Hello, You probably want to have latest keystone version, if you want to test swift-keystone2 pretty easily you can use devstack (http://devstack.org) which has swift and keystone2 integrated. You just have to make sure to have swift enabled in ENABLED_SERVICES variable.
Chmouel. On Thu, Nov 3, 2011 at 5:38 PM, Li Hua <nea...@gmail.com> wrote: > > Hi Chmouel, > Thank you for your information. > > I installed swift-keystone2 and modified proxy-server.conf. > BUT authentication maybe not work well. for example, I want to check demo's > status using the > following command. > [root@node01 ~]# swift -A http://127.0.0.1:5000/v1.0 -U demo -K password stat > Account HEAD failed: http://api.cloud.com:8080/v1/AUTH_2 403 Forbidden > [root@node01 ~]# swift -A http://127.0.0.1:5000/v1.0 -U demo -K password post > test_container > Container POST failed: http://api.cloud.com:8080/v1/AUTH_2/test_container 403 > Forbidden > ALL operation (HEAD/PUT/POST/GET) will be returned with 403 Forbidden. > But if I change proxy-server.conf back to the old config. ALL operation > (HEAD/PUT/POST/GET) > are ok. > Keystone version: openstack-keystone-2011.3-b475.noarch > Swift version: > openstack-swift-1.4.3-b447.noarch > openstack-swift-account-1.4.3-b447.noarch > openstack-swift-proxy-1.4.3-b447.noarch > openstack-swift-object-1.4.3-b447.noarch > openstack-swift-container-1.4.3-b447.noarch > proxy-server.conf > [DEFAULT] > bind_port = 8080 > user = swift > [pipeline:main] > pipeline = catch_errors cache keystone2 proxy-server > [app:proxy-server] > use = egg:swift#proxy > account_autocreate = true > log_facility = LOG_LOCAL1 > log_level = DEBUG > [filter:keystone2] > use = egg:swiftkeystone2#keystone2 > keystone_admin_token = 999888777666 > keystone_url = http://127.0.0.1:5001/v2.0 ( 5001 for admin api port, 5000 > for service api port) > [filter:cache] > use = egg:swift#memcache > set log_name = cache > [filter:catch_errors] > use = egg:swift#catch_errors > > Does it need to upgrade keystone to the latest version ? How to debug > keystone2 ? > > Regards, > Li Hua > > > On Thu, Nov 3, 2011 at 3:29 PM, Chmouel Boudjnah > <chmouel.boudj...@rackspace.co.uk> wrote: >> >> Hi Li, >> Swift middleware shipped with keystone doesn't support ACL, you may want to >> try this middleware instead : >> https://github.com/cloudbuilders/swift-keystone2 >> Chmouel. >> On 3 Nov 2011, at 05:45, Li Hua wrote: >> >> Hi Folks, >> I set up a SAIO test environment in RHEL6.1 >> using openstack-swift-1.4.3-b447.noarch from >> http://yum.griddynamics.net/yum/diablo-centos/ . >> I want to test the container Read/Write access permission using the >> following steps. >> Creating a container with read access permission for anyone. >> [root@node01 ~]# swift -A http://127.0.0.1:5000/v1.0 -U demo -K password >> post -r '.r:*' testcontainer >> >> Checking the stat of container: >> [root@node01 ~]# swift -A http://127.0.0.1:5000/v1.0 -U demo -K password >> stat testcontainer Account: AUTH_2 >> Container: testcontainer >> Objects: 0 >> Bytes: 0 >> Read ACL: >> Write ACL: >> Sync To: >> Sync Key: >> Accept-Ranges: bytes >> X-Trans-Id: tx1c0e9c6220ea433a90713c160a88b33f >> >> It seems that testcontainer still has no Read ACL. Any comments ? thanks. >> >> Regards, >> Li Hua >> >> >> >> Chmouel Boudjnah >> Cloud Product Engineer >> Tel: +442087344212 >> Fax: +44 20 8606 6111 >> Web:www.rackspace.co.uk >> >> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp