OpenStack Identity (keystone)

Issues running keystone swift with no S3

Bug #956562 reported by Joe Gordon
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Invalid
Undecided
Unassigned

Bug Description

If we follow the instructions on this page :

http://keystone.openstack.org/configuringservices.html

and use the non S3 config (in swift-proxy.conf) with the simple pipeline :
[pipeline:main]
pipeline = catch_errors healthcheck cache tokenauth keystone proxy-server

we can't authenticate using the simple curl command we use to use :
curl -k -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' https://192.168.240.13:8080/auth/v1.0

we get a 401 response and no connection from swift to keystone.

If we enable the S3 stuff, it looks like swift is requesting /s3tokens instead of /v2.0/s3tokens and we get this error :
2012-03-15 14:28:54 DEBUG [routes.middleware] No route matched for POST /s3tokens

[DEFAULT]
bind_port = 8080
bind_ip = 0.0.0.0
user = swift
cert_file = /etc/swift/auth-cert.pem
key_file = /etc/swift/auth-key.pem
log_name = swift
log_facility = LOG_LOCAL1
log_level = DEBUG
workers = 1

[pipeline:main]
# broken but in doc
# pipeline = cache tokenauth keystone proxy-server
# working
pipeline = cache swift3 s3token tokenauth keystone proxy-server

[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true

[filter:swift3]
use = egg:swift#swift3
log_facility = LOG_LOCAL1

[filter:keystone]
paste.filter_factory = keystone.middleware.swift_auth:filter_factory
operator_roles = Member, admin

[filter:s3token]
paste.filter_factory = keystone.middleware.s3_token:filter_factory
service_port = 5000
service_host = 192.168.240.19
auth_port = 35357
auth_host = 192.168.240.19
auth_protocol = http
auth_token = ADMIN
admin_token = ADMIN

[filter:tokenauth]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_port = 5000
service_host = 192.168.240.19
auth_port = 35357
auth_host = 192.168.240.19
auth_protocol = http
auth_token = ADMIN
admin_token =ADMIN
admin_tenant_name = service
admin_user = swift
admin_password = secrete
cache = swift.cache

Revision history for this message
Chmouel Boudjnah (chmouel) wrote :

as noted in the documentation you need to auth against keystone not swift itself a very rough shell script available here would show to do that: http://p.chmouel.com/ks

Changed in keystone:
status: New → Invalid
Revision history for this message
Joseph Heck (heckj) wrote :

chmouel's script was handy, so made it a gist: https://gist.github.com/2048157

Revision history for this message
Thanathip Limna (boatkrap-3) wrote :

I got this problem when I need s3token authentication from swift. Please check your keystone configuration that has [filter:s3_extension] section in your keystone configuration. If it disappear on keystone.conf that is a problem because the default keystone.conf didn't add this section. I add configuration below:

[filter:s3_extension]
paste.filter_factory = keystone.contrib.s3:S3Extension.factory

# and modify api

[pipeline:public_api]
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension public_service

[pipeline:admin_api]
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension crud_extension admin_service

Then restart keystone and try it again.
If you have same problem like me, maybe this solution can help you.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.