date: Wed, 14 Sep 2011 09:55:30 GMT
< Connection: close
<
Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/eventlet/wsgi.py", line 336, in handle_one_response
    result = self.application(self.environ, start_response)
  File "/usr/local/lib/python2.7/dist-packages/swift-1.4.3-py2.7.egg/swift/common/middleware/healthcheck.py", line 38, in __call__
    return self.app(env, start_response)
  File "/usr/local/lib/python2.7/dist-packages/swift-1.4.3-py2.7.egg/swift/common/middleware/memcache.py", line 32, in __call__
    return self.app(env, start_response)
  File "/usr/local/lib/python2.7/dist-packages/swift-1.4.3-py2.7.egg/swift/common/middleware/tempauth.py", line 136, in __call__
    '%s' % (account_id, key))
Exception: Could not create account for user test:tester
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
root@dtv-110702:/etc/swift#

can you help me please

- re-install swift-1.4.2 and swauth.1.0.2,

- you should use swauth filter in proxy-conf, don't use tempauth.

- look at https://github.com/gholt/swauth to install swauth

and try to copy user to [filter:swauth] session

[filter:swauth]
use = egg:swift#swauth
default_swift_cluster = local#https://192.168.0.20:443//v1#https://127.0.0.1:443/v1
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test7_tester7 = testing7. admin
user_test3_tester3 = testing3 .admin

- make sure you have ssl option

- restart swift

I don't think you looked at the github information for swauth close enough. Setting users on the "swauth" filter section is useless. That is only for the "tempauth section"

Your proxy configuration should have (as the github site mentions):

1) You need to add swauth to the pipeline and remove tempauth

 [pipeline:main]
    pipeline = catch_errors cache swauth proxy-server

2) Make sure you have at least
[filter:swauth]
use = egg:swauth#swauth
set log_name = swauth
super_admin_key = swauthkey

3) Then you can also add the "default_swift_cluster" to the swauth filter section
default_swift_cluster = local#https://192.168.0.20:443//v1#https://127.0.0.1:443/v1

Hi Moubariksiham,

Marcelo has answered you, now you have a right person to ask.

@Marcelo: I just guess for the situation

Thank You

Hi everybody,
thank you so much for your suggestion, it helps me a lot so here is what done

i installed swift-1.4.2 and swauth.1.0.2, and i modified the porxy-server.conf here is the result :

+++++++++++++++++++/etc/swift/proxy-serve.conf+++++++++++++++++++++++++++++++++

[DEFAULT]
bind_port = 443
#bind_ip = 192.168.3.20
user = root
log_facility = LOG_LOCAL1
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key

[pipeline:main]
pipeline = healthcheck cache tempauth proxy-server

[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true

[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin https://192.168.3.20:443/v1/AUTH_test
user_test2_tester2 = testing2 .admin
user_test3_tester3 = testing3 .admin

[filter:swauth]
use = egg:swift#swauth
default_swift_cluster = local#https://192.168.3.20:443/v1#https://127.0.0.1:443/v1
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin https://192.168.3.20:443/v1/AUTH_test
user_test2_tester2 = testing2 .admin
user_test7_tester7 = testing7. admin
user_test3_tester3 = testing3 .admin

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:cache]
use = egg:swift#memcache
memcache_servers = 192.168.3.20:11211
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
but i can't create another user:
so i used test:tester testing and test2:tester2 testing2
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
oot@dtv-110702:/etc/swift# curl -k -v -H 'X-Storage-User: test2:tester2' -H 'X-Storage-Pass: testing2' https://192.168.3.20/auth/v1.0
* About to connect() to 192.168.3.20 port 443 (#0)
* Trying 192.168.3.20... connected
* Connected to 192.168.3.20 (192.168.3.20) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* subject: C=af; ST=maarif; L=casablanca; O=netfective; OU=ne; CN=r00t; <email address hidden>
* start date: 2011-09-14 09:49:39 GMT
* expire date: 2011-10-14 09:49:39 GMT
* common name: r00t (does not match '192.168.3.20')
* issuer: C=af; ST=maarif; L=casablanca; O=netfective; OU=ne; CN=r00t; <email address hidden>
* SSL certificate verify result: self signed certificate (18), continuing anyway.
> GET /auth/v1.0 HTTP/1.1
> User-Agent: curl/7.21.3 (x86_64-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: 192.168.3.20
> Accept: */*
> X-Storage-User: test2:tester2
> X-Storage-Pass: testing2
>
< HTTP/1.1 200 OK
< X-Storage-Url: https://127.0.0.1:443/v1/AUTH_test2
< X-Storage-Token: AUTH_tkafc1df9ed9494caeb013500aadbdecf7
< X-Auth-Token: AUTH_tkafc1df9ed9494caeb013500aadbdecf7
< Content-Length: 0
< Date: Thu, 15 Sep 2011 10:36:17 GMT
<
* Connection #0 to host 192.168.3.20 left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
root@dtv-110702:/etc/swift# curl -v -H 'X-Auth-Token: AUTH_tkafc1df9ed9494caeb013500aadbdecf7' https://192.168.3.20:443/v1/AUTH_test2
* About to connect() to 192.168.3.20 port 443 (#0)
* Trying 192.168.3.20... connected
* Connected to 192.168.3.20 (192.168.3.20) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Closing connection #0
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
root@dtv-110702:/etc/swift# swift -A https://192.168.3.20:443/auth/v1.0 -U test2:tester2 -K testing2 stat
   Account: AUTH_test2
Containers: 4
   Objects: 4
     Bytes: 1163576
Accept-Ranges: bytes
root@dtv-110702:/etc/swift#
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
but when I go to this link through the browser it gives the following result

 https://192.168.3.20:443/auth/v1.0
401 Unauthorized
This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.

You must add user as admin i.e. with -a option for swauth-add-user
or make a container and give specific rights (for read or write) on it for concrete user, I don`t know how exactly - so just use admin account for first time.

If you want to make any user or container,
then
    use the 'curl'
and upload/download/verify the stat or list ...
then
    use the 'swift'

EX:>
***curl>>*****************************************************************************
>> Below, I have made the user 'ssluser', accout 'sslacct', and password 'sslpass'
-------------------------------------------------------------------------------------------------------
# curl -k -v -H 'X-Storage-User: sslacct:ssluser' -H 'X-Storage-Pass: sslpass' https://192.168.56.101/auth/v1.0
* About to connect() to 192.168.56.101 port 443 (#0)
* Trying 192.168.56.101... connected
* Connected to 192.168.56.101 (192.168.56.101) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* subject: C=KO; <email address hidden>
* start date: 2012-06-21 06:21:35 GMT
* expire date: 2012-07-21 06:21:35 GMT
* SSL: unable to obtain common name from peer certificate
> GET /auth/v1.0 HTTP/1.1
> User-Agent: curl/7.21.3 (x86_64-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: 192.168.56.101
> Accept: */*
> X-Storage-User: sslacct:ssluser
> X-Storage-Pass: sslpass
>
< HTTP/1.1 200 OK
< X-Storage-Url: https://127.0.0.1/v1/AUTH_65918ac5-ec88-4b32-8509-b68fd019d6bb
< X-Storage-Token: AUTH_tkf7f78ee834784f9aa557b658a85cdebc
< X-Auth-Token: AUTH_tkf7f78ee834784f9aa557b658a85cdebc
< Content-Length: 108
< Date: Thu, 21 Jun 2012 06:55:00 GMT
<
* Connection #0 to host 192.168.56.101 left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
{"storage": {"default": "local", "local": "https://127.0.0.1/v1/AUTH_65918ac5-ec88-4b32-8509-b68fd019d6bb"}}root@swiftmain:/etc/swift# curl -k -i -H "X-Auth-Token: AUTH_tkf7f78ee834784f9aa557b658a85cdebc" -X PUT https://127.0.0.1/v1/AUTH_65918ac5-ec88-4b32-8509-b68fd019d6bb/sslcontainer
HTTP/1.1 201 Created
Content-Length: 18
Content-Type: text/html; charset=UTF-8
Date: Thu, 21 Jun 2012 07:00:07 GMT

201 Created
-------------------------------------------------------------------------------------------------------

>> Below, I have made the container 'sslcontainer'
-------------------------------------------------------------------------------------------------------
curl -k -i -H "X-Auth-Token: AUTH_tkf7f78ee834784f9aa557b658a85cdebc" -X PUT https://127.0.0.1/v1/AUTH_65918ac5-ec88-4b32-8509-b68fd019d6bb/sslcontainer
HTTP/1.1 201 Created
Content-Length: 18
Content-Type: text/html; charset=UTF-8
Date: Thu, 21 Jun 2012 07:00:07 GMT

201 Created

 ***swift>>***************************************************************************
>> Below, I have up/down/check the object in any container : lib.tar is object, sslcont1 is container, and sslacct:ssluser is account...
-------------------------------------------------------------------------------------------------------
# swift -v -A https://192.168.56.101/auth/v1.0 -U sslacct:ssluser -K sslpass upload sslcont1 lib.tar
lib.tar

# swift -v -A https://192.168.56.101/auth/v1.0 -U sslacct:ssluser -K sslpass download sslcont1 lib.tar
lib.tar

# swift -v -A https://192.168.56.101/auth/v1.0 -U sslacct:ssluser -K sslpass delete sslcont1 lib.tar
lib.tar

root@swiftmain:~# swift -v -A https://192.168.56.101/auth/v1.0 -U sslacct:ssluser -K sslpass stat -v
StorageURL: https://127.0.0.1/v1/AUTH_65918ac5-ec88-4b32-8509-b68fd019d6bb
Auth Token: AUTH_tkf7f78ee834784f9aa557b658a85cdebc
   Account: AUTH_65918ac5-ec88-4b32-8509-b68fd019d6bb
Containers: 5
   Objects: 1
     Bytes: 182855680
Accept-Ranges: byteslist