Hi Adam,
You can try command in thhis link ( http://docs.openstack.org/grizzly/openstack-compute/admin/content/configuring-swift-to-use-keystone.html) Thanks 2014-03-06 20:58 GMT+02:00 Adam Young <[email protected]>: > On 03/03/2014 02:24 PM, Adam Lawson wrote: > > Hola folks! > > I had a working Swift deployment (one proxy, 10 storage nodes) using > tempauth/swauth and with that config everything works fine. Add/remove > objects, list etc. I am now in the process of trying to integrate Keystone > and getting confused with number of possible problems the more I research > so I figured I'd post it here. > > I built a new Keystone server using the following documents: Configuring > keystone <http://docs.openstack.org/developer/keystone/configuration.html> I > also updated Swift to use Keystone using the following document: Configure > Swift to Use > Keystone<http://docs.openstack.org/developer/swift/overview_auth.html#configuring-swift-to-use-keystone> > > Problem: Unable to authenticate using service:swift + "password". I'm > mostly getting 401 Connection Refused errors and service catalog errors, > depending which method I try. What am I missing? > > > > Sounds like an SSL problem. Make sure your swift auth_token section has > the appropriate values set for SSL certs. > > *User-list in Keystone:* > > $ keystone user-list`<br> > +----------------------------------+---------+-------+-------+ > | id | enabled | email | name | > +----------------------------------+---------+-------+-------+ > | 3b26d681b7b5448b94c563b1d8bb55fd | True | None | admin | > | e186d19ab0ab4cc681b24196e76b9032 | True | None | swift | > +----------------------------------+---------+-------+-------+ > > *User-get in Keystone:* > > $ keystone user-get > e186d19ab0ab4cc681b24196e76b9032+----------+----------------------------------+| > Property | Value > |+----------+----------------------------------+| email | None > || enabled | True || id | > e186d19ab0ab4cc681b24196e76b9032 || name | swift > || tenantId | 7e9b8a64252340c2ba4dd292acf18e80 > |+----------+----------------------------------+ > > *Tenant-list in Keystone:* > > $ keystone > tenant-list+----------------------------------+---------+---------+| > id | name | enabled > |+----------------------------------+---------+---------+| > 539749c631044f64be5f29066ae486c4 | demo | True || > 6140b18239284cce8b51305649dbb792 | admin | True || > 7e9b8a64252340c2ba4dd292acf18e80 | service | True > |+----------------------------------+---------+---------+ > > *Role-list in Keystone:* > > $ keystone role-list+----------------------------------+-------+| > id | name |+----------------------------------+-------+| > 6d64ff8265d6404983d774e34159dcd5 | admin > |+----------------------------------+-------+ > > *Service-list in keystone* > > $ keystone > service-list+----------------------------------+----------+--------------+------------------+| > id | name | type | description > > |+----------------------------------+----------+--------------+------------------+| > 0b2248b31e37499192d4e3cdf4288223 | keystone | identity | Identity > Service || 5ef2c32abd274473ab8b42f480feeb72 | swift | object-store | Swift > Service > |+----------------------------------+----------+--------------+------------------+ > > *Endpoint-list in Keystone:* > > $ keystone > endpoint-list+----------------------------------+-----------+------------------------------------------------+------------------------------------------------+--------------------------------+| > id | region | publicurl > | internalurl | > adminurl > |+----------------------------------+-----------+------------------------------------------------+------------------------------------------------+--------------------------------+| > 46600a4c54a94eee881e9a4a2c648b8b | RegionOne | > http://10.173.0.165:8888/v1/AUTH_%(tenant_id)s | > http://10.173.0.165:8888/v1/AUTH_%(tenant_id)s | http://10.173.0! > .165:8888/ > v1 <http://10.173.0.165:8888/v1> || 660c5babbe7746d485d31d85353ab1b8 | > RegionOne | http://10.173.0.165.:5000/v2.0 | > http://10.173.0.165:5000/v2.0 | > http://10.173.0.165:35357/v2.0 > |+----------------------------------+-----------+------------------------------------------------+------------------------------------------------+--------------------------------+ > > */etc/swift/proxy-server.conf on Swift proxy:* > > [DEFAULT] > cert_file = /etc/swift/cert.crt > key_file = /etc/swift/cert.key > bind_port = 8080 > workers = 8 > user = swift > [pipeline:main] > pipeline = healthcheck proxy-logging cache authtoken keystoneauth > proxy-logging proxy-server > [app:proxy-server]use = egg:swift#proxy > allow_account_management = true > account_autocreate = true > [filter:proxy-logging]use = egg:swift#proxy_logging > [filter:tempauth]use = egg:swift#tempauth > user_system_root = testpass .admin > [filter:healthcheck]use = egg:swift#healthcheck > [filter:cache]use = egg:swift#memcache > memcache_servers = 10.173.0.66:11211 > [filter:authtoken] > paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory > auth_host = 10.173.0.165 > auth_port = 35357 > auth_protocol = http > auth_uri = http://10.173.0.165:5000/ > admin_tenant_name = service > admin_user = swift > admin_password = password > cache = swift.cache > include_service_catalog = True > [filter:keystoneauth]use = egg:swift#keystoneauth > operator_roles = admin, swiftoperator > > *Test command:* > > export OS_AUTH_URL=http://10.173.0.165:5000/v2.0export > OS_USERNAME=swiftexport OS_PASSWORD=password > swift -V 2 stat > > *Command output:* > > raise exceptions.EmptyCatalog('The service catalog is empty.') > keystoneclient.exceptions.EmptyCatalog: The service catalog is empty. > > Other commands I've tried include: > > swift -A https://$PROXY_LOCAL_NET_IP:8080/auth/v2 -U ! > service:sw > ift -K password stat > > *...which also fail for other reasons...* > > Auth GET failed: https://10.173.0.66:8080/auth/v2 401 Unauthorized > > Thoughts? I'm stumped. > > * Adam Lawson* > AQORN, Inc. > 427 North Tatnall Street > Ste. 58461 > Wilmington, Delaware 19801-2230 > Toll-free: (888) 406-7620 > > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : [email protected] > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : [email protected] > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
