Re: [Openstack] Struggling to get the s3 api interface to work with swift.

Wed, 30 May 2018 07:20:01 -0700

Hi Shyam,

No problem. The output of the commands is attached.

And my test cluster is on Swift v2.15.1 with Swift3 v1.12

Also, here is the common process when I'm creating an S3 credential and using in s3curl. Hope it helps.

1. Create a user and a project, and assign a proper role.

openstack project create testproject
openstack user create testuser --password 123
openstack role add --project testproject --user testuser _member_

2. Check accessibility to swift

create a test-openrc file with above info
source test-openrc
swift list

3.Create a credential

openstack credential create --type ec2 --project testproject testuser  '{"access": "testaccess", "secret": "testsecret"}'

4. Use it in s3curl

add the endpoint url to `my @endpoints` in s3curl.pl
add the credential to .s3curl config file

do `s3curl.pl -i cred_name --debug -- http://endpoint -X GET`


[root@yuxin ~]# source admin_openrc
[root@yuxin ~]# openstack credential list
+------------------------------------------------------------------+------+----------------------------------+----------------------------------------------------------+----------------------------------+
| ID                                                               | Type | 
User ID                          | Data                                         
            | Project ID                       |
+------------------------------------------------------------------+------+----------------------------------+----------------------------------------------------------+----------------------------------+
| 46ed9bf036c0235deb16d6043a07e4c41712d5b7c1509fe62acbbcbfd7fb6a27 | ec2  | 
f925686c23164b159fa8e50fea56a779 | {"access": "testalt", "secret": 
"testsecret"} | 9fa44d783eda4716a3553dcff577658b |
| 6410886953a4c46ed9bf036c0235deb0ee42df222fd21b1e79bad1e0ff7b027e | ec2  | 
56a77946146c4297a73ccfe7c51dba2b | {"access": "wyxak", "secret": "wyxsk"}       
            | 5646628e280043b9a6a1c3dd5dcbb48e |
+------------------------------------------------------------------+------+----------------------------------+----------------------------------------------------------+----------------------------------+
[root@yuxin ~]# openstack ec2 credentials list

[root@yuxin ~]# swift info
Core: swift
 Options:
  account_autocreate: True
  account_listing_limit: 10000
  allow_account_management: True
  container_listing_limit: 10000
  extra_header_count: 0
  max_account_name_length: 256
  max_container_name_length: 256
  max_file_size: 5368709122
  max_header_size: 8192
  max_meta_count: 90
  max_meta_name_length: 128
  max_meta_overall_size: 4096
  max_meta_value_length: 256
  max_object_name_length: 1024
  policies: [{u'name': u'Policy-0', u'aliases': u'Policy-0, yellow, orange'}, 
{u'name': u'region-1', u'aliases': u'region-1'}, {u'name': u'component1-01', 
u'aliases': u'component1-01'}, {u'name': u'component1-02', u'aliases': 
u'component1-02'}, {u'name': u'composite1', u'aliases': u'composite1'}, 
{u'name': u'ec-component1', u'aliases': u'ec-component1'}, {u'name': 
u'ec-component2', u'aliases': u'ec-component2'}, {u'name': u'ec-composite', 
u'aliases': u'ec-composite'}, {u'name': u'replica-component2-1', u'aliases': 
u'replica-component2-1'}, {u'name': u'replica-component2-2', u'aliases': 
u'replica-component2-2'}, {u'name': u'replica-composite2', u'aliases': 
u'replica-composite2'}, {u'name': u'replica-2-11', u'aliases': 
u'replica-2-11'}, {u'name': u'replica-2-12', u'aliases': u'replica-2-12'}, 
{u'name': u'replica-2x2-13', u'aliases': u'replica-2x2-13'}, {u'name': 
u'ec42x2', u'aliases': u'ec42x2'}, {u'name': u'ppt', u'aliases': u'ppt, ec'}, 
{u'name': u'test992', u'aliases': u'test992'}, {u'default': True, u'name': 
u'105-local', u'aliases': u'105-local'}, {u'name': u'replica36', u'aliases': 
u'replica36'}, {u'name': u'replica38', u'aliases': u'replica38'}, {u'name': 
u'replica37', u'aliases': u'replica37'}]
  strict_cors_mode: True
  version: 2.15.1
Additional middleware: account_quotas
Additional middleware: bulk_delete
 Options:
  max_deletes_per_request: 10000
  max_failed_deletes: 1000
Additional middleware: bulk_upload
 Options:
  max_containers_per_extraction: 10000
  max_failed_extractions: 1000
Additional middleware: container_quotas
Additional middleware: container_sync
 Options:
  realms: {}
Additional middleware: formpost
Additional middleware: ratelimit
 Options:
  account_ratelimit: 0.0
  container_listing_ratelimits: []
  container_ratelimits: []
  max_sleep_time_seconds: 60.0
Additional middleware: slo
 Options:
  max_manifest_segments: 1000
  max_manifest_size: 2097152
  min_segment_size: 1
Additional middleware: swift3
 Options:
  allow_multipart_uploads: True
  max_bucket_listing: 1000
  max_multi_delete_objects: 1000
  max_parts_listing: 1000
  max_upload_part_num: 1000
  version: 1.12.0
Additional middleware: tempurl
 Options:
  incoming_allow_headers: []
  incoming_remove_headers: [u'x-timestamp']
  methods: [u'GET', u'HEAD', u'PUT', u'POST', u'DELETE']
  outgoing_allow_headers: [u'x-object-meta-public-*']
  outgoing_remove_headers: [u'x-object-meta-*']
Additional middleware: versioned_writes
 Options:
  allowed_flags: [u'x-versions-location', u'x-history-location']

[root@yuxin ~]# cat /etc/swift/proxy-server.conf  | grep -v '^#' | grep -v '^$'
[DEFAULT]
bind_port = 8080
swift_dir = /etc/swift
user = swift
workers = 0
[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache 
container_sync bulk formpost tempurl ratelimit authtoken swift3 s3token 
keystoneauth container-quotas account-quotas slo dlo versioned_writes 
proxy-logging proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true
[proxy-server:policy:14]
sorting_method = affinity
read_affinity = r1=100, r2=200
[filter:swift3]
use = egg:swift3#swift3
set log_name = swift3
set log_facility = LOG_LOCAL0
set log_level = DEBUG
location = US
dns_compliant_bucket_names = false
check_bucket_owner = true
min_segment_size = 5242880
[filter:s3token]
use = egg:swift3#s3token
auth_uri = http://192.168.2.105:35357/
auth_version = 3
[filter:copy]
use = egg:swift#copy
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = http://127.0.0.1:5000
auth_url = http://127.0.0.1:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = xxx
password = xxx
delay_auth_decision = True
memcached_servers = 127.0.0.1:11211
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin, swiftoperator
reseller_admin_role = ResellerAdmin
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:cache]
use = egg:swift#memcache
memcache_servers = 192.168.2.105:11211
[filter:ratelimit]
use = egg:swift#ratelimit
[filter:domain_remap]
use = egg:swift#domain_remap
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:cname_lookup]
use = egg:swift#cname_lookup
[filter:staticweb]
use = egg:swift#staticweb
[filter:tempurl]
use = egg:swift#tempurl
[filter:formpost]
use = egg:swift#formpost
[filter:name_check]
use = egg:swift#name_check
[filter:list-endpoints]
use = egg:swift#list_endpoints
[filter:proxy-logging]
use = egg:swift#proxy_logging
[filter:bulk]
use = egg:swift#bulk
[filter:slo]
use = egg:swift#slo
[filter:dlo]
use = egg:swift#dlo
[filter:container-quotas]
use = egg:swift#container_quotas
[filter:account-quotas]
use = egg:swift#account_quotas
[filter:gatekeeper]
use = egg:swift#gatekeeper
[filter:container_sync]
use = egg:swift#container_sync
[filter:xprofile]
use = egg:swift#xprofile
[filter:versioned_writes]
use = egg:swift#versioned_writes
allow_versioned_writes = true

在 2018年5月25日,18:17,Shyam Prasad N <nspmangal...@gmail.com> 写道:

Hi Yuxin,

If you don't mind, can you share the output of the following commands in your running swift3 setup?

openstack credential list
openstack ec2 credentials list
cat /etc/swift/proxy-server.conf

Also, what are the access keys and secret keys that you use?
I want to make sure that I'm not missing anything in configuration.

Regards,
Shyam

On Fri, May 25, 2018 at 3:05 PM, Shyam Prasad N <nspmangal...@gmail.com> wrote:
Tried that. Unfortunately same error. 
Is there anything I can do to troubleshoot this?

On Fri, May 25, 2018 at 2:56 PM, Yuxin Wang <wang.yu...@ostorage.com.cn> wrote:
They can be any strings.

Replace them with whatever you want.

- Yuxin

在 2018年5月25日,14:57,Shyam Prasad N <nspmangal...@gmail.com> 写道:

Thanks. I'll try this. 
But what values do I use in place of ak and sk? I want to use some command to get those values, right?

On Fri, May 25, 2018 at 9:52 AM, Yuxin Wang <wang.yu...@ostorage.com.cn> wrote:
I created ec2 credentials using command `openstack credential create`.

i.e.

openstack credential create --type ec2 --project proj user '{"access": "ak", "secret": "sk”}'


It seems the two credentials are not the same thing.

Ref:


在 2018年5月25日,10:32,Shyam Prasad N <nspmangal...@gmail.com> 写道:

Yes, I did.
I don't think this is s3curl related issue, because I tried with python AWS SDK, and got the same error. 

On Fri, May 25, 2018, 07:42 Yuxin Wang <wang.yu...@ostorage.com.cn> wrote:
Did you add 127.0.0.1 to the endpoint list in s3curl.pl?

i.e.

my @endpoints = (‘127.0.0.1’);

在 2018年5月24日,19:48,Shyam Prasad N <nspmangal...@gmail.com> 写道:

Hi,

I've been trying to get swift3 to work for several days now. But I haven't managed to get it running. 
Both with tempauth and keystoneauth, I'm getting the same error:

eightkpc@objectstore1:~/s3curl$ ./s3curl.pl --id=testerks -- http://127.0.0.1:8080/
<?xml version='1.0' encoding='UTF-8'?>
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><RequestId>txa691e7ca97a44d56bc4c2-005b06a292</RequestId></Error>

May 24 11:31:30 localhost proxy-server: 127.0.0.1 127.0.0.1 24/May/2018/11/31/30 GET / HTTP/1.0 403 - curl/7.58.0 - - 277 - txa691e7ca97a44d56bc4c2-005b06a292 - 0.0200 - - 1527161490.543112040 1527161490.563107014 -
May 24 11:31:30 localhost proxy-server: STDERR: 127.0.0.1 - - [24/May/2018 11:31:30] "GET / HTTP/1.1" 403 621 0.021979 (txn: txa691e7ca97a44d56bc4c2-005b06a292)

eightkpc@objectstore1:~$ cat .s3curl 
%awsSecretAccessKeys = (
    tester => {
        id => 'test:tester',
        key => 'testing',
    },
    testerks => {
        id => 'e6289a1b5692461388d0597a4873d054',
        key => '88bb706887094696b082f008ba133ad7',
    },
);

eightkpc@objectstore1:~$ openstack ec2 credentials show e6289a1b5692461388d0597a4873d054
+------------+------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                              |
+------------+------------------------------------------------------------------------------------------------------------------------------------+
| access     | e6289a1b5692461388d0597a4873d054                                                                                                   |
| links      | {u'self': u'http://controller:5000/v3/users/d7df7b56343b4ea988869fc30efeda09/credentials/OS-EC2/e6289a1b5692461388d0597a4873d054'} |
| project_id | dc86f7d8787b46158268bd77098b6578                                                                                                   |
| secret     | 88bb706887094696b082f008ba133ad7                                                                                                   |
| trust_id   | None                                                                                                                               |
| user_id    | d7df7b56343b4ea988869fc30efeda09                                                                                                   |
+------------+------------------------------------------------------------------------------------------------------------------------------------+

Can someone please let me know what is going on?

Regards,
Shyam
<proxy-server.conf>_______________________________________________
Mailing list: https://eur03.safelinks.protection.outlook.com/?url="" class="">2F%2Flists.openstack.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fopenstack&data="" class="">39742b8c6bf847ee381508d5c16d1b21%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636627596701206160&sdata=KI%2F2T2FhVQJTeX1KbIObDZVDiUA3SbTq6Pplo1bc7ak%3D&reserved=0
Post to     : openstack@lists.openstack.org
Unsubscribe : https://eur03.safelinks.protection.outlook.com/?url="" class="">2F%2Flists.openstack.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fopenstack&data="" class="">39742b8c6bf847ee381508d5c16d1b21%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636627596701206160&sdata=KI%2F2T2FhVQJTeX1KbIObDZVDiUA3SbTq6Pplo1bc7ak%3D&reserved=0





-- 
-Shyam
_______________________________________________
Mailing list: https://nam05.safelinks.protection.outlook.com/?url="" class="">2F%2Flists.openstack.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fopenstack&data="" class="">Cc6d4af73a0fd4208f9ac08d5c20f0a30%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636628292198347486&sdata=tGhHmhX%2By9RVFjl%2B31%2BVgRiN1mD%2Fc%2B7QLiImlGnCv98%3D&reserved=0
Post to     : openstack@lists.openstack.org
Unsubscribe : https://nam05.safelinks.protection.outlook.com/?url="" class="">2F%2Flists.openstack.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fopenstack&data="" class="">Cc6d4af73a0fd4208f9ac08d5c20f0a30%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636628292198347486&sdata=tGhHmhX%2By9RVFjl%2B31%2BVgRiN1mD%2Fc%2B7QLiImlGnCv98%3D&reserved=0




-- 
-Shyam



-- 
-Shyam
_______________________________________________
Mailing list: https://nam05.safelinks.protection.outlook.com/?url="">
Post to     : openstack@lists.openstack.org
Unsubscribe : https://nam05.safelinks.protection.outlook.com/?url="">

_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Reply via email to