[DEFAULT] bind_port = 8080 bind_ip = <ip> workers = 24 user = swift set log_level = DEBUG log_facility = LOG_LOCAL2
[pipeline:main] pipeline = healthcheck cache authtoken keystone proxy-server [app:proxy-server] use = egg:swift#proxy allow_account_management = true account_autocreate = true [filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory signing_dir = /etc/swift auth_host = <ip> auth_port = 35357 auth_protocol = http auth_uri = http://<ip>:5000 # if its defined admin_tenant_name = services admin_user = swift admin_password = <password> delay_auth_decision = 1 [filter:cache] use = egg:swift#memcache memcache_servers = 127.0.0.1:11211 [filter:catch_errors] use = egg:swift#catch_errors [filter:healthcheck] use = egg:swift#healthcheck [filter:ratelimit] use = egg:swift#ratelimit clock_accuracy = 1000 max_sleep_time_seconds = 60 log_sleep_time_seconds = 0 rate_buffer_seconds = 5 account_ratelimit = 0 [filter:keystone] paste.filter_factory = keystone.middleware.swift_auth:filter_factory operator_roles = admin, SwiftOperator is_admin = true cache = swift.cache [filter:proxy-logging] use = egg:swift#proxy_logging # If not set, logging directives from [DEFAULT] without "access_" will be used access_log_name = swift access_log_facility = LOG_LOCAL2 access_log_level = DEBUG On Tue, Mar 12, 2013 at 4:15 PM, Gareth <[email protected]> wrote: > Give your whole proxy.conf here. > > > On Tue, Mar 12, 2013 at 8:54 PM, Adam Huffman <[email protected]> > wrote: >> >> I'm having trouble with Swift, using Keystone auth, on Folsom. >> >> When I try something simple like 'swift stat', there are two errors: >> >> Firstly a logging error: >> >> <147>proxy-server STDOUT: No handlers could be found for logger >> "keystone.middleware.auth_token" >> >> More importantly, the authorization fails: >> >> Account HEAD failed: >> http://<ip>:8080/v1/AUTH_dfb9c6d687be4d34bceee256cc3cb123 401 >> Unauthorized >> >> With SWIFTCLIENT_DEBUG set, I can see there are two separate requests: >> >> curl -i http://<ip>:8080/v1/AUTH_dfb9c6d687be4d34bceee256cc3cb123 -X >> HEAD -H "X-Auth-Token: da38c4407cff40b69f236ef0da9d73e8" >> >> and two instances of: >> >> curl -i http://<ip>:8080/v1/AUTH_dfb9c6d687be4d34bceee256cc3cb123 -X >> HEAD -H "X-Auth-Token: 0fc76ee28c2e43f0929c7c3ef158830d" >> >> The proxy-server log for these requests is: >> >> proxy-server Authorizing as anonymous >> >> which is puzzling. The keystone log shows that real local credentials >> are being sent: >> >> 2013-03-12 12:46:11 DEBUG [keystone.common.wsgi] >> ******************** REQUEST BODY ******************** >> 2013-03-12 12:46:11 DEBUG [keystone.common.wsgi] {"auth": >> {"tenantName": "admin", "passwordCredentials": {"username": "admin", >> "password": "<password>"}}} >> >> then >> >> 2013-03-12 12:46:11 WARNING [keystone.common.wsgi] Authorization >> failed. Invalid user / password from <ip> >> 2013-03-12 12:46:11 DEBUG [keystone.common.wsgi] {"error": >> {"message": "Invalid user / password", "code": 401, "title": "Not >> Authorized"}} >> >> Keystone auth works for all the other services. >> >> Any suggestions appreciated. >> >> Adam >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : [email protected] >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp > > > > > -- > Gareth > Cloud Computing, Openstack, Fitness, Basketball > Novice Openstack contributer > My promise: if you find any spelling or grammar mistake in my email from Mar > 1 2013, notice me > and I'll donate 1$ or 1¥ to open organization specified by you. _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
