The URL http://192.168.20.7:5000/auth/v1.0 is not one supported by keystone; does that command work if you use http://<AUTH_HOSTNAME>:5000/v2.0 instead?
For anyone interested, direct link to the doc in question: http://docs.openstack.org/essex/openstack-compute/install/apt/content/verify-swift-installation.html -Dolph On Sat, Jun 16, 2012 at 6:04 AM, udit agarwal <[email protected]> wrote: > Hi, > I am setting up openstack in my lab. I followed the manual > http://docs.openstack.org/essex/openstack-compute/install/apt/content/for > installing & configuring it. I have already setup keystone, glance and > swift all well on my system. But I am having problems in setting up swift. > The command "swift -V 2.0 -A http://192.168.20.7:5000/v2.0 -U > openstackDemo:adminUser -K 1234qwer stat" worked fine. But when I > executed the command "curl -k -v -H 'X-Storage-User: > openstackDemo:adminUser' -H 'X-Storage-Pass: 1234qwer' > http://192.168.20.7:5000/auth/v1.0";, I got the following output: > > * About to connect() to 192.168.20.7 port 5000 (#0) > * Trying 192.168.20.7... > * connected > * Connected to 192.168.20.7 (192.168.20.7) port 5000 (#0) > > GET /auth/v1.0 HTTP/1.1 > > User-Agent: curl/7.22.0 (x86_64-unknown-linux-gnu) libcurl/7.25.0 > OpenSSL/1.0.1c zlib/1.2.5 libidn/1.22 libssh2/1.4.0 > > Host: 192.168.20.7:5000 > > Accept: */* > > X-Storage-User: openstackDemo:adminUser > > X-Storage-Pass: 1234qwer > > > < HTTP/1.1 404 Not Found > < Content-Length: 154 > < Content-Type: text/html; charset=UTF-8 > < Date: Sat, 16 Jun 2012 08:04:57 GMT > < > <html> > <head> > <title>404 Not Found</title> > </head> > <body> > <h1>404 Not Found</h1> > The resource could not be found.<br /><br /> > > > > </body> > * Connection #0 to host 192.168.20.7 left intact > * Closing connection #0 > > My proxy-server.conf file is as follows: > > [DEFAULT] > # bind_ip = 0.0.0.0 > bind_port = 8888 > # backlog = 4096 > # swift_dir = /etc/swift > #workers = 8 > user = swift > #cert_file = /etc/swift/cert.crt > #key_file = /etc/swift/cert.key > # expiring_objects_container_divisor = 86400 > # You can specify default log routing here if you want: > # log_name = swift > # log_facility = LOG_LOCAL0 > # log_level = INFO > > [pipeline:main] > pipeline = catch_errors healthcheck cache authtoken keystone proxy-server > > [app:proxy-server] > use = egg:swift#proxy > # You can override the default log routing for this app here: > # set log_name = proxy-server > # set log_facility = LOG_LOCAL0 > # set log_level = INFO > # set access_log_name = proxy-server > # set access_log_facility = LOG_LOCAL0 > # set access_log_level = INFO > # set log_headers = False > # recheck_account_existence = 60 > # recheck_container_existence = 60 > # object_chunk_size = 8192 > # client_chunk_size = 8192 > # node_timeout = 10 > # client_timeout = 60 > # conn_timeout = 0.5 > # How long without an error before a node's error count is reset. This will > # also be how long before a node is reenabled after suppression is > triggered. > # error_suppression_interval = 60 > # How many errors can accumulate before a node is temporarily ignored. > # error_suppression_limit = 10 > # If set to 'true' any authorized user may create and delete accounts; if > # 'false' no one, even authorized, can. > #allow_account_management = true > # Set object_post_as_copy = false to turn on fast posts where only the > metadata > # changes are stored anew and the original data file is kept in place. This > # makes for quicker posts; but since the container metadata isn't updated > in > # this mode, features like container sync won't be able to sync posts. > # object_post_as_copy = true > # If set to 'true' authorized accounts that do not yet exist within the > Swift > # cluster will be automatically created. > account_autocreate = true > # If set to a positive value, trying to create a container when the account > # already has at least this maximum containers will result in a 403 > Forbidden. > # Note: This is a soft limit, meaning a user might exceed the cap for > # recheck_account_existence before the 403s kick in. > # max_containers_per_account = 0 > # This is a comma separated list of account hashes that ignore the > # max_containers_per_account cap. > # max_containers_whitelist = > > # [filter:tempauth] > # use = egg:swift#tempauth > # You can override the default log routing for this filter here: > # set log_name = tempauth > # set log_facility = LOG_LOCAL0 > # set log_level = INFO > # set log_headers = False > # The reseller prefix will verify a token begins with this prefix before > even > # attempting to validate it. Also, with authorization, only Swift storage > # accounts with this prefix will be authorized by this middleware. Useful > if > # multiple auth systems are in use for one Swift cluster. > # reseller_prefix = AUTH > # The auth prefix will cause requests beginning with this prefix to be > routed > # to the auth subsystem, for granting tokens, etc. > # auth_prefix = /auth/ > # token_life = 86400 > # This is a comma separated list of hosts allowed to send > X-Container-Sync-Key > # requests. > # allowed_sync_hosts = 127.0.0.1 > # This allows middleware higher in the WSGI pipeline to override auth > # processing, useful for middleware such as tempurl and formpost. If you > know > # you're not going to use such middleware and you want a bit of extra > security, > # you can set this to false. > # allow_overrides = true > # Lastly, you need to list all the accounts/users you want here. The > format is: > # user_<account>_<user> = <key> [group] [group] [...] [storage_url] > # There are special groups of: > # .reseller_admin = can do anything to any account for this auth > # .admin = can do anything within the account > # If neither of these groups are specified, the user can only access > containers > # that have been explicitly allowed for them by a .admin or > .reseller_admin. > # The trailing optional storage_url allows you to specify an alternate url > to > # hand back to the user upon authentication. If not specified, this > defaults to > # http[s]://<ip>:<port>/v1/<reseller_prefix>_<account> where http or https > # depends on whether cert_file is specified in the [DEFAULT] section, <ip> > and > # <port> are based on the [DEFAULT] section's bind_ip and bind_port > (falling > # back to 127.0.0.1 and 8080), <reseller_prefix> is from this section, and > # <account> is from the user_<account>_<user> name. > # Here are example entries, required for running the tests: > # user_admin_admin = admin .admin .reseller_admin > https://192.168.20.7:8080/v1/AUTH_admin > # user_test_tester = testing .admin https://192.168.20.7:8080/v1/AUTH_test > # user_test2_tester2 = testing2 .admin > # user_test_tester3 = testing3 > > > # [filter:swauth] > #use = egg:swauth#swauth > #super_admin_key = 1234qwer > #default_swift_cluster = local#https://192.168.20.7:8080/v1 > > [filter:keystone] > paste.filter_factory = keystone.middleware.swift_auth:filter_factory > operator_roles = admin, swiftoperator > #default_swift_cluster = local#http://192.168.20.7:5000/v1 > > [filter:authtoken] > paste.filter_factory = keystone.middleware.auth_token:filter_factory > delay_auth_decision = 10 > service_port = 5000 > service_host = 127.0.0.1 > auth_port = 35357 > auth_host = 127.0.0.1 > auth_token = ADMIN > admin_token = ADMIN > #default_swift_cluster = local#http://192.168.20.7:5000/v1 > auth_protocol = http > > [filter:healthcheck] > use = egg:swift#healthcheck > # You can override the default log routing for this filter here: > # set log_name = healthcheck > # set log_facility = LOG_LOCAL0 > # set log_level = INFO > # set log_headers = False > > [filter:cache] > use = egg:swift#memcache > # You can override the default log routing for this filter here: > set log_name = cache > # set log_facility = LOG_LOCAL0 > # set log_level = INFO > # set log_headers = False > # Default for memcache_servers is to try to read the property from > # memcache.conf (see memcache.conf-sample) or lacking that file, it will > # default to the value below. You can specify multiple servers separated > with > # commas, as in: 10.1.2.3:11211,10.1.2.4:11211 > #memcache_servers = 192.168.20.7:11211 > > # [filter:ratelimit] > # use = egg:swift#ratelimit > # You can override the default log routing for this filter here: > # set log_name = ratelimit > # set log_facility = LOG_LOCAL0 > # set log_level = INFO > # set log_headers = False > # clock_accuracy should represent how accurate the proxy servers' system > clocks > # are with each other. 1000 means that all the proxies' clock are accurate > to > # each other within 1 millisecond. No ratelimit should be higher than the > # clock accuracy. > # clock_accuracy = 1000 > # max_sleep_time_seconds = 60 > # log_sleep_time_seconds of 0 means disabled > # log_sleep_time_seconds = 0 > # allows for slow rates (e.g. running up to 5 sec's behind) to catch up. > # rate_buffer_seconds = 5 > # account_ratelimit of 0 means disabled > # account_ratelimit = 0 > > # these are comma separated lists of account names > # account_whitelist = a,b > # account_blacklist = c,d > > # with container_limit_x = r > # for containers of size x limit requests per second to r. The container > # rate will be linearly interpolated from the values given. With the values > # below, a container of size 5 will get a rate of 75. > # container_ratelimit_0 = 100 > # container_ratelimit_10 = 50 > # container_ratelimit_50 = 20 > > # [filter:domain_remap] > # use = egg:swift#domain_remap > # You can override the default log routing for this filter here: > # set log_name = domain_remap > # set log_facility = LOG_LOCAL0 > # set log_level = INFO > # set log_headers = False > # storage_domain = example.com > # path_root = v1 > # reseller_prefixes = AUTH > > [filter:catch_errors] > use = egg:swift#catch_errors > # You can override the default log routing for this filter here: > # set log_name = catch_errors > # set log_facility = LOG_LOCAL0 > # set log_level = INFO > # set log_headers = False > > # [filter:cname_lookup] > # Note: this middleware requires python-dnspython > # use = egg:swift#cname_lookup > # You can override the default log routing for this filter here: > # set log_name = cname_lookup > # set log_facility = LOG_LOCAL0 > # set log_level = INFO > # set log_headers = False > # storage_domain = example.com > # lookup_depth = 1 > > # Note: Put staticweb just after your auth filter(s) in the pipeline > # [filter:staticweb] > # use = egg:swift#staticweb > # Seconds to cache container x-container-meta-web-* header values. > # cache_timeout = 300 > # You can override the default log routing for this filter here: > # set log_name = staticweb > # set log_facility = LOG_LOCAL0 > # set log_level = INFO > # set access_log_name = staticweb > # set access_log_facility = LOG_LOCAL0 > # set access_log_level = INFO > # set log_headers = False > > # Note: Put tempurl just before your auth filter(s) in the pipeline > # [filter:tempurl] > # use = egg:swift#tempurl > # > # The headers to remove from incoming requests. Simply a whitespace > delimited > # list of header names and names can optionally end with '*' to indicate a > # prefix match. incoming_allow_headers is a list of exceptions to these > # removals. > # incoming_remove_headers = x-timestamp > # > # The headers allowed as exceptions to incoming_remove_headers. Simply a > # whitespace delimited list of header names and names can optionally end > with > # '*' to indicate a prefix match. > # incoming_allow_headers = > # > # The headers to remove from outgoing responses. Simply a whitespace > delimited > # list of header names and names can optionally end with '*' to indicate a > # prefix match. outgoing_allow_headers is a list of exceptions to these > # removals. > # outgoing_remove_headers = x-object-meta-* > # > # The headers allowed as exceptions to outgoing_remove_headers. Simply a > # whitespace delimited list of header names and names can optionally end > with > # '*' to indicate a prefix match. > # outgoing_allow_headers = x-object-meta-public-* > > # Note: Put formpost just before your auth filter(s) in the pipeline > # [filter:formpost] > # use = egg:swift#formpost > > # Note: Just needs to be placed before the proxy-server in the pipeline. > # [filter:name_check] > # use = egg:swift#name_check > # forbidden_chars = '"`<> > # maximum_length = 255 > > Can anybody help me with this?? > Thanks in advance. > > --Udit Agarwal > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : [email protected] > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
