I'm not sure to understand exactly your issue but since your setup includes ceilometer, I can just give you a hint for the ceilometer/swift integration. You have to create a 'ResellerAdmin' role and assign that role to your ceilometer user. Alternatively you can define the 'reseller_admin_role' parameter (default value=ResellerAdmin) in the [filter:authtoken] section of /etc/swift/proxy-server.conf.

Le 16/04/2013 12:04, Axel Christiansen a écrit :
Dear List,

i got stuck with a setup of openstack grizzly. This setup consists of:

- swift proxy
- swift storage nodes
- keystone
- ceilometer

I kept browsing the web and reading openstack docs for days now and
can't just get it working right. Because of openstacks diversity a
wasn't able to find something really similar to my situation.

The thing is, i changed swift-proxy from using swauth to keystone.
Keystone and swift-proxy do interact all right as fare as i can say.
What i can't get working is that simple webpage which gave the ability
to log in as superuser, adding new user and so on. It is that webpart
that connects to the proxy on port 8080, respectively port 8888.

Thx o lot for taking a look into this.

Theses are the browser urls i try:

(delay_auth_decision = 1)
bad url
Apr 16 11:49:31 ns-proxy01 swift-proxy Calling Swift3 Middleware (txn:
Apr 16 11:49:31 ns-proxy01 swift-proxy {'headers': {'Accept-Language':
'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip,
deflate', 'Host': 'backend', 'Accept':
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0)
Gecko/20100101 Firefox/20.0', 'Connection': 'close', 'Content-Type':
None}, 'environ': {'SCRIPT_NAME': '', 'REQUEST_METHOD': 'GET',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101
Firefox/20.0', 'HTTP_CONNECTION': 'close', 'eventlet.posthooks': [],
'eventlet.input': <eventlet.wsgi.Input object at 0x1d93f10>,
'wsgi.url_scheme': 'http', 'SERVER_PORT': '8888', 'wsgi.input':
<swift.common.utils.InputProxy object at 0x2691050>, 'HTTP_HOST':
'backend', 'swift.cache': <swift.common.memcached.MemcacheRing object at
0x268a750>, 'wsgi.multithread': True, 'HTTP_ACCEPT':
'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once':
False, 'wsgi.errors': <swift.common.utils.LoggerFileObject object at
0x1656190>, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE':
'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'swift.trans_id':
'txcfde073b9ffe4f379da392056e2176de', 'CONTENT_TYPE': None,
'HTTP_ACCEPT_ENCODING': 'gzip, deflate'}}
Apr 16 11:49:31 ns-proxy01 swift-proxy Authorizing as anonymous (txn:
Apr 16 11:49:31 ns-proxy01 swift-proxy
16/Apr/2013/09/49/31 GET /auth/ HTTP/1.0 412 -
- - 7 - txcfde073b9ffe4f379da392056e2176de - 0.0003 -

(delay_auth_decision = 0)
401 Unauthorized
Apr 16 11:56:35 ns-proxy01 swift-proxy Calling Swift3 Middleware (txn:
Apr 16 11:56:35 ns-proxy01 swift-proxy {'headers': {'Accept-Language':
'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip,
deflate', 'Host': 'backend', 'Accept':
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0)
Gecko/20100101 Firefox/20.0', 'Connection': 'close', 'Cache-Control':
'max-age=0', 'Content-Type': None}, 'environ': {'SCRIPT_NAME': '',
'HTTP/1.0', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X
10.8; rv:20.0) Gecko/20100101 Firefox/20.0', 'HTTP_CONNECTION': 'close',
'eventlet.posthooks': [], 'SERVER_NAME': '', 'REMOTE_ADDR':
'', 'eventlet.input': <eventlet.wsgi.Input object at
0x1fa41d0>, 'wsgi.url_scheme': 'http', 'SERVER_PORT': '8888',
'wsgi.input': <swift.common.utils.InputProxy object at 0x1fa40d0>,
'HTTP_HOST': 'backend', 'swift.cache':
<swift.common.memcached.MemcacheRing object at 0x288e750>,
'wsgi.multithread': True, 'HTTP_CACHE_CONTROL': 'max-age=0',
'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once':
False, 'wsgi.errors': <swift.common.utils.LoggerFileObject object at
0x185e190>, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE':
'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'swift.trans_id':
'tx508b08866bbc410399543d98cafa2856', 'CONTENT_TYPE': None,
'HTTP_ACCEPT_ENCODING': 'gzip, deflate'}}


root@ns-proxy01:/etc/swift# swift -V 2.0 -A -U admin -K XXX stat
    Account: AUTH_c2dc53651a73430db9e0551fca4200de
Containers: 4354
    Objects: 2622
      Bytes: 114207
Accept-Ranges: bytes
X-Timestamp: 1365601461.87732
X-Trans-Id: txa6273bb374d5468da6e4b6ad48929762
Content-Type: text/plain; charset=utf-8

root@ns-proxy01:/etc/swift# keystone --debug user-list
REQ: curl -i -X GET -H "User-Agent:
python-keystoneclient" -H "X-Auth-Token: 6IHBKKwfVnHZf5ifGiQaRQL5u3hdYtPe"
RESP: [200] {'date': 'Tue, 16 Apr 2013 09:39:37 GMT', 'content-type':
'application/json', 'content-length': '860', 'vary': 'X-Auth-Token'}
RESP BODY: {"users": [{"name": "glance", "id":
"03c928bae5ad4a9f90be425c1ff554dd", "tenantId":
"054ca85bca2e44c29cf4730e1450517f", "enabled": true, "email": null},
{"name": "nova", "id": "140239db8d0244fca7545b76b60ffacd", "tenantId":
"054ca85bca2e44c29cf4730e1450517f", "enabled": true, "email": null},
{"name": "swift", "id": "3bad84eee3b4432b915b469e1cfef628", "tenantId":
"054ca85bca2e44c29cf4730e1450517f", "enabled": true, "email": null},
{"name": "ec2", "id": "5f3a39c203b249d4ba003bba7fdca300", "tenantId":
"054ca85bca2e44c29cf4730e1450517f", "enabled": true, "email": null},
{"name": "admin", "id": "9d7d6509ffee4a82ad52fe5555e8733c", "tenantId":
"c2dc53651a73430db9e0551fca4200de", "enabled": true, "email": null},
{"name": "ceilometer", "id": "cde44fe9c6d446da99ea370b88ec7d63",
"tenantId": "054ca85bca2e44c29cf4730e1450517f", "enabled": true,
"email": null}]}

|                id                |    name    | enabled | email |
| 9d7d6509ffee4a82ad52fe5555e8733c |   admin    |   True  |       |
| cde44fe9c6d446da99ea370b88ec7d63 | ceilometer |   True  |       |
| 5f3a39c203b249d4ba003bba7fdca300 |    ec2     |   True  |       |
| 03c928bae5ad4a9f90be425c1ff554dd |   glance   |   True  |       |
| 140239db8d0244fca7545b76b60ffacd |    nova    |   True  |       |
| 3bad84eee3b4432b915b469e1cfef628 |   swift    |   True  |       |

root@ns-proxy01:/etc/swift# curl -k -v -H 'X-Storage-User: admin' -H
'X-Storage-Pass: XXX' -X 'POST'
* About to connect() to port 35357 (#0)
*   Trying connected
POST /v2.0/auth HTTP/1.1
User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0
OpenSSL/1.0.1 zlib/ libidn/1.23 librtmp/2.3
Accept: */*
X-Storage-User: admin
X-Storage-Pass: XXX

< HTTP/1.1 404 Not Found
< Vary: X-Auth-Token
< Content-Type: application/json
< Content-Length: 93
< Date: Tue, 16 Apr 2013 09:41:36 GMT
* Connection #0 to host left intact
* Closing connection #0
{"error": {"message": "The resource could not be found.", "code": 404,
"title": "Not Found"}}


bind_port = 8888
workers = 8
user = swift
log_name = swift-proxy
log_facility = LOG_LOCAL0
log_level = DEBUG

pipeline = ceilometer catch_errors healthcheck cache tempurl swift3
authtoken keystoneauth proxy-logging proxy-server

use = egg:swift#proxy
allow_account_management = true
account_autocreate = true

use = egg:swift3#swift3

paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
delay_auth_decision = 1
service_port = 5000
service_host =
auth_protocol = http
auth_host =
auth_port = 35357
auth_uri =
#auth_token = xxxxxxxxxxxxxxxxxxxx
#admin_tenant_name = service
#admin_user = swift
#admin_password = xxxxxxxxxxxxxxxxxxxx
admin_token = xxxxxxxxxxxxxxxxxxxx
cache = swift.cache
signing_dir = /tmp/keystone-signing-swift

use = egg:swift#keystoneauth
operator_roles = admin, swiftoperator
#default_swift_cluster =
allow_account_management = true
allow_overrides = true

use = egg:swift#healthcheck

use = egg:ceilometer#swift

use = egg:swift#memcache
memcache_servers =,

use = egg:swift#tempurl

use = egg:swift#catch_errors

use = egg:swift#proxy_logging

admin_token = 6IHBKKwfVnHZf5ifGiQaRQL5u3hdYtPe
bind_host =
public_port = 5000
admin_port = 35357
compute_port = 8774
debug = True
verbose = True
log_file = keystone.log
log_dir = /var/log/keystone
use_syslog = False

connection = mysql://keystone:xxxxxxxxxxxxxxxx@
idle_timeout = 200
min_pool_size = 5
max_pool_size = 10
pool_timeout = 200

driver = keystone.identity.backends.sql.Identity

driver = keystone.catalog.backends.sql.Catalog
driver = keystone.token.backends.sql.Token
expiration = 86400
driver = keystone.policy.backends.sql.Policy
driver = keystone.contrib.ec2.backends.kvs.Ec2
token_format = UUID
methods = password,token
password = keystone.auth.plugins.password.Password
token = keystone.auth.plugins.token.Token
paste.filter_factory = keystone.common.wsgi:Debug.factory
paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
paste.filter_factory = keystone.contrib.s3:S3Extension.factory
paste.filter_factory = keystone.middleware:NormalizingFilter.factory
paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory
paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory
paste.app_factory = keystone.service:public_app_factory
paste.app_factory = keystone.service:v3_app_factory
paste.app_factory = keystone.service:admin_app_factory
pipeline = access_log sizelimit stats_monitoring url_normalize
token_auth admin_token_auth xml_body json_body debug ec2_extension
user_crud_extension public_service
pipeline = access_log sizelimit stats_monitoring url_normalize
token_auth admin_token_auth xml_body json_body debug stats_reporting
ec2_extension s3_extension crud_extension admin_service
pipeline = access_log sizelimit stats_monitoring url_normalize
token_auth admin_token_auth xml_body json_body debug stats_reporting
ec2_extension s3_extension service_v3
paste.app_factory = keystone.service:public_version_app_factory
paste.app_factory = keystone.service:admin_version_app_factory
pipeline = access_log sizelimit stats_monitoring url_normalize xml_body
pipeline = access_log sizelimit stats_monitoring url_normalize xml_body
use = egg:Paste#urlmap
/v2.0 = public_api
/ = public_version_api
use = egg:Paste#urlmap
/v2.0 = admin_api
/ = admin_version_api

Mailing list: https://launchpad.net/~openstack
Post to     : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Simon Pasquier
Software Engineer
Bull, Architect of an Open World
Phone: + 33 4 76 29 71 49

Mailing list: https://launchpad.net/~openstack
Post to     : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Reply via email to