Issues running keystone swift with no S3

Bug #956562 reported by Joe Gordon on 2012-03-15
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Undecided
Unassigned

Bug Description

If we follow the instructions on this page :

http://keystone.openstack.org/configuringservices.html

and use the non S3 config (in swift-proxy.conf) with the simple pipeline :
[pipeline:main]
pipeline = catch_errors healthcheck cache tokenauth keystone proxy-server

we can't authenticate using the simple curl command we use to use :
curl -k -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' https://192.168.240.13:8080/auth/v1.0

we get a 401 response and no connection from swift to keystone.

If we enable the S3 stuff, it looks like swift is requesting /s3tokens instead of /v2.0/s3tokens and we get this error :
2012-03-15 14:28:54 DEBUG [routes.middleware] No route matched for POST /s3tokens

[DEFAULT]
bind_port = 8080
bind_ip = 0.0.0.0
user = swift
cert_file = /etc/swift/auth-cert.pem
key_file = /etc/swift/auth-key.pem
log_name = swift
log_facility = LOG_LOCAL1
log_level = DEBUG
workers = 1

[pipeline:main]
# broken but in doc
# pipeline = cache tokenauth keystone proxy-server
# working
pipeline = cache swift3 s3token tokenauth keystone proxy-server

[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true

[filter:swift3]
use = egg:swift#swift3
log_facility = LOG_LOCAL1

[filter:keystone]
paste.filter_factory = keystone.middleware.swift_auth:filter_factory
operator_roles = Member, admin

[filter:s3token]
paste.filter_factory = keystone.middleware.s3_token:filter_factory
service_port = 5000
service_host = 192.168.240.19
auth_port = 35357
auth_host = 192.168.240.19
auth_protocol = http
auth_token = ADMIN
admin_token = ADMIN

[filter:tokenauth]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_port = 5000
service_host = 192.168.240.19
auth_port = 35357
auth_host = 192.168.240.19
auth_protocol = http
auth_token = ADMIN
admin_token =ADMIN
admin_tenant_name = service
admin_user = swift
admin_password = secrete
cache = swift.cache

Chmouel Boudjnah (chmouel) wrote :

as noted in the documentation you need to auth against keystone not swift itself a very rough shell script available here would show to do that: http://p.chmouel.com/ks

Changed in keystone:
status: New → Invalid
Joseph Heck (heckj) wrote :

chmouel's script was handy, so made it a gist: https://gist.github.com/2048157

Thanathip Limna (boatkrap-3) wrote :

I got this problem when I need s3token authentication from swift. Please check your keystone configuration that has [filter:s3_extension] section in your keystone configuration. If it disappear on keystone.conf that is a problem because the default keystone.conf didn't add this section. I add configuration below:

[filter:s3_extension]
paste.filter_factory = keystone.contrib.s3:S3Extension.factory

# and modify api

[pipeline:public_api]
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension public_service

[pipeline:admin_api]
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension crud_extension admin_service

Then restart keystone and try it again.
If you have same problem like me, maybe this solution can help you.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers