OpenStack Object Storage (swift)

Swift Keystone Authentication Fails

Asked by Trevor R Jr

Hello Team,

I am unable to login to Swift using the Keystone integration. Here is sample output when I try to get swift status:

vagrant@swift:~$ swift -A http://172.16.0.201:5000/v2.0 -U service:swift -K swift stat
Auth GET failed: http://172.16.0.201:5000/v2.0 200 OK

I tried adding TempAuth entries to the Proxy config as well, but that is not working for me either. Please see my Proxy Config file contents below:

172.16.0.203 is my Swift Server
172.16.0.201 is my Controller Node, which runs Keystone

[DEFAULT]
bind_port = 443
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key
user = swift
log_facility = LOG_LOCAL1

[pipeline:main]
pipeline = catch_errors healthcheck cache authtoken keystoneauth proxy-server

[app:proxy-server]
use = egg:swift#proxy
account_autocreate = true
allow_account_management = true

[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .rseller_admin

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:cache]
use = egg:swift#memcache

[filter:keystone]
paste.filter_factory = keystoneclient.middleware.swift_auth:filter_factory
operator_roles = Member,admin

[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
service_port = 5000
service_host = 172.16.0.201
auth_port = 35357
auth_host = 172.16.0.201
auth_protocol = http
auth_token = ADMIN
admin_token = ADMIN
admin_tenant_name = service
admin_user = swift
admin_password = swift
cache = swift.cache

[filter:catch_errors]
use = egg:swift#catch_errors

[filter:swift3]
use = egg:swift#swift3

[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin, swiftoperator

[filter:swiftauth]
use = egg:keystone#swiftauth
keystone_url = http://172.16.0.201:5000/v2.0
keystone_admin_token = 999888777666
keystone_swift_operator_roles = Admin, SwiftOperator
keystone_tenant_user_admin = true

[filter:tokenauth]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
auth_protocol = http
auth_host = 172.16.0.201
auth_port = 35357
auth_uri = http://172.16.0.201:5000/
admin_token = 999888777666
delay_auth_decision = 0
memecache_host = 172.16.0.203:11211

The keystone endpoint was successfully created:
+----------------------------------+-----------+------------------------------------------------+------------------------------------------------+-------------------------------------------+----------------------------------+
| id | region | publicurl | internalurl | adminurl | service_id |
+----------------------------------+-----------+------------------------------------------------+------------------------------------------------+-------------------------------------------+----------------------------------+
| 3bb430404e1f4da0a8f22fdfa8b906a2 | RegionOne | http://172.16.0.201:8773/services/Cloud | http://172.16.0.201:8773/services/Cloud | http://172.16.0.201:8773/services/Admin | fcfddafdc36b4708a3bfddd39cd5bd57 |
| 6cc1aedc3e154344922b34100a0a5c95 | RegionOne | https://172.16.0.203:443/v1/AUTH_$(tenant_id)s | https://172.16.0.203:443/v1/AUTH_$(tenant_id)s | https://172.16.0.203:443/v1 | 0c342438b82a461f98494ef7f7d3abb7 |
| 78fda6ce75034e8b821aadaef72b3a8b | RegionOne | http://172.16.0.201:8776/v1/%(tenant_id)s | http://172.16.0.201:8776/v1/%(tenant_id)s | http://172.16.0.201:8776/v1/%(tenant_id)s | 2410a1924e764513805b9d6f62639226 |
| 9bf69ed68d404a959521f1099e0aae5b | RegionOne | http://172.16.0.201:5000/v2.0 | http://172.16.0.201:5000/v2.0 | http://172.16.0.201:35357/v2.0 | 839a2b67a6f1450fa8666507e49476d3 |
| b4d2945af5d24e50aae51c935452f36d | RegionOne | http://172.16.0.201:9292/v1 | http://172.16.0.201:9292/v1 | http://172.16.0.201:9292/v1 | 3a172fa1190a40ddb8bedafdffc26e08 |
| e5e3664088be4295942bce38e611f420 | RegionOne | http://172.16.0.201:8774/v2/$(tenant_id)s | http://172.16.0.201:8774/v2/$(tenant_id)s | http://172.16.0.201:8774/v2/$(tenant_id)s | d3b23588d58e4f7f9563a8e8af650128 |
+----------------------------------+-----------+------------------------------------------------+------------------------------------------------+-------------------------------------------+----------------------------------+

Also, the swift user is an admin in the service tenant:
vagrant@swift:~$ keystone tenant-list
+----------------------------------+----------+---------+
| id | name | enabled |
+----------------------------------+----------+---------+
| 9106c2e5f44840f39bac59be3c9d4e12 | cookbook | True |
| b334b98cc9f241d59367e848e253e3cf | service | True |
+----------------------------------+----------+---------+

vagrant@swift:~$ keystone user-role-list --user swift --tenant_id b334b98cc9f241d59367e848e253e3cf
+----------------------------------+----------+----------------------------------+----------------------------------+
| id | name | user_id | tenant_id |
+----------------------------------+----------+----------------------------------+----------------------------------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | ac30c7cd0d234f7baa95d2cf9032d38b | b334b98cc9f241d59367e848e253e3cf |
| fb981f22fd5d4cf39a558e13eabbca91 | admin | ac30c7cd0d234f7baa95d2cf9032d38b | b334b98cc9f241d59367e848e253e3cf |
+----------------------------------+----------+----------------------------------+----------------------------------+

Any advice would be appreciated

Question information

Language:
English Edit question
Status:
Solved
For:
OpenStack Object Storage (swift) Edit question
Assignee:
No assignee Edit question
Solved by:
Trevor R Jr
Solved:
Last query:
Last reply:
Revision history for this message
Kun Huang (academicgareth) said : 		#1

Could you show your keystone log here? Your current config seems correct. Watching keystone's log could be more helpful

Revision history for this message
Trevor R Jr (vmtrooper) said : 		#2

Thanks Ken! I will upload the log file as soon as I am back in front of the server.

Just to confirm, I should forward the contents of /var/log/keystone? Are there any other logs that would be beneficial?

Also, how should I enable detailed debugging? I tried looking at the log file, and I didn't see much detail there.

Revision history for this message
Kun Huang (academicgareth) said : 		#3

Just setting log level to DEBUG is ok for watching details.

If you're not familiar with keystone log, you could just post a link here.

Revision history for this message
Trevor R Jr (vmtrooper) said : 		#4

Here is the output with debug and verbose enabled in keystone.conf:

2013-06-24 22:32:27 DEBUG [keystone-all] ********************************************************************************
2013-06-24 22:32:27 DEBUG [keystone-all] Configuration options gathered from:
2013-06-24 22:32:27 DEBUG [keystone-all] command line args: []
2013-06-24 22:32:27 DEBUG [keystone-all] config files: ['/etc/keystone/keystone.conf']
2013-06-24 22:32:27 DEBUG [keystone-all] ================================================================================
2013-06-24 22:32:27 DEBUG [keystone-all] admin_endpoint = http://localhost:%(admin_port)d/
2013-06-24 22:32:27 DEBUG [keystone-all] admin_port = 35357
2013-06-24 22:32:27 DEBUG [keystone-all] admin_token = *****
2013-06-24 22:32:27 DEBUG [keystone-all] auth_admin_prefix =
2013-06-24 22:32:27 DEBUG [keystone-all] bind_host = 0.0.0.0
2013-06-24 22:32:27 DEBUG [keystone-all] compute_port = 8774
2013-06-24 22:32:27 DEBUG [keystone-all] config_dir = None
2013-06-24 22:32:27 DEBUG [keystone-all] config_file = ['/etc/keystone/keystone.conf']
2013-06-24 22:32:27 DEBUG [keystone-all] crypt_strength = 40000
2013-06-24 22:32:27 DEBUG [keystone-all] debug = True
2013-06-24 22:32:27 DEBUG [keystone-all] log_config = None
2013-06-24 22:32:27 DEBUG [keystone-all] log_date_format = %Y-%m-%d %H:%M:%S
2013-06-24 22:32:27 DEBUG [keystone-all] log_dir = /var/log/keystone
2013-06-24 22:32:27 DEBUG [keystone-all] log_file = keystone.log
2013-06-24 22:32:27 DEBUG [keystone-all] log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
2013-06-24 22:32:27 DEBUG [keystone-all] max_param_size = 64
2013-06-24 22:32:27 DEBUG [keystone-all] max_request_body_size = 114688
2013-06-24 22:32:27 DEBUG [keystone-all] max_token_size = 8192
2013-06-24 22:32:27 DEBUG [keystone-all] member_role_id = 9fe2ff9ee4384b1894a90878d3e92bab
2013-06-24 22:32:27 DEBUG [keystone-all] member_role_name = _member_
2013-06-24 22:32:27 DEBUG [keystone-all] onready = None
2013-06-24 22:32:27 DEBUG [keystone-all] policy_default_rule = None
2013-06-24 22:32:27 DEBUG [keystone-all] policy_file = policy.json
2013-06-24 22:32:27 DEBUG [keystone-all] public_endpoint = http://localhost:%(public_port)d/
2013-06-24 22:32:27 DEBUG [keystone-all] public_port = 5000
2013-06-24 22:32:27 DEBUG [keystone-all] pydev_debug_host = None
2013-06-24 22:32:27 DEBUG [keystone-all] pydev_debug_port = None
2013-06-24 22:32:27 DEBUG [keystone-all] standard_threads = False
2013-06-24 22:32:27 DEBUG [keystone-all] syslog_log_facility = LOG_USER
2013-06-24 22:32:27 DEBUG [keystone-all] use_syslog = False
2013-06-24 22:32:27 DEBUG [keystone-all] verbose = True
2013-06-24 22:32:27 DEBUG [keystone-all] signing.ca_certs = /etc/keystone/ssl/certs/ca.pem
2013-06-24 22:32:27 DEBUG [keystone-all] signing.ca_password = None
2013-06-24 22:32:27 DEBUG [keystone-all] signing.certfile = /etc/keystone/ssl/certs/signing_cert.pem
2013-06-24 22:32:27 DEBUG [keystone-all] signing.key_size = 1024
2013-06-24 22:32:27 DEBUG [keystone-all] signing.keyfile = /etc/keystone/ssl/private/signing_key.pem
2013-06-24 22:32:27 DEBUG [keystone-all] signing.token_format = PKI
2013-06-24 22:32:27 DEBUG [keystone-all] signing.valid_days = 3650
2013-06-24 22:32:27 DEBUG [keystone-all] stats.driver = keystone.contrib.stats.backends.kvs.Stats
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.alias_dereferencing = default
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.allow_subtree_delete = False
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.domain_allow_create = True
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.domain_allow_delete = True
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.domain_allow_update = True
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.domain_attribute_ignore =
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.domain_desc_attribute = description
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.domain_enabled_attribute = enabled
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.domain_enabled_emulation = False
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.domain_enabled_emulation_dn = None
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.domain_filter = None
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.domain_id_attribute = cn
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.domain_member_attribute = member
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.domain_name_attribute = ou
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.domain_objectclass = groupOfNames
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.domain_tree_dn = None
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.dumb_member = cn=dumb,dc=nonexistent
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.group_allow_create = True
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.group_allow_delete = True
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.group_allow_update = True
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.group_attribute_ignore =
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.group_desc_attribute = description
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.group_domain_id_attribute = businessCategory
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.group_filter = None
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.group_id_attribute = cn
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.group_member_attribute = member
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.group_name_attribute = ou
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.group_objectclass = groupOfNames
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.group_tree_dn = None
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.page_size = 0
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.password = ****
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.query_scope = one
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.role_allow_create = True
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.role_allow_delete = True
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.role_allow_update = True
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.role_attribute_ignore =
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.role_filter = None
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.role_id_attribute = cn
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.role_member_attribute = roleOccupant
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.role_name_attribute = ou
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.role_objectclass = organizationalRole
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.role_tree_dn = None
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.suffix = cn=example,cn=com
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.tenant_allow_create = True
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.tenant_allow_delete = True
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.tenant_allow_update = True
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.tenant_attribute_ignore =
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.tenant_desc_attribute = description
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.tenant_domain_id_attribute = businessCategory
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.tenant_enabled_attribute = enabled
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.tenant_enabled_emulation = False
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.tenant_enabled_emulation_dn = None
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.tenant_filter = None
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.tenant_id_attribute = cn
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.tenant_member_attribute = member
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.tenant_name_attribute = ou
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.tenant_objectclass = groupOfNames
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.tenant_tree_dn = None
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.url = ldap://localhost
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.use_dumb_member = False
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.user = None
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.user_allow_create = True
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.user_allow_delete = True
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.user_allow_update = True
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.user_attribute_ignore = tenant_id,tenants
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.user_domain_id_attribute = businessCategory
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.user_enabled_attribute = enabled
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.user_enabled_default = True
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.user_enabled_emulation = False
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.user_enabled_emulation_dn = None
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.user_enabled_mask = 0
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.user_filter = None
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.user_id_attribute = cn
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.user_mail_attribute = email
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.user_name_attribute = sn
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.user_objectclass = inetOrgPerson
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.user_pass_attribute = userPassword
2013-06-24 22:32:27 DEBUG [keystone-all] ldap.user_tree_dn = None
2013-06-24 22:32:27 DEBUG [keystone-all] token.driver = keystone.token.backends.sql.Token
2013-06-24 22:32:27 DEBUG [keystone-all] auth.methods = ['password', 'token']
2013-06-24 22:32:27 DEBUG [keystone-all] auth.password = keystone.auth.plugins.password.Password
2013-06-24 22:32:27 DEBUG [keystone-all] auth.token = keystone.auth.plugins.token.Token
2013-06-24 22:32:27 DEBUG [keystone-all] ssl.ca_certs = None
2013-06-24 22:32:27 DEBUG [keystone-all] ssl.cert_required = False
2013-06-24 22:32:27 DEBUG [keystone-all] ssl.certfile = None
2013-06-24 22:32:27 DEBUG [keystone-all] ssl.enable = False
2013-06-24 22:32:27 DEBUG [keystone-all] ssl.keyfile = None
2013-06-24 22:32:27 DEBUG [keystone-all] catalog.driver = keystone.catalog.backends.sql.Catalog
2013-06-24 22:32:27 DEBUG [keystone-all] ec2.driver = keystone.contrib.ec2.backends.sql.Ec2
2013-06-24 22:32:27 DEBUG [keystone-all] sql.connection = mysql://keystone:openstack@172.16.0.201/keystone
2013-06-24 22:32:27 DEBUG [keystone-all] sql.idle_timeout = 200
2013-06-24 22:32:27 DEBUG [keystone-all] policy.driver = keystone.policy.backends.sql.Policy
2013-06-24 22:32:27 DEBUG [keystone-all] trust.driver = keystone.trust.backends.sql.Trust
2013-06-24 22:32:27 DEBUG [keystone-all] trust.enabled = True
2013-06-24 22:32:27 DEBUG [keystone-all] pam.password = None
2013-06-24 22:32:27 DEBUG [keystone-all] pam.url = None
2013-06-24 22:32:27 DEBUG [keystone-all] pam.userid = None
2013-06-24 22:32:27 DEBUG [keystone-all] identity.default_domain_id = default
2013-06-24 22:32:27 DEBUG [keystone-all] identity.driver = keystone.identity.backends.sql.Identity
2013-06-24 22:32:27 DEBUG [keystone-all] ********************************************************************************
2013-06-24 22:32:28 DEBUG [keystone.common.wsgi] Starting /usr/bin/keystone-all on 0.0.0.0:35357
2013-06-24 22:32:28 DEBUG [keystone.common.wsgi] Starting /usr/bin/keystone-all on 0.0.0.0:5000
2013-06-24 22:32:28 DEBUG [eventlet.wsgi.server] (1939) wsgi starting up on http://0.0.0.0:35357/

2013-06-24 22:32:28 DEBUG [eventlet.wsgi.server] (1939) wsgi starting up on http://0.0.0.0:5000/

2013-06-24 22:35:10 DEBUG [eventlet.wsgi.server] (1939) accepted ('172.16.0.203', 45858)

2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] ******************** REQUEST ENVIRON ********************
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] SCRIPT_NAME = /v2.0
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] webob.adhoc_attrs = {'response': <Response at 0x37ca590 200 OK>}
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] HTTP_X_AUTH_KEY = swift
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] REQUEST_METHOD = GET
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] PATH_INFO = /
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] SERVER_PROTOCOL = HTTP/1.0
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] wsgi.url_scheme = http
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] REMOTE_PORT = 45858
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] SERVER_NAME = 172.16.0.201
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] REMOTE_ADDR = 172.16.0.203
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] eventlet.input = <eventlet.wsgi.Input object at 0x37c4c90>
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] HTTP_X_AUTH_USER = service:swift
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] SERVER_PORT = 5000
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] wsgi.input = <eventlet.wsgi.Input object at 0x37c4c90>
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] openstack.context = {'token_id': None, 'is_admin': False}
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] HTTP_HOST = 172.16.0.201:5000
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] wsgi.multithread = True
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] eventlet.posthooks = []
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] wsgi.version = (1, 0)
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] RAW_PATH_INFO = /v2.0
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] GATEWAY_INTERFACE = CGI/1.1
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] wsgi.run_once = False
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] wsgi.errors = <open file '<stderr>', mode 'w' at 0x7f08bbcbd270>
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] wsgi.multiprocess = False
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] CONTENT_TYPE = text/plain
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] HTTP_ACCEPT_ENCODING = identity
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi]
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] ******************** REQUEST BODY ********************
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi]
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] arg_dict: {}
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] ******************** RESPONSE HEADERS ********************
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] Vary = X-Auth-Token
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] Content-Type = application/json
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] Content-Length = 612
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi]
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] ******************** RESPONSE BODY ********************
2013-06-24 22:35:10 DEBUG [keystone.common.wsgi] {"version": {"status": "stable", "updated": "2013-03-06T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v2.0+json"}, {"base": "application/xml", "type": "application/vnd.openstack.identity-v2.0+xml"}], "id": "v2.0", "links": [{"href": "http://localhost:5000/v2.0/", "rel": "self"}, {"href": "http://docs.openstack.org/api/openstack-identity-service/2.0/content/", "type": "text/html", "rel": "describedby"}, {"href": "http://docs.openstack.org/api/openstack-identity-service/2.0/identity-dev-guide-2.0.pdf", "type": "application/pdf", "rel": "describedby"}]}}
2013-06-24 22:35:10 INFO [access] 172.16.0.203 - - [25/Jun/2013:05:35:10 +0000] "GET http://172.16.0.201:5000/v2.0 HTTP/1.0" 200 612
2013-06-24 22:35:10 DEBUG [eventlet.wsgi.server] 172.16.0.203 - - [24/Jun/2013 22:35:10] "GET /v2.0 HTTP/1.1" 200 741 0.014182

Revision history for this message
Trevor R Jr (vmtrooper) said : 		#5

by the way, the output above is generated when executing the following command:
vagrant@swift:/etc/swift$ swift -A http://172.16.0.201:5000/v2.0 -U service:swift -K swift stat
Auth GET failed: http://172.16.0.201:5000/v2.0 200 OK

I tried https instead of http at the command line URL, and got the following error below:
vagrant@swift:/etc/swift$ swift -A https://172.16.0.201:5000/v2.0 -U service:swift -K swift stat
[Errno 1] _ssl.c:504: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Also the output in keystone.log from that command was
2013-06-24 22:41:21 DEBUG [eventlet.wsgi.server] (1939) accepted ('172.16.0.203', 45859)

2013-06-24 22:41:27 DEBUG [eventlet.wsgi.server] (1939) accepted ('172.16.0.203', 45860)

2013-06-24 22:41:29 DEBUG [eventlet.wsgi.server] (1939) accepted ('172.16.0.203', 45861)

2013-06-24 22:41:33 DEBUG [eventlet.wsgi.server] (1939) accepted ('172.16.0.203', 45862)

2013-06-24 22:41:46 DEBUG [eventlet.wsgi.server] (1939) accepted ('172.16.0.203', 45863)

2013-06-24 22:42:07 DEBUG [eventlet.wsgi.server] (1939) accepted ('172.16.0.203', 45864)

Revision history for this message
Kun Huang (academicgareth) said : 		#6

I‘m trying this, and find some similar problems. What's your swift log of that command? And you use the current codes on master branch?

Revision history for this message
Kun Huang (academicgareth) said : 		#7

Some errors on your ports?
You use 443 at 172.16.0.201 for swift, so your should have an endpoint like 172.16.0.201:443, but in your post, 172.16.0.203:443 is used. Have a check on this.

Revision history for this message
Trevor R Jr (vmtrooper) said : 		#8

On the Swift node, here I was getting continuous output like the following in /var/log/syslog:

Jun 25 05:23:15 swift proxy-server Started child 27544
Jun 25 05:23:15 swift proxy-server Starting keystone auth_token middleware
Jun 25 05:23:15 swift proxy-server Using /tmp/keystone-signing as cache directory for signing certificate
Jun 25 05:23:15 swift proxy-server UNCAUGHT EXCEPTION#012Traceback (most recent call last):#012 File "/usr/bin/swift-proxy-server", line 22, in <module>#012 run_wsgi(conf_file, 'proxy-server', default_port=8080, **options)#012 File "/usr/lib/python2.7/dist-packages/swift/common/wsgi.py", line 187, in run_wsgi#012 run_server()#012 File "/usr/lib/python2.7/dist-packages/swift/common/wsgi.py", line 149, in run_server#012 global_conf={'log_name': log_name})#012 File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 247, in loadapp#012 return loadobj(APP, uri, name=name, **kw)#012 File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 272, in loadobj#012 return context.create()#012 File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 710, in create#012 return self.object_type.invoke(self)#012 File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 207, in invoke#012 app = filter(app)#012 File "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py", line 1153, in auth_filter#012 return AuthProtocol(app, conf)#012 File "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py", line 301, in __init__#012 self.signing_dirname)#012ConfigurationError: unable to access signing dir /tmp/keystone-signing
Jun 25 05:23:15 swift proxy-server Removing dead child 27544

I updated proxy-server.conf to use a directory owned by swift user and updated the permissions accordingly. I am no longer getting dir access error. However, it still did not solve my swift command error.

I obtained my Swift installation by performing the following commands

1. echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-proposed/grizzly main" | sudo tee /etc/apt/sources.list.d/folsom.list

2. sudo apt-get -y install ubuntu-cloud-keyring

3. sudo apt-get install -y swift swift-proxy swift-account swift-container swift-object memcached xfsprogs curl python-webob python-keystoneclient python-keystone

Is that the correct method to obtain the released versions of Grizzly binaries?

Regarding port errors, do you mean in the endpoint-list? I have all of my swift components including the swift proxy installed on 172.16.0.203. Shouldn't I specify the proxy IP when I create my endpoint? keystone is 172.16.0.201

Revision history for this message
Trevor R Jr (vmtrooper) said : 		#9

I'm using Ubuntu 12.04, by the way

Revision history for this message
Kun Huang (academicgareth) said : 		#10

Let's fix things one by one.
1. using apt-get is ok
2. use this: swift -V 2 -A http://172.16.0.201:5000/v2.0 -U service:swift -K swift stat (add the '-V 2')

Revision history for this message
Trevor R Jr (vmtrooper) said : 		#11

Kun,

You are the man! "-V 2" solved my problem!!!

Thank you, Mr. Swift, for taking the time to help out the newbie!

-Trevor