The mystery seems solved. There it a webadmin for swauth. https://github.com/gholt/swauth#web-admin-install
Does there exists is similar thing for keystone? Regards, Axel Am 16.04.13 14:53, schrieb Axel Christiansen: > > > Thanks for your quick reply, Simon, > > > The role ResellerAdmin does exists and looks good, does it? > > root@ns-proxy01:/etc/swift# keystone user-get ceilometer > +----------+----------------------------------+ > | Property | Value | > +----------+----------------------------------+ > | email | | > | enabled | True | > | id | cde44fe9c6d446da99ea370b88ec7d63 | > | name | ceilometer | > | tenantId | 054ca85bca2e44c29cf4730e1450517f | > +----------+----------------------------------+ > root@ns-proxy01:/etc/swift# keystone user-role-list --user-id > cde44fe9c6d446da99ea370b88ec7d63 --tenant-id > 054ca85bca2e44c29cf4730e1450517f > +----------------------------------+---------------+----------------------------------+----------------------------------+ > | id | name | user_id > | tenant_id | > +----------------------------------+---------------+----------------------------------+----------------------------------+ > | c2df2bc0fd6f404794565f10cc0e5e7a | ResellerAdmin | > cde44fe9c6d446da99ea370b88ec7d63 | 054ca85bca2e44c29cf4730e1450517f | > | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | > cde44fe9c6d446da99ea370b88ec7d63 | 054ca85bca2e44c29cf4730e1450517f | > +----------------------------------+---------------+----------------------------------+----------------------------------+ > > And i can see ceilometer log entrys, counting bytes. So that looks good. > > > > > My issue it, that with the old swauth setup there was a real simple web > based user manager. > > surfing to "http://my.swift.proxy:8888/auth/" was the entry url to this > sort of user manager. But now, after the change to keystone, i get http > result codes like 412 or 401. > > > Since i inherit this setup i even do not know for sure if this > swift-user-manager it actually a part of swift. i believe so. > > > Can please one confirm which urls do work on swift-proxy http port > 8080/8888 (proxy-server.conf -> [DEFAULT] -> bind_port). Should "/auth/" > return a page? > > > Thank you. Axel > > > > > Am 16.04.13 12:41, schrieb Simon Pasquier: >> Hi, >> I'm not sure to understand exactly your issue but since your setup >> includes ceilometer, I can just give you a hint for the ceilometer/swift >> integration. >> You have to create a 'ResellerAdmin' role and assign that role to your >> ceilometer user. Alternatively you can define the 'reseller_admin_role' >> parameter (default value=ResellerAdmin) in the [filter:authtoken] >> section of /etc/swift/proxy-server.conf. >> Cheers, >> Simon >> >> Le 16/04/2013 12:04, Axel Christiansen a écrit : >>> Dear List, >>> >>> >>> i got stuck with a setup of openstack grizzly. This setup consists of: >>> >>> - swift proxy 1.0.8.1 >>> - swift storage nodes 1.0.8.1 >>> - keystone >>> - ceilometer >>> >>> >>> I kept browsing the web and reading openstack docs for days now and >>> can't just get it working right. Because of openstacks diversity a >>> wasn't able to find something really similar to my situation. >>> >>> >>> The thing is, i changed swift-proxy from using swauth to keystone. >>> Keystone and swift-proxy do interact all right as fare as i can say. >>> What i can't get working is that simple webpage which gave the ability >>> to log in as superuser, adding new user and so on. It is that webpart >>> that connects to the proxy on port 8080, respectively port 8888. >>> >>> >>> Thx o lot for taking a look into this. >>> Axel >>> >>> >>> >>> >>> Theses are the browser urls i try: >>> >>> (delay_auth_decision = 1) >>> http://the.swift.proxy:8888/auth/ >>> bad url >>> Apr 16 11:49:31 ns-proxy01 swift-proxy Calling Swift3 Middleware (txn: >>> txcfde073b9ffe4f379da392056e2176de) >>> Apr 16 11:49:31 ns-proxy01 swift-proxy {'headers': {'Accept-Language': >>> 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, >>> deflate', 'Host': 'backend', 'Accept': >>> 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', >>> 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) >>> Gecko/20100101 Firefox/20.0', 'Connection': 'close', 'Content-Type': >>> None}, 'environ': {'SCRIPT_NAME': '', 'REQUEST_METHOD': 'GET', >>> 'PATH_INFO': '/auth/', 'SERVER_PROTOCOL': 'HTTP/1.0', 'HTTP_USER_AGENT': >>> 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101 >>> Firefox/20.0', 'HTTP_CONNECTION': 'close', 'eventlet.posthooks': [], >>> 'SERVER_NAME': '10.42.44.101', 'REMOTE_ADDR': '10.42.44.5', >>> 'eventlet.input': <eventlet.wsgi.Input object at 0x1d93f10>, >>> 'wsgi.url_scheme': 'http', 'SERVER_PORT': '8888', 'wsgi.input': >>> <swift.common.utils.InputProxy object at 0x2691050>, 'HTTP_HOST': >>> 'backend', 'swift.cache': <swift.common.memcached.MemcacheRing object at >>> 0x268a750>, 'wsgi.multithread': True, 'HTTP_ACCEPT': >>> 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', >>> 'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once': >>> False, 'wsgi.errors': <swift.common.utils.LoggerFileObject object at >>> 0x1656190>, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE': >>> 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'swift.trans_id': >>> 'txcfde073b9ffe4f379da392056e2176de', 'CONTENT_TYPE': None, >>> 'HTTP_ACCEPT_ENCODING': 'gzip, deflate'}} >>> Apr 16 11:49:31 ns-proxy01 swift-proxy Authorizing as anonymous (txn: >>> txcfde073b9ffe4f379da392056e2176de) >>> Apr 16 11:49:31 ns-proxy01 swift-proxy 10.42.44.5 10.42.44.5 >>> 16/Apr/2013/09/49/31 GET /auth/ HTTP/1.0 412 - >>> Mozilla/5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010.8%3B%20rv%3A20.0%29%20Gecko/20100101%20Firefox/20.0 >>> >>> - - 7 - txcfde073b9ffe4f379da392056e2176de - 0.0003 - >>> >>> >>> (delay_auth_decision = 0) >>> http://the.swift.proxy:8888/auth/ >>> 401 Unauthorized >>> Apr 16 11:56:35 ns-proxy01 swift-proxy Calling Swift3 Middleware (txn: >>> tx508b08866bbc410399543d98cafa2856) >>> Apr 16 11:56:35 ns-proxy01 swift-proxy {'headers': {'Accept-Language': >>> 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, >>> deflate', 'Host': 'backend', 'Accept': >>> 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', >>> 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) >>> Gecko/20100101 Firefox/20.0', 'Connection': 'close', 'Cache-Control': >>> 'max-age=0', 'Content-Type': None}, 'environ': {'SCRIPT_NAME': '', >>> 'REQUEST_METHOD': 'GET', 'PATH_INFO': '/auth/', 'SERVER_PROTOCOL': >>> 'HTTP/1.0', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X >>> 10.8; rv:20.0) Gecko/20100101 Firefox/20.0', 'HTTP_CONNECTION': 'close', >>> 'eventlet.posthooks': [], 'SERVER_NAME': '10.42.44.101', 'REMOTE_ADDR': >>> '10.42.44.5', 'eventlet.input': <eventlet.wsgi.Input object at >>> 0x1fa41d0>, 'wsgi.url_scheme': 'http', 'SERVER_PORT': '8888', >>> 'wsgi.input': <swift.common.utils.InputProxy object at 0x1fa40d0>, >>> 'HTTP_HOST': 'backend', 'swift.cache': >>> <swift.common.memcached.MemcacheRing object at 0x288e750>, >>> 'wsgi.multithread': True, 'HTTP_CACHE_CONTROL': 'max-age=0', >>> 'HTTP_ACCEPT': >>> 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', >>> 'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once': >>> False, 'wsgi.errors': <swift.common.utils.LoggerFileObject object at >>> 0x185e190>, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE': >>> 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'swift.trans_id': >>> 'tx508b08866bbc410399543d98cafa2856', 'CONTENT_TYPE': None, >>> 'HTTP_ACCEPT_ENCODING': 'gzip, deflate'}} >>> >>> >>> >>> >>> >>> >>> export OS_SERVICE_TOKEN=XXX >>> export OS_SERVICE_ENDPOINT=http://10.42.44.101:35357/v2.0 >>> >>> >>> root@ns-proxy01:/etc/swift# swift -V 2.0 -A >>> http://10.42.44.101:5000/v2.0 -U admin -K XXX stat >>> Account: AUTH_c2dc53651a73430db9e0551fca4200de >>> Containers: 4354 >>> Objects: 2622 >>> Bytes: 114207 >>> Accept-Ranges: bytes >>> X-Timestamp: 1365601461.87732 >>> X-Trans-Id: txa6273bb374d5468da6e4b6ad48929762 >>> Content-Type: text/plain; charset=utf-8 >>> >>> >>> >>> >>> >>> root@ns-proxy01:/etc/swift# keystone --debug user-list >>> REQ: curl -i http://10.42.44.101:35357/v2.0/users -X GET -H "User-Agent: >>> python-keystoneclient" -H "X-Auth-Token: >>> 6IHBKKwfVnHZf5ifGiQaRQL5u3hdYtPe" >>> RESP: [200] {'date': 'Tue, 16 Apr 2013 09:39:37 GMT', 'content-type': >>> 'application/json', 'content-length': '860', 'vary': 'X-Auth-Token'} >>> RESP BODY: {"users": [{"name": "glance", "id": >>> "03c928bae5ad4a9f90be425c1ff554dd", "tenantId": >>> "054ca85bca2e44c29cf4730e1450517f", "enabled": true, "email": null}, >>> {"name": "nova", "id": "140239db8d0244fca7545b76b60ffacd", "tenantId": >>> "054ca85bca2e44c29cf4730e1450517f", "enabled": true, "email": null}, >>> {"name": "swift", "id": "3bad84eee3b4432b915b469e1cfef628", "tenantId": >>> "054ca85bca2e44c29cf4730e1450517f", "enabled": true, "email": null}, >>> {"name": "ec2", "id": "5f3a39c203b249d4ba003bba7fdca300", "tenantId": >>> "054ca85bca2e44c29cf4730e1450517f", "enabled": true, "email": null}, >>> {"name": "admin", "id": "9d7d6509ffee4a82ad52fe5555e8733c", "tenantId": >>> "c2dc53651a73430db9e0551fca4200de", "enabled": true, "email": null}, >>> {"name": "ceilometer", "id": "cde44fe9c6d446da99ea370b88ec7d63", >>> "tenantId": "054ca85bca2e44c29cf4730e1450517f", "enabled": true, >>> "email": null}]} >>> >>> +----------------------------------+------------+---------+-------+ >>> | id | name | enabled | email | >>> +----------------------------------+------------+---------+-------+ >>> | 9d7d6509ffee4a82ad52fe5555e8733c | admin | True | | >>> | cde44fe9c6d446da99ea370b88ec7d63 | ceilometer | True | | >>> | 5f3a39c203b249d4ba003bba7fdca300 | ec2 | True | | >>> | 03c928bae5ad4a9f90be425c1ff554dd | glance | True | | >>> | 140239db8d0244fca7545b76b60ffacd | nova | True | | >>> | 3bad84eee3b4432b915b469e1cfef628 | swift | True | | >>> +----------------------------------+------------+---------+-------+ >>> >>> >>> >>> >>> >>> >>> >>> root@ns-proxy01:/etc/swift# curl -k -v -H 'X-Storage-User: admin' -H >>> 'X-Storage-Pass: XXX' -X 'POST' http://10.42.44.101:35357/v2.0/auth >>> * About to connect() to 10.42.44.101 port 35357 (#0) >>> * Trying 10.42.44.101... connected >>>> POST /v2.0/auth HTTP/1.1 >>>> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 >>> OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3 >>>> Host: 10.42.44.101:35357 >>>> Accept: */* >>>> X-Storage-User: admin >>>> X-Storage-Pass: XXX >>>> >>> < HTTP/1.1 404 Not Found >>> < Vary: X-Auth-Token >>> < Content-Type: application/json >>> < Content-Length: 93 >>> < Date: Tue, 16 Apr 2013 09:41:36 GMT >>> < >>> * Connection #0 to host 10.42.44.101 left intact >>> * Closing connection #0 >>> {"error": {"message": "The resource could not be found.", "code": 404, >>> "title": "Not Found"}} >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> ############################################################# >>> swift-proxy.conf >>> >>> [DEFAULT] >>> bind_port = 8888 >>> workers = 8 >>> user = swift >>> log_name = swift-proxy >>> log_facility = LOG_LOCAL0 >>> log_level = DEBUG >>> >>> [pipeline:main] >>> pipeline = ceilometer catch_errors healthcheck cache tempurl swift3 >>> authtoken keystoneauth proxy-logging proxy-server >>> [app:proxy-server] >>> >>> use = egg:swift#proxy >>> allow_account_management = true >>> account_autocreate = true >>> >>> [filter:swift3] >>> use = egg:swift3#swift3 >>> >>> [filter:authtoken] >>> paste.filter_factory = >>> keystoneclient.middleware.auth_token:filter_factory >>> delay_auth_decision = 1 >>> service_port = 5000 >>> service_host = 127.0.0.1 >>> auth_protocol = http >>> auth_host = 127.0.0.1 >>> auth_port = 35357 >>> auth_uri = http://127.0.0.1:5000/ >>> #auth_token = xxxxxxxxxxxxxxxxxxxx >>> #admin_tenant_name = service >>> #admin_user = swift >>> #admin_password = xxxxxxxxxxxxxxxxxxxx >>> admin_token = xxxxxxxxxxxxxxxxxxxx >>> cache = swift.cache >>> signing_dir = /tmp/keystone-signing-swift >>> >>> [filter:keystoneauth] >>> use = egg:swift#keystoneauth >>> operator_roles = admin, swiftoperator >>> #default_swift_cluster = >>> netstorage#https://netstorage-ham1-de.internet4you.com:444/v1#http://127.0.0.1:8888/v1 >>> >>> allow_account_management = true >>> allow_overrides = true >>> >>> [filter:healthcheck] >>> use = egg:swift#healthcheck >>> >>> [filter:ceilometer] >>> use = egg:ceilometer#swift >>> >>> [filter:cache] >>> use = egg:swift#memcache >>> memcache_servers = 10.42.44.101:11211,10.42.44.102:11211 >>> >>> [filter:tempurl] >>> use = egg:swift#tempurl >>> >>> [filter:catch_errors] >>> use = egg:swift#catch_errors >>> >>> [filter:proxy-logging] >>> use = egg:swift#proxy_logging >>> ############################################################# >>> >>> >>> >>> >>> >>> ############################################################# >>> keystone.conf >>> [DEFAULT] >>> admin_token = 6IHBKKwfVnHZf5ifGiQaRQL5u3hdYtPe >>> bind_host = 0.0.0.0 >>> public_port = 5000 >>> admin_port = 35357 >>> compute_port = 8774 >>> debug = True >>> verbose = True >>> log_file = keystone.log >>> log_dir = /var/log/keystone >>> use_syslog = False >>> >>> [sql] >>> connection = mysql://keystone:xxxxxxxxxxxxxxxx@123.123.123.123/keystone >>> idle_timeout = 200 >>> min_pool_size = 5 >>> max_pool_size = 10 >>> pool_timeout = 200 >>> >>> [identity] >>> driver = keystone.identity.backends.sql.Identity >>> >>> [trust] >>> [catalog] >>> driver = keystone.catalog.backends.sql.Catalog >>> [token] >>> driver = keystone.token.backends.sql.Token >>> expiration = 86400 >>> [policy] >>> driver = keystone.policy.backends.sql.Policy >>> [ec2] >>> driver = keystone.contrib.ec2.backends.kvs.Ec2 >>> [ssl] >>> [signing] >>> token_format = UUID >>> [ldap] >>> [auth] >>> methods = password,token >>> password = keystone.auth.plugins.password.Password >>> token = keystone.auth.plugins.token.Token >>> [filter:debug] >>> paste.filter_factory = keystone.common.wsgi:Debug.factory >>> [filter:token_auth] >>> paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory >>> [filter:admin_token_auth] >>> paste.filter_factory = >>> keystone.middleware:AdminTokenAuthMiddleware.factory >>> [filter:xml_body] >>> paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory >>> [filter:json_body] >>> paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory >>> [filter:user_crud_extension] >>> paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory >>> [filter:crud_extension] >>> paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory >>> [filter:ec2_extension] >>> paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory >>> [filter:s3_extension] >>> paste.filter_factory = keystone.contrib.s3:S3Extension.factory >>> [filter:url_normalize] >>> paste.filter_factory = keystone.middleware:NormalizingFilter.factory >>> [filter:sizelimit] >>> paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory >>> [filter:stats_monitoring] >>> paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory >>> [filter:stats_reporting] >>> paste.filter_factory = keystone.contrib.stats:StatsExtension.factory >>> [filter:access_log] >>> paste.filter_factory = >>> keystone.contrib.access:AccessLogMiddleware.factory >>> [app:public_service] >>> paste.app_factory = keystone.service:public_app_factory >>> [app:service_v3] >>> paste.app_factory = keystone.service:v3_app_factory >>> [app:admin_service] >>> paste.app_factory = keystone.service:admin_app_factory >>> [pipeline:public_api] >>> pipeline = access_log sizelimit stats_monitoring url_normalize >>> token_auth admin_token_auth xml_body json_body debug ec2_extension >>> user_crud_extension public_service >>> [pipeline:admin_api] >>> pipeline = access_log sizelimit stats_monitoring url_normalize >>> token_auth admin_token_auth xml_body json_body debug stats_reporting >>> ec2_extension s3_extension crud_extension admin_service >>> [pipeline:api_v3] >>> pipeline = access_log sizelimit stats_monitoring url_normalize >>> token_auth admin_token_auth xml_body json_body debug stats_reporting >>> ec2_extension s3_extension service_v3 >>> [app:public_version_service] >>> paste.app_factory = keystone.service:public_version_app_factory >>> [app:admin_version_service] >>> paste.app_factory = keystone.service:admin_version_app_factory >>> [pipeline:public_version_api] >>> pipeline = access_log sizelimit stats_monitoring url_normalize xml_body >>> public_version_service >>> [pipeline:admin_version_api] >>> pipeline = access_log sizelimit stats_monitoring url_normalize xml_body >>> admin_version_service >>> [composite:main] >>> use = egg:Paste#urlmap >>> /v2.0 = public_api >>> / = public_version_api >>> [composite:admin] >>> use = egg:Paste#urlmap >>> /v2.0 = admin_api >>> / = admin_version_api >>> ############################################################# >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Mailing list: https://launchpad.net/~openstack >>> Post to : openstack@lists.launchpad.net >>> Unsubscribe : https://launchpad.net/~openstack >>> More help : https://help.launchpad.net/ListHelp >> >> > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp