GET /info returns 401 if Keystone is in use
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
[zaitcev@lembas ~]$ PYTHONPATH=
/hail/python-
DEBUG:keystonec
INFO:requests.
DEBUG:requests.
INFO:requests.
DEBUG:requests.
INFO:swiftclien
INFO:swiftclien
INFO:swiftclien
INFO:swiftclien
Capabilities GET failed: https:/
Failed Transaction ID: tx31e5e3aead4a4
[zaitcev@lembas ~]$
[root@rhev-a24c-01 ~]# grep pipeline /etc/swift/
[pipeline:main]
#pipeline = healthcheck cache proxy-logging tempauth proxy-server
#pipeline = healthcheck cache proxy-logging authtoken keystone proxy-server
#pipeline = catch_errors gatekeeper healthcheck proxy-logging cache swift3 tempauth staticweb copy slo dlo versioned_writes proxy-logging proxy-server
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache swift3 authtoken keystone staticweb copy slo dlo versioned_writes proxy-logging proxy-server
# Note: The double proxy-logging in the pipeline is not a mistake. The
Note 1. User can create containers, so no issue with roles
Note 2. Switch to TempAuth and /info works even without authentication, like this:
curl -k https:/
Note 3.
[root@rhev-a24c-01 ~]# rpm -qa | grep keystone | sort
openstack-
python-
python-
python-
[root@rhev-a24c-01 ~]# rpm -qa | grep swift | sort
openstack-
openstack-
python-
description: | updated |
FYI: works fine in my Mitaka environment.
Do you have delay_auth_decision = true in [filter:authtoken]? By removing delay_auth_ decision, I can reproduce your result. For Swift, delay_auth_decision should be set to true (if you want ACLs to work).