swift and Cyberduck
Hi everybody
Can someone show me how to make a connection between cyberduck in window to swift storage?
currently i have a situation as below
1) I have swift.1.4.3 installed, I have swauth1.0.2 installed
- I have already created an admin user:
swauth-add-user -A http://
- And make sure it works:
swift -A http://
2) I have cyberduck 4.1 installed on window7
=>
my problem is:
when I make a connection on Swift(Open Stack storage) to my swift on ubuntu 10.04 LTS
then it requires user and API Access key
I input as below
username: test.tester
API access key: testing
my purpose is to see something like picture or files that stored in ubuntu swift will display in cyberduck,
But...
after a while, cyberduck authenticating as test.tester then, it returns nothing, there is no cyberduck swift connection displaying.
Can anyone help me on this matter?
Thank in advance
Question information
- Language:
- English Edit question
- Status:
- Solved
- Assignee:
- No assignee Edit question
- Solved by:
- Chau Pham
- Solved:
- Last query:
- Last reply:
Revision history for this message
|
#1 |
Hi Chau,
First of, is this a SAIO setup ? (I assume so)
- cyberduck only allows https connections. So you need to setup swift-proxy with SSL and on port 443. I don't remember if cyberduck will work with SSL on port 8080.
- Is this a typo "username: test.tester" ? it should be "test:tester"
- How does your proxy-server.conf looks like ?
Revision history for this message
|
#2 |
Hi Marcelo,
Thank for your reply,
Yes, I followed SAIO to setup swift 1.4.3
- for cyberduck on window, I still don't know what happen while it cannot make a connection to swift server
- the username for login should be "test:tester"
- my proxy-server.conf as below:
[DEFAULT]
bind_port = 8080
user = root
log_facility = LOG_LOCAL1
#cert_file = /etc/swift/cert.crt
#key_file = /etc/swift/cert.key
[pipeline:main]
pipeline = healthcheck cache swauth proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_
[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test_tester3 = testing3
[filter:swauth]
use = egg:swauth#swauth
set log_name = swauth
super_admin_key = secure_key
[filter:
use = egg:swift#
[filter:cache]
use = egg:swift#memcache
I am still investigating on cyberduck and swift, to find out how to make a connection between them.
I have already change the port from 8080 to 443 but the problem still there.
look forward to hearing from your idea.
Thank you
Revision history for this message
|
#3 |
Hi Chau/Marcelo,
Cyberduck should be honoring the port specified. We had this issue before see (http://
I'd be curious to know if honoring regressed in Cyberduck. Report findings!
Chau,
When you make the request on your ubuntu machine. Does the deployment work with 'https' on the command line?
Do either of these work?
swift -A https:/
-or-
curl -k -v -H 'X-Auth-User: test:tester' -H 'X-Auth-Key: testing' https:/
-Joe
Revision history for this message
|
#4 |
Hi Joe
swauth and swift don't work for "https" protocol and 443 port.
I am headache with that problems.
when i try to create new user chau:
swauth-add-user -A https:/
error as below:
=======
root@chaupv-
Traceback (most recent call last):
File "/usr/local/
execfile(
File "/root/
ssl=
File "/root/
conn.
File "/usr/lib/
self.
File "/usr/lib/
self.send(msg)
File "/usr/lib/
self.connect()
File "/usr/lib/
self.sock = ssl.wrap_
File "/usr/lib/
return GreenSSLSocket(
File "/usr/lib/
super(
File "/usr/lib/
self.
File "/usr/lib/
super(
File "/usr/lib/
return func(*a, **kw)
File "/usr/lib/
self.
ssl.SSLError: [Errno 1] _ssl.c:480: error:140770FC:SSL routines:
=======
when i try to test on user "tim" with "https":
curl -v -H 'X-Storage-User: tim:timmer' -H 'X-Storage-Pass: timming' https:/
output=>
=======
curl -v -H 'X-Storage-User: tim:timmer' -H 'X-Storage-Pass: timming' https:/
* About to connect() to 127.0.0.1 port 8080 (#0)
* Trying 127.0.0.1... connected
* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* error:140770FC:SSL routines:
* Closing connection #0
curl: (35) error:140770FC:SSL routines:
* About to connect() to 127.0.0.1 port 8080 (#0)
* Trying 127.0.0.1... connected
* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* error:140770FC:SSL routines:
* Closing connection #0
curl: (35) error:140770FC:SSL routines:
=======
Do you have any idea? Joe?
Thank you
Revision history for this message
|
#5 |
Hi Joe/Marcelo
Hi everybody
can anyone show me how to enable "https" on swift?
Revision history for this message
|
#6 |
ok,
- First, you need to create the cert/key and also enable them in the proxy-server.conf (assuming you haven't done so already)
--> cert_file = /etc/swift/cert.crt
--> key_file = /etc/swift/cert.key
I'm also assuming here that your "bind_port" is set to 443
- Under the swauth section you will also need to add the "default_
default_
Then restart the proxy
- Now, you will need to either create a new swauth account/user so that it picks up the new storageUrl or change the storageUrl for the old account with "swauth-
Revision history for this message
|
#7 |
Hi Marcelo,
I have followed your guideline as below
-------
1) my configuration for swift proxy
[DEFAULT]
bind_port = 443
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key
user = root
log_facility = LOG_LOCAL1
#[pipeline:main]
#pipeline = healthcheck cache tempauth proxy-server
[pipeline:main]
pipeline = healthcheck cache swauth proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_
[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test_tester3 = testing3
[filter:swauth]
use = egg:swauth#swauth
set log_name = swauth
default_
super_admin_key = chaupv79
[filter:
use = egg:swift#
[filter:cache]
use = egg:swift#memcache
-------
2) when I create new users on "https"
swauth-add-user -A https:/
=> error
root@chaupv-
Account creation failed: 500 Server Error
User creation failed: 500 Server Error
Do you know why, Marcelo?
Revision history for this message
|
#8 |
sorry, default_
default_
Revision history for this message
|
#9 |
2) when I create new users on "https"
swauth-add-user -A https:/
=> error
root@chaupv-
Account creation failed: 500 Server Error
User creation failed: 500 Server Error
Do you know why, Marcelo?
Revision history for this message
|
#10 |
Sorry, I need to add enough information
I had created account before creating user
root@chaupv-
and the error 500 occurs =>
Account creation failed: 500 Server Error
Revision history for this message
|
#11 |
What do the logs show?
Have you stopped all the swift services and started them again just in case? And also verified that all are indeed running
What is the output if you just do a swauth-list? Same error?
I also noticed that your cache line does not specify a memcache server but I believe it might default to localhost. Try restarting memcached as well
Chau Pham <email address hidden> wrote:
>Question #169028 on OpenStack Object Storage (swift) changed:
>https:/
>
>Chau Pham gave more information on the question:
>Sorry, I need to add enough information
>
>I had created account before creating user
>
>root@chaupv-
>https:/
>
>and the error 500 occurs =>
>
>Account creation failed: 500 Server Error
>
>--
>You received this question notification because you are a direct
>subscriber of the question.
Revision history for this message
|
#12 |
Hi Marcelo,
Thank you for your reply.
to make sure I have restarted all server by
- swift-init stop all
- swift-init start all
after I reset all services, I dare to make sure all services are running.
I create swift account again
swauth-add-account -K chaupv79 -A https:/
=> Account creation failed: 500 Server Error
Log
=======
root@chaupv:
Aug 26 11:32:10 chaupv proxy-server - - 26/Aug/
Aug 26 11:32:10 chaupv proxy-server - - 26/Aug/
root@chaupv:
=======
root@chaupv:
Aug 26 11:28:00 chaupv proxy-server Started child 5039
Aug 26 11:29:47 chaupv proxy-server SIGTERM received
Aug 26 11:29:47 chaupv proxy-server Exited
Aug 26 11:30:02 chaupv proxy-server Started child 5457
Aug 26 11:32:10 chaupv proxy-server STDOUT: EXCEPTION IN handle: Traceback (most recent call last):#012 File "/usr/local/
I will wait for your answer, Marcelo
Thank you
Revision history for this message
|
#13 |
I will wait for your answer, Marcelo
Thank you
Revision history for this message
|
#14 |
Hmm I noticed that you changed the "super_admin_key" from the first post of the proxy-server.conf to the second post. I assume this is a different SAIO setup as well, right ? since I noticed the IP changes as well.
Anyway,
Are you able to get anything from "swauth-list -K chaupv79 -A https:/
I haven't used this version of swauth "swauth-1.0.3.dev", there could be some bugs on that one I guess.
Revision history for this message
|
#15 |
Hi Marcelo,
I appreciated your suggestion and your help.
I saw that there is something wrong in swift or some bug inside swift or cyberduck,
for an end-user, to install successful swift, it is a big challenge.
anyway, I will keep fighting with swift..... :))
I will make an installation carefully, and test again.
then i will inform you more detail.
Revision history for this message
|
#16 |
Hi Marcelo,
I have solved my problem.
cyberduck in Mac OSX can connect to swift server now.
but cyberduck in Window cannot.
Thank for you help.
Revision history for this message
|
#17 |
I want to install an image Windows 7 in swift but when installing it generates an error message
PS: I installed swift in ubuntu 11.04 that is installed in a virtual server esx I think that's the cause of the problem and I'm not sure if there is a solution plz help me
Revision history for this message
|
#18 |
Hi Moubarik siham
I guess, you don't have enough resources, it means that you dont have enough RAM.
just in case, make sure you have at least 4 GB of RAM before doing with nova or swift
Revision history for this message
|
#19 |
hi chau Pham
yes you were right i had problem with resources now when i resolved this i have a other problem , i can't enable https although I followed all the instructions here is the error :
nano /etc/swift/
[DEFAULT]
bind_port = 443
#bind_ip = 192.168.3.20
user = root
log_facility = LOG_LOCAL1
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key
[pipeline:main]
pipeline = healthcheck cache tempauth proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_
[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test3_tester3 = testing3 .admin
[filter:swauth]
use=egg:
set log_name = swauth
default_
super_admin_key = admin
[filter:
use = egg:swift#
[filter:cache]
use = egg:swift#memcache
memcache_servers = 192.168.3.20:11211
+++++++
root@dtv-
Traceback (most recent call last):
File "/usr/bin/
ssl=
File "/usr/local/
conn.
File "/usr/lib/
self.
File "/usr/lib/
self.send(msg)
File "/usr/lib/
self.connect()
File "/usr/lib/
self.timeout, self.source_
File "/usr/lib/
raise error, msg
socket.error: [Errno 111] ECONNREFUSED
root@dtv-
Traceback (most recent call last):
File "/usr/bin/
ssl=
File "/usr/local/
conn.
File "/usr/lib/
self.
File "/usr/lib/
self.send(msg)
File "/usr/lib/
self.connect()
File "/usr/lib/
self.timeout, self.source_
File "/usr/lib/
raise error, msg
socket.error: [Errno 111] ECONNREFUSED
-------
cat /var/log/
Sep 8 15:04:12 dtv-110702 proxy-server STDOUT: sr-esx54.
Sep 8 15:14:54 dtv-110702 proxy-server SIGTERM received
Sep 8 15:14:54 dtv-110702 proxy-server Exited
Sep 8 15:23:24 dtv-110702 proxy-server Started child 16678
Sep 8 15:39:25 dtv-110702 proxy-server STDOUT: sr-esx54.
Sep 8 15:39:25 dtv-110702 proxy-server STDOUT: sr-esx54.
Sep 8 15:39:27 dtv-110702 proxy-server STDOUT: sr-esx54.
Sep 8 15:39:27 dtv-110702 proxy-server STDOUT: sr-esx54.
Sep 8 16:08:39 dtv-110702 proxy-server STDOUT: dtv-110801.
Sep 8 16:08:39 dtv-110702 proxy-server STDOUT: dtv-110801.
Sep 8 16:08:42 dtv-110702 proxy-server STDOUT: dtv-110801.
Sep 8 16:08:42 dtv-110702 proxy-server STDOUT: dtv-110801.
Sep 8 16:08:43 dtv-110702 proxy-server STDOUT: dtv-110801.
Sep 8 16:08:43 dtv-110702 proxy-server STDOUT: dtv-110801.
Sep 8 16:08:44 dtv-110702 proxy-server STDOUT: dtv-110801.
Sep 8 16:08:44 dtv-110702 proxy-server STDOUT: dtv-110801.
Sep 8 16:08:44 dtv-110702 proxy-server STDOUT: dtv-110801.
Sep 8 16:08:44 dtv-110702 proxy-server STDOUT: dtv-110801.
Sep 9 11:44:44 dtv-110702 proxy-server SIGTERM received
Sep 9 11:44:46 dtv-110702 proxy-server Exited
Revision history for this message
|
#20 |
also i have this error with this commande :
# curl -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' https:/
* About to connect() to 192.168.3.20 port 443 (#0)
* Trying 192.168.3.20... connected
* Connected to 192.168.3.20 (192.168.3.20) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:
* Closing connection #0
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:
More details here: http://
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
Revision history for this message
|
#21 |
also i have this error with this commande :
# curl -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' https:/
* About to connect() to 192.168.3.20 port 443 (#0)
* Trying 192.168.3.20... connected
* Connected to 192.168.3.20 (192.168.3.20) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:
* Closing connection #0
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:
More details here: http://
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
Revision history for this message
|
#22 |
Hi Moubariksiham,
What happens when do you do what it says and use the '-k' option with curl?
-Joe Arnold
Revision history for this message
|
#23 |
Hi Moubariksiham,
I am just an end-user, I have a little experience on swift, you may ask others guy to help you,
buy anyway, I try to help you with all i have.
swauth-add-user -A https:/
swauth-add-user -K admin -A https:/
=> i use the (2) command.
please try to add test7 tester7 testing7 to /etc/swift/
.....
[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test7_tester7 = testing7. admin
user_test3_tester3 = testing3 .admin
....
from terminal:
swift-init stop all
startmain
swauth-add-user -K admin -A https:/
Revision history for this message
|
#24 |
if you still get error,
please try to install swift-1.4.2 and swauth.1.0.2
and try again.
Revision history for this message
|
#25 |
when you install swauth, look at the tutorial at the webpage where you download swauth: https:/
Revision history for this message
|
#26 |
curl -k -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' https:/
Revision history for this message
|
#27 |
tks so much for the request chau Pham
i can't create the test7
swauth-add-user -K admin -A https:/
Account creation failed: 500 Internal Server Error
User creation failed: 500 Internal Server Error
root@dtv-
* About to connect() to 192.168.3.20 port 443 (#0)
* Trying 192.168.3.20... connected
* Connected to 192.168.3.20 (192.168.3.20) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* subject: C=af; ST=maarif; L=casablanca; O=netfective; OU=ne; CN=r00t; <email address hidden>
* start date: 2011-09-14 09:49:39 GMT
* expire date: 2011-10-14 09:49:39 GMT
* common name: r00t (does not match '192.168.3.20')
* issuer: C=af; ST=maarif; L=casablanca; O=netfective; OU=ne; CN=r00t; <email address hidden>
* SSL certificate verify result: self signed certificate (18), continuing anyway.
> GET /auth/v1.0 HTTP/1.1
> User-Agent: curl/7.21.3 (x86_64-
> Host: 192.168.3.20
> Accept: */*
> X-Storage-User: test:tester
> X-Storage-Pass: testing
>
< HTTP/1.1 500 Internal Server Error
< Content-Type: text/plain
< Content-Length: 742
< Date: Wed, 14 Sep 2011 09:55:30 GMT
< Connection: close
<
Traceback (most recent call last):
File "/usr/lib/
result = self.applicatio
File "/usr/local/
return self.app(env, start_response)
File "/usr/local/
return self.app(env, start_response)
File "/usr/local/
'%s' % (account_id, key))
Exception: Could not create account for user test:tester
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
root@dtv-
can you help me please
Revision history for this message
|
#28 |
- re-install swift-1.4.2 and swauth.1.0.2,
- you should use swauth filter in proxy-conf, don't use tempauth.
- look at https:/
and try to copy user to [filter:swauth] session
[filter:swauth]
use = egg:swift#swauth
default_
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test7_tester7 = testing7. admin
user_test3_tester3 = testing3 .admin
- make sure you have ssl option
- restart swift
Revision history for this message
|
#29 |
I don't think you looked at the github information for swauth close enough. Setting users on the "swauth" filter section is useless. That is only for the "tempauth section"
Your proxy configuration should have (as the github site mentions):
1) You need to add swauth to the pipeline and remove tempauth
[pipeline:main]
pipeline = catch_errors cache swauth proxy-server
2) Make sure you have at least
[filter:swauth]
use = egg:swauth#swauth
set log_name = swauth
super_admin_key = swauthkey
3) Then you can also add the "default_
default_
Revision history for this message
|
#30 |
Hi Moubariksiham,
Marcelo has answered you, now you have a right person to ask.
@Marcelo: I just guess for the situation
Thank You
Revision history for this message
|
#31 |
Hi everybody,
thank you so much for your suggestion, it helps me a lot so here is what done
i installed swift-1.4.2 and swauth.1.0.2, and i modified the porxy-server.conf here is the result :
+++++++
[DEFAULT]
bind_port = 443
#bind_ip = 192.168.3.20
user = root
log_facility = LOG_LOCAL1
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key
[pipeline:main]
pipeline = healthcheck cache tempauth proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_
[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin https:/
user_test2_tester2 = testing2 .admin
user_test3_tester3 = testing3 .admin
[filter:swauth]
use = egg:swift#swauth
default_
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin https:/
user_test2_tester2 = testing2 .admin
user_test7_tester7 = testing7. admin
user_test3_tester3 = testing3 .admin
[filter:
use = egg:swift#
[filter:cache]
use = egg:swift#memcache
memcache_servers = 192.168.3.20:11211
+++++++
but i can't create another user:
so i used test:tester testing and test2:tester2 testing2
+++++++
oot@dtv-
* About to connect() to 192.168.3.20 port 443 (#0)
* Trying 192.168.3.20... connected
* Connected to 192.168.3.20 (192.168.3.20) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* subject: C=af; ST=maarif; L=casablanca; O=netfective; OU=ne; CN=r00t; <email address hidden>
* start date: 2011-09-14 09:49:39 GMT
* expire date: 2011-10-14 09:49:39 GMT
* common name: r00t (does not match '192.168.3.20')
* issuer: C=af; ST=maarif; L=casablanca; O=netfective; OU=ne; CN=r00t; <email address hidden>
* SSL certificate verify result: self signed certificate (18), continuing anyway.
> GET /auth/v1.0 HTTP/1.1
> User-Agent: curl/7.21.3 (x86_64-
> Host: 192.168.3.20
> Accept: */*
> X-Storage-User: test2:tester2
> X-Storage-Pass: testing2
>
< HTTP/1.1 200 OK
< X-Storage-Url: https:/
< X-Storage-Token: AUTH_tkafc1df9e
< X-Auth-Token: AUTH_tkafc1df9e
< Content-Length: 0
< Date: Thu, 15 Sep 2011 10:36:17 GMT
<
* Connection #0 to host 192.168.3.20 left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
+++++++
root@dtv-
* About to connect() to 192.168.3.20 port 443 (#0)
* Trying 192.168.3.20... connected
* Connected to 192.168.3.20 (192.168.3.20) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:
* Closing connection #0
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:
More details here: http://
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
+++++++
root@dtv-
Account: AUTH_test2
Containers: 4
Objects: 4
Bytes: 1163576
Accept-Ranges: bytes
root@dtv-
+++++++
but when I go to this link through the browser it gives the following result
https:/
401 Unauthorized
This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.
Revision history for this message
|
#32 |
You must add user as admin i.e. with -a option for swauth-add-user
or make a container and give specific rights (for read or write) on it for concrete user, I don`t know how exactly - so just use admin account for first time.
Revision history for this message
|
#33 |
If you want to make any user or container,
then
use the 'curl'
and upload/
then
use the 'swift'
EX:>
***curl>
>> Below, I have made the user 'ssluser', accout 'sslacct', and password 'sslpass'
-------
# curl -k -v -H 'X-Storage-User: sslacct:ssluser' -H 'X-Storage-Pass: sslpass' https:/
* About to connect() to 192.168.56.101 port 443 (#0)
* Trying 192.168.56.101... connected
* Connected to 192.168.56.101 (192.168.56.101) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* subject: C=KO; <email address hidden>
* start date: 2012-06-21 06:21:35 GMT
* expire date: 2012-07-21 06:21:35 GMT
* SSL: unable to obtain common name from peer certificate
> GET /auth/v1.0 HTTP/1.1
> User-Agent: curl/7.21.3 (x86_64-
> Host: 192.168.56.101
> Accept: */*
> X-Storage-User: sslacct:ssluser
> X-Storage-Pass: sslpass
>
< HTTP/1.1 200 OK
< X-Storage-Url: https:/
< X-Storage-Token: AUTH_tkf7f78ee8
< X-Auth-Token: AUTH_tkf7f78ee8
< Content-Length: 108
< Date: Thu, 21 Jun 2012 06:55:00 GMT
<
* Connection #0 to host 192.168.56.101 left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
{"storage": {"default": "local", "local": "https:/
HTTP/1.1 201 Created
Content-Length: 18
Content-Type: text/html; charset=UTF-8
Date: Thu, 21 Jun 2012 07:00:07 GMT
201 Created
-------
>> Below, I have made the container 'sslcontainer'
-------
curl -k -i -H "X-Auth-Token: AUTH_tkf7f78ee8
HTTP/1.1 201 Created
Content-Length: 18
Content-Type: text/html; charset=UTF-8
Date: Thu, 21 Jun 2012 07:00:07 GMT
201 Created
***swift>
>> Below, I have up/down/check the object in any container : lib.tar is object, sslcont1 is container, and sslacct:ssluser is account...
-------
# swift -v -A https:/
lib.tar
# swift -v -A https:/
lib.tar
# swift -v -A https:/
lib.tar
root@swiftmain:~# swift -v -A https:/
StorageURL: https:/
Auth Token: AUTH_tkf7f78ee8
Account: AUTH_65918ac5-
Containers: 5
Objects: 1
Bytes: 182855680
Accept-Ranges: byteslist