swift command got 401 Unauthorized error with keystone

Bug #1181430 reported by Robert Young
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
New
Undecided
jagan kumar kotipatruni

Bug Description

I'm trying to use keystone with MySql to work with proxy server authorization.

I have setup keystone with MySql. I can run command like "keystone user-list" and "keystone tenant-list". I can run curl command and it return correct information.

But, I got 401 error when I ran swift command. I ran:

# swift -v -A http://localhost:9199/auth/v2.0 -U exampleTenant:exampleUser -K example stat

where exampleTenant is the tenan name, exampleUser is the user name, and example is the password.

and got:

# Auth GET failed: http://localhost:9199/auth/v1.0/ 401 Unauthorized

I saw the following message in /var/log/syslog:

May 17 15:04:52 staging-proxy01-infra staging-proxy01-infra STDOUT: No handlers could be found for logger "keystone.middleware.auth_token" (txn: txe4126a2a5d7c45ed901554b23f80be01)
May 17 15:04:53 staging-proxy01-infra staging-proxy01-infra STDOUT: No handlers could be found for logger "keystone.middleware.auth_token" (txn: tx837b389d9ec94e598007d01870171d2f)

Looks like it could not find auth_token. But, I can see auth_token.py in my keystone installation.

I have googled for similar situation, but got no where.

Could you help me with this?

Robert

My e-mail address: <email address hidden>.

Our system information:

Our company is Snapfish under HP. We want to use keystone with MySql to manage our user for openstack.

RIght now, keystone and swift-proxy are on the same box. And, I'm testing on the same box.

OS system: Ubuntu 12.04

Architecture: Linux staging-proxy01-infra 3.2.0-23-generic #36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

Package Info:

swift : Version: 1.4.8-0ubuntu2
swift-proxy: Version: 1.4.8-0ubuntu2
python-swift: Version: 1.4.8-0ubuntu2
keystone: Version: 2012.1+stable~20120824-a16a0ab9-0ubuntu2.3
python-keystone: Version: 2012.1+stable~20120824-a16a0ab9-0ubuntu2.3

Content of /etc/swift/prosy-server.conf:

[DEFAULT]
bind_port = 9199
workers = 20
user = swift
log_facility = LOG_LOCAL1
log_level = INFO
log_name = staging-proxy01-infra
log_requests = true

[pipeline:main]
pipeline = informant healthcheck catch_errors cache authtoken swiftauth proxy-server

[filter:catch_errors]
use = egg:swift#catch_errors

[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:cache]
use = egg:swift#memcache

[filter:swiftauth]
paste.filter_factory = keystone.middleware.swift_auth:filter_factory
operator_roles = admin, SwiftOperator
is_admin = false

[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_protocol = http
service_host = 127.0.0.1
service_port = 5000
auth_protocol = http
auth_host = 127.0.0.1
auth_port = 35357
#admin_tenant_name = service
#admin_user = keystone
#admin_password = storage
delay_auth_decision = 0

memcache_servers = 10.57.11.26:11211,10.57.11.25:11211,10.57.9.147:11211

[filter:informant]
use = egg:informant#informant
statsd_host = 10.57.11.26
metric_name_prepend = storage.

-----------------------------------------------------------------------------------------------------------------------------------------------------

Content of /etc/keystone/keystone.conf:

[DEFAULT]
#bind_host = 10.57.11.26
public_port = 5000
admin_port = 35357
admin_token = ADMIN
compute_port = 8774
verbose = True
debug = True
log_config = /etc/keystone/logging.conf

# ================= Syslog Options ============================
# Send logs to syslog (/dev/log) instead of to file specified
# by `log-file`
use_syslog = False

# Facility to use. If unset defaults to LOG_USER.
# syslog_log_facility = LOG_LOCAL0

[sql]
#connection = sqlite:////var/lib/keystone/keystone.db
connection = mysql://keystone:storage@staging-mysqlapi01-infra/keystone
idle_timeout = 200

[ldap]
#url = ldap://localhost
#tree_dn = dc=example,dc=com
#user_tree_dn = ou=Users,dc=example,dc=com
#role_tree_dn = ou=Roles,dc=example,dc=com
#tenant_tree_dn = ou=Groups,dc=example,dc=com
#user = dc=Manager,dc=example,dc=com
#password = freeipa4all
#suffix = cn=example,cn=com

[identity]
driver = keystone.identity.backends.sql.Identity

---------------------------------------------------------------------------------------------------------------------------------------

curl command work. When I ran:

# curl -d '{"auth":{"passwordCredentials":{"username": "exampleUser", "password": "example"}}}' -H "Content-type: application/json" http://localhost:5000/v2.0/tokens | python -mjson.tool

I got:

   % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
100 339 0 256 100 83 1259 408 --:--:-- --:--:-- --:--:-- 1273
{
    "access": {
        "serviceCatalog": {},
        "token": {
            "expires": "2013-05-18T23:10:24Z",
            "id": "c9fcbf0f36144eabafd1e2d549901d4f"
        },
        "user": {
            "id": "a64dcf7b1b324bf9bc7870b5e43e5f5f",
            "name": "exampleUser",
            "roles": [],
            "roles_links": [],
            "username": "exampleUser"
        }
    }
}

------------------------------------------------------------------------------------------------

But, when I ran swift:

# swift -v -A http://localhost:9199/auth/v2.0 -U exampleTenant:exampleUser -K example stat

I got:

Auth GET failed: http://localhost:9199/auth/v2.0/ 401 Unauthorized

and I saw the message in /var/log/syslog with:

May 17 16:14:36 staging-proxy01-infra staging-proxy01-infra STDOUT: No handlers could be found for logger "keystone.middleware.auth_token" (txn: tx3ed2abe112b248d29d507c674d2683e3)

Changed in keystone:
assignee: nobody → jagan kumar kotipatruni (jagankumar-k)
description: updated
Dolph Mathews (dolph)
summary: - swift command got 401 Unauthorised error with keystone
+ swift command got 401 Unauthorized error with keystone
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.