Curl + Swift + Keystone
Heyho guys,
so i'm verry confused about how to use swift + keystone.
My swift config:
[pipeline:main]
pipeline = healthcheck cache keystone proxy-server
[filter:keystone]
use = egg:keystone#
admin_token = 1111222233334444
keystone_url= http://
Keystone and Swift are running correctly. Now i try to get all informations with curl (Username/PW) to Keystone URL
curl -d '{"auth": {"passwordCrede
and i get the output:
{"access": {"token": {"expires": "2011-11-
So it looks good.
If i try now
curl -v -H 'X-Auth-Token: 30abaeac-
or
curl -v -H 'X-Auth-Token: 30abaeac-
i get every time 401!!
Now i looked in the Keystone log and found this:
but the token are correct:
*******
id: 30abaeac-
user_id: 8
tenant_id: 7
expires: 2011-11-23 15:36:14
2 rows in set (0.00 sec)
Do any knows whats wrong? My endpoint_templates should be correct. I've checked this many times.
greetings
Heiko
Question information
- Language:
- English Edit question
- Status:
- Answered
- Assignee:
- No assignee Edit question
- Last query:
- 2011-11-23
- Last reply:
- 2012-02-24
Chmouel Boudjnah (chmouel) said : | #1 |
Which version of keysone/swift are you using?
Heiko Krämer (foexle) said : | #2 |
hiho chmouel,
Swift:
Version: 1.4.5~20111117.
Keystone:
Version was a stable from Razique. If i try with --version i get a hex, but i see the last file change was 2011-11-08. I hope this helps.
Greetings
Chmouel Boudjnah (chmouel) said : | #3 |
Nice, in which roles your user is in (in keystone).
Heiko Krämer (foexle) said : | #4 |
Roles:
mysql> select * from roles;
+----+-
| id | name | desc | service_id |
+----+-
| 5 | Admin | NULL | 11 |
| 6 | KeystoneService
| 7 | KeystoneAdmin | NULL | 11 |
| 12 | netadmin | NULL | NULL |
| 10 | User | NULL | NULL |
| 13 | sysadmin | NULL | 8 |
| 15 | Member | NULL | 11 |
user_roles;
*******
id: 22
user_id: 8
role_id: 5
tenant_id: 7
*******
id: 23
user_id: 8
role_id: 15
tenant_id: NULL
So Admin and Member, but i would prefere this user have no admin rights ... but i dont know if it works
Chmouel Boudjnah (chmouel) said : | #5 |
Can you add the catch_errors middleware like this :
https:/
Chmouel Boudjnah (chmouel) said : | #6 |
restart proxy and look over your /var/log/messages (depend of your distro) when doing that same curl requests.
Heiko Krämer (foexle) said : | #7 |
Nov 23 12:50:58 test1-os swift Keystone middleware called (txn: txd3e1f3f92ad34
Nov 23 12:50:58 test1-os swift token: 30abaeac-
Nov 23 12:50:58 test1-os swift Asking keystone to validate token (txn: txd3e1f3f92ad34
Nov 23 12:50:58 test1-os swift headers: {'Content-type': 'application/json', 'Accept': 'text/json', 'X-Auth-Token': None} (txn: txd3e1f3f92ad34
Nov 23 12:50:58 test1-os swift url: ParseResult(
it looks that swift dont have the admin token ?
swift headers: {'Content-type': 'application/json', 'Accept': 'text/json', 'X-Auth-Token': None
hmmm but it is set in the config
Heiko Krämer (foexle) said : | #8 |
curl -k -v -H 'X-Auth-
* About to connect() to 192.168.0.2 port 8080 (#0)
* Trying 192.168.0.2... connected
* Connected to 192.168.0.2 (192.168.0.2) port 8080 (#0)
> GET /v1/ HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-
> Host: 192.168.0.2:8080
> Accept: */*
> X-Auth-
>
< HTTP/1.1 412 Precondition Failed
< Content-Type: text/html; charset=UTF-8
< Content-Length: 7
< X-Trans-Id: txd805d5de071b4
< Date: Wed, 23 Nov 2011 11:57:03 GMT
<
* Connection #0 to host 192.168.0.2 left intact
* Closing connection #0
ok i think the attribute name of admin_token was changed to keystone_
but now i get
curl -k -v -H 'X-Auth-
* About to connect() to 192.168.0.2 port 8080 (#0)
* Trying 192.168.0.2... connected
* Connected to 192.168.0.2 (192.168.0.2) port 8080 (#0)
> GET /v1/ HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-
> Host: 192.168.0.2:8080
> Accept: */*
> X-Auth-
>
< HTTP/1.1 412 Precondition Failed
< Content-Type: text/html; charset=UTF-8
< Content-Length: 7
< X-Trans-Id: txd805d5de071b4
< Date: Wed, 23 Nov 2011 11:57:03 GMT
<
* Connection #0 to host 192.168.0.2 left intact
* Closing connection #0
412 :)
Chmouel Boudjnah (chmouel) said : | #9 |
change admin_token to keystone_
Chmouel Boudjnah (chmouel) said : | #10 |
Do you have anything in the logs ?
NB: This is the old version of the middleware there is a complete rewrite in trunk/
Chmouel Boudjnah (chmouel) said : | #11 |
which is available here: https:/
Heiko Krämer (foexle) said : | #12 |
ok i have checked out now the trunk version of keystone and installed it.
I changed the attribute, too.
i try now
curl -v -H 'X-Auth-Token: 30abaeac-
and see in the logs:
Nov 23 13:27:45 test1-os swift Initialise keystone middleware (txn: txdc93b99128e54
Nov 23 13:27:45 test1-os swift Got token: 30abaeac-
Nov 23 13:27:45 test1-os swift STDOUT: ERROR:root:Error talking to memcached: 192.168.
Nov 23 13:27:45 test1-os swift No memcache, requesting it from keystone (txn: txdc93b99128e54
Nov 23 13:27:45 test1-os swift Error: http_connect_raw() got an unexpected keyword argument 'timeout': #012Traceback (most recent call last):#012 File "/usr/lib/
Memcached are installad and running.
Chmouel Boudjnah (chmouel) said : | #13 |
I am fixing that error just now, sorry about the confusion, you can
remove the timeout=
Heiko Krämer (foexle) said : | #14 |
done but now again HTTP-Code 412
Nov 23 13:45:24 test1-os swift Initialise keystone middleware (txn: tx3d9599a6a8c74
Nov 23 13:45:24 test1-os swift Got token: 30abaeac-
Nov 23 13:45:24 test1-os swift No memcache, requesting it from keystone (txn: tx3d9599a6a8c74
Nov 23 13:45:24 test1-os swift Keystone came back with: status:200, data:{"access": {"token": {"expires": "2011-11-
Nov 23 13:45:24 test1-os swift setting memcache expiration to 2011-11-23 15:36:00 (txn: tx3d9599a6a8c74
Nov 23 13:45:24 test1-os swift Using identity: {'roles': [u'Admin', u'Member'], 'expires': 1322058960.0, 'user': u'testuser', 'tenant': (u'7', u'testing')} (txn: tx3d9599a6a8c74
Nov 23 13:45:24 test1-os swift Using identity: {'roles': [u'Admin', u'Member'], 'expires': 1322058960.0, 'user': u'testuser', 'tenant': (u'7', u'testing')} (txn: tx3d9599a6a8c74
Nov 23 13:45:24 test1-os swift 192.168.0.2 192.168.0.2 23/Nov/
any was wrong with parsing the result set ?
Heiko Krämer (foexle) said : | #15 |
my proxy.conf
[DEFAULT]
bind_port = 8080
workers = 8
user = swift
log_name = swift
log_facility = LOG_LOCAL0
log_level = DEBUG
[pipeline:main]
pipeline = healthcheck catch_errors cache keystone proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_
account_autocreate = true
set log_name = proxy-server
set log_facility = LOG_LOCAL0
set log_level = DEBUG
set access_log_name = proxy-server
set access_log_facility = LOG_LOCAL0
set access_log_level = DEBUG
set log_headers = True
[filter:
use = egg:swift#
[filter:keystone]
use = egg:keystone#
keystone_
keystone_url= http://
[filter:tempauth]
use = egg:swift#tempauth
user_system_root = testpass .admin http://
# set log_name = ratelimit
# set log_facility = LOG_LOCAL0
# set log_level = INFO
# set log_headers = False
[filter:
use = egg:swift#
[filter:cache]
use = egg:swift#memcache
memcache_servers = 192.168.0.2:11211
[filter:swauth]
use = egg:swauth#swauth
set log_name = swauth
set log_facility = LOG_LOCAL0
set log_level = INFO
set log_headers = False
super_admin_key = rails123
FlorianOtel (florian-otel) said : | #16 |
Hello,
I'm experiencing the same issues on my setup ("2011.
In particular, I keep getting 401s when I try to access the Swift admin_url.
I've tried to post it on the mailing list (here: https:/
Any suggestion on how to get unstuck ?
Thanks,
Florian
Can you help with this problem?
Provide an answer of your own, or ask Heiko Krämer for more information if necessary.