[Openstack] grizzly swift keystone, http to 8080/8888 wont work
Dear List, i got stuck with a setup of openstack grizzly. This setup consists of: - swift proxy 1.0.8.1 - swift storage nodes 1.0.8.1 - keystone - ceilometer I kept browsing the web and reading openstack docs for days now and can't just get it working right. Because of openstacks diversity a wasn't able to find something really similar to my situation. The thing is, i changed swift-proxy from using swauth to keystone. Keystone and swift-proxy do interact all right as fare as i can say. What i can't get working is that simple webpage which gave the ability to log in as superuser, adding new user and so on. It is that webpart that connects to the proxy on port 8080, respectively port . Thx o lot for taking a look into this. Axel Theses are the browser urls i try: (delay_auth_decision = 1) http://the.swift.proxy:/auth/ bad url Apr 16 11:49:31 ns-proxy01 swift-proxy Calling Swift3 Middleware (txn: txcfde073b9ffe4f379da392056e2176de) Apr 16 11:49:31 ns-proxy01 swift-proxy {'headers': {'Accept-Language': 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate', 'Host': 'backend', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101 Firefox/20.0', 'Connection': 'close', 'Content-Type': None}, 'environ': {'SCRIPT_NAME': '', 'REQUEST_METHOD': 'GET', 'PATH_INFO': '/auth/', 'SERVER_PROTOCOL': 'HTTP/1.0', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101 Firefox/20.0', 'HTTP_CONNECTION': 'close', 'eventlet.posthooks': [], 'SERVER_NAME': '10.42.44.101', 'REMOTE_ADDR': '10.42.44.5', 'eventlet.input': eventlet.wsgi.Input object at 0x1d93f10, 'wsgi.url_scheme': 'http', 'SERVER_PORT': '', 'wsgi.input': swift.common.utils.InputProxy object at 0x2691050, 'HTTP_HOST': 'backend', 'swift.cache': swift.common.memcached.MemcacheRing object at 0x268a750, 'wsgi.multithread': True, 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once': False, 'wsgi.errors': swift.common.utils.LoggerFileObject object at 0x1656190, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE': 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'swift.trans_id': 'txcfde073b9ffe4f379da392056e2176de', 'CONTENT_TYPE': None, 'HTTP_ACCEPT_ENCODING': 'gzip, deflate'}} Apr 16 11:49:31 ns-proxy01 swift-proxy Authorizing as anonymous (txn: txcfde073b9ffe4f379da392056e2176de) Apr 16 11:49:31 ns-proxy01 swift-proxy 10.42.44.5 10.42.44.5 16/Apr/2013/09/49/31 GET /auth/ HTTP/1.0 412 - Mozilla/5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010.8%3B%20rv%3A20.0%29%20Gecko/20100101%20Firefox/20.0 - - 7 - txcfde073b9ffe4f379da392056e2176de - 0.0003 - (delay_auth_decision = 0) http://the.swift.proxy:/auth/ 401 Unauthorized Apr 16 11:56:35 ns-proxy01 swift-proxy Calling Swift3 Middleware (txn: tx508b08866bbc410399543d98cafa2856) Apr 16 11:56:35 ns-proxy01 swift-proxy {'headers': {'Accept-Language': 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate', 'Host': 'backend', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101 Firefox/20.0', 'Connection': 'close', 'Cache-Control': 'max-age=0', 'Content-Type': None}, 'environ': {'SCRIPT_NAME': '', 'REQUEST_METHOD': 'GET', 'PATH_INFO': '/auth/', 'SERVER_PROTOCOL': 'HTTP/1.0', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101 Firefox/20.0', 'HTTP_CONNECTION': 'close', 'eventlet.posthooks': [], 'SERVER_NAME': '10.42.44.101', 'REMOTE_ADDR': '10.42.44.5', 'eventlet.input': eventlet.wsgi.Input object at 0x1fa41d0, 'wsgi.url_scheme': 'http', 'SERVER_PORT': '', 'wsgi.input': swift.common.utils.InputProxy object at 0x1fa40d0, 'HTTP_HOST': 'backend', 'swift.cache': swift.common.memcached.MemcacheRing object at 0x288e750, 'wsgi.multithread': True, 'HTTP_CACHE_CONTROL': 'max-age=0', 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once': False, 'wsgi.errors': swift.common.utils.LoggerFileObject object at 0x185e190, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE': 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'swift.trans_id': 'tx508b08866bbc410399543d98cafa2856', 'CONTENT_TYPE': None, 'HTTP_ACCEPT_ENCODING': 'gzip, deflate'}} export OS_SERVICE_TOKEN=XXX export OS_SERVICE_ENDPOINT=http://10.42.44.101:35357/v2.0 root@ns-proxy01:/etc/swift# swift -V 2.0 -A http://10.42.44.101:5000/v2.0 -U admin -K XXX stat Account: AUTH_c2dc53651a73430db9e0551fca4200de Containers: 4354 Objects: 2622 Bytes: 114207 Accept-Ranges: bytes X-Timestamp: 1365601461.87732 X-Trans-Id: txa6273bb374d5468da6e4b6ad48929762 Content-Type: text/plain; charset=utf-8 root@ns-proxy01:/etc/swift# keystone --debug user-list
Re: [Openstack] grizzly swift keystone, http to 8080/8888 wont work
Hi, I'm not sure to understand exactly your issue but since your setup includes ceilometer, I can just give you a hint for the ceilometer/swift integration. You have to create a 'ResellerAdmin' role and assign that role to your ceilometer user. Alternatively you can define the 'reseller_admin_role' parameter (default value=ResellerAdmin) in the [filter:authtoken] section of /etc/swift/proxy-server.conf. Cheers, Simon Le 16/04/2013 12:04, Axel Christiansen a écrit : Dear List, i got stuck with a setup of openstack grizzly. This setup consists of: - swift proxy 1.0.8.1 - swift storage nodes 1.0.8.1 - keystone - ceilometer I kept browsing the web and reading openstack docs for days now and can't just get it working right. Because of openstacks diversity a wasn't able to find something really similar to my situation. The thing is, i changed swift-proxy from using swauth to keystone. Keystone and swift-proxy do interact all right as fare as i can say. What i can't get working is that simple webpage which gave the ability to log in as superuser, adding new user and so on. It is that webpart that connects to the proxy on port 8080, respectively port . Thx o lot for taking a look into this. Axel Theses are the browser urls i try: (delay_auth_decision = 1) http://the.swift.proxy:/auth/ bad url Apr 16 11:49:31 ns-proxy01 swift-proxy Calling Swift3 Middleware (txn: txcfde073b9ffe4f379da392056e2176de) Apr 16 11:49:31 ns-proxy01 swift-proxy {'headers': {'Accept-Language': 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate', 'Host': 'backend', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101 Firefox/20.0', 'Connection': 'close', 'Content-Type': None}, 'environ': {'SCRIPT_NAME': '', 'REQUEST_METHOD': 'GET', 'PATH_INFO': '/auth/', 'SERVER_PROTOCOL': 'HTTP/1.0', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101 Firefox/20.0', 'HTTP_CONNECTION': 'close', 'eventlet.posthooks': [], 'SERVER_NAME': '10.42.44.101', 'REMOTE_ADDR': '10.42.44.5', 'eventlet.input': eventlet.wsgi.Input object at 0x1d93f10, 'wsgi.url_scheme': 'http', 'SERVER_PORT': '', 'wsgi.input': swift.common.utils.InputProxy object at 0x2691050, 'HTTP_HOST': 'backend', 'swift.cache': swift.common.memcached.MemcacheRing object at 0x268a750, 'wsgi.multithread': True, 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once': False, 'wsgi.errors': swift.common.utils.LoggerFileObject object at 0x1656190, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE': 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'swift.trans_id': 'txcfde073b9ffe4f379da392056e2176de', 'CONTENT_TYPE': None, 'HTTP_ACCEPT_ENCODING': 'gzip, deflate'}} Apr 16 11:49:31 ns-proxy01 swift-proxy Authorizing as anonymous (txn: txcfde073b9ffe4f379da392056e2176de) Apr 16 11:49:31 ns-proxy01 swift-proxy 10.42.44.5 10.42.44.5 16/Apr/2013/09/49/31 GET /auth/ HTTP/1.0 412 - Mozilla/5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010.8%3B%20rv%3A20.0%29%20Gecko/20100101%20Firefox/20.0 - - 7 - txcfde073b9ffe4f379da392056e2176de - 0.0003 - (delay_auth_decision = 0) http://the.swift.proxy:/auth/ 401 Unauthorized Apr 16 11:56:35 ns-proxy01 swift-proxy Calling Swift3 Middleware (txn: tx508b08866bbc410399543d98cafa2856) Apr 16 11:56:35 ns-proxy01 swift-proxy {'headers': {'Accept-Language': 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate', 'Host': 'backend', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101 Firefox/20.0', 'Connection': 'close', 'Cache-Control': 'max-age=0', 'Content-Type': None}, 'environ': {'SCRIPT_NAME': '', 'REQUEST_METHOD': 'GET', 'PATH_INFO': '/auth/', 'SERVER_PROTOCOL': 'HTTP/1.0', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101 Firefox/20.0', 'HTTP_CONNECTION': 'close', 'eventlet.posthooks': [], 'SERVER_NAME': '10.42.44.101', 'REMOTE_ADDR': '10.42.44.5', 'eventlet.input': eventlet.wsgi.Input object at 0x1fa41d0, 'wsgi.url_scheme': 'http', 'SERVER_PORT': '', 'wsgi.input': swift.common.utils.InputProxy object at 0x1fa40d0, 'HTTP_HOST': 'backend', 'swift.cache': swift.common.memcached.MemcacheRing object at 0x288e750, 'wsgi.multithread': True, 'HTTP_CACHE_CONTROL': 'max-age=0', 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once': False, 'wsgi.errors': swift.common.utils.LoggerFileObject object at 0x185e190, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE': 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'swift.trans_id': 'tx508b08866bbc410399543d98cafa2856', 'CONTENT_TYPE': None, 'HTTP_ACCEPT_ENCODING': 'gzip, deflate'}} export
Re: [Openstack] grizzly swift keystone, http to 8080/8888 wont work
Thanks for your quick reply, Simon, The role ResellerAdmin does exists and looks good, does it? root@ns-proxy01:/etc/swift# keystone user-get ceilometer +--+--+ | Property | Value | +--+--+ | email | | | enabled | True | |id| cde44fe9c6d446da99ea370b88ec7d63 | | name |ceilometer| | tenantId | 054ca85bca2e44c29cf4730e1450517f | +--+--+ root@ns-proxy01:/etc/swift# keystone user-role-list --user-id cde44fe9c6d446da99ea370b88ec7d63 --tenant-id 054ca85bca2e44c29cf4730e1450517f +--+---+--+--+ |id| name | user_id |tenant_id | +--+---+--+--+ | c2df2bc0fd6f404794565f10cc0e5e7a | ResellerAdmin | cde44fe9c6d446da99ea370b88ec7d63 | 054ca85bca2e44c29cf4730e1450517f | | 9fe2ff9ee4384b1894a90878d3e92bab |_member_ | cde44fe9c6d446da99ea370b88ec7d63 | 054ca85bca2e44c29cf4730e1450517f | +--+---+--+--+ And i can see ceilometer log entrys, counting bytes. So that looks good. My issue it, that with the old swauth setup there was a real simple web based user manager. surfing to http://my.swift.proxy:/auth/; was the entry url to this sort of user manager. But now, after the change to keystone, i get http result codes like 412 or 401. Since i inherit this setup i even do not know for sure if this swift-user-manager it actually a part of swift. i believe so. Can please one confirm which urls do work on swift-proxy http port 8080/ (proxy-server.conf - [DEFAULT] - bind_port). Should /auth/ return a page? Thank you. Axel Am 16.04.13 12:41, schrieb Simon Pasquier: Hi, I'm not sure to understand exactly your issue but since your setup includes ceilometer, I can just give you a hint for the ceilometer/swift integration. You have to create a 'ResellerAdmin' role and assign that role to your ceilometer user. Alternatively you can define the 'reseller_admin_role' parameter (default value=ResellerAdmin) in the [filter:authtoken] section of /etc/swift/proxy-server.conf. Cheers, Simon Le 16/04/2013 12:04, Axel Christiansen a écrit : Dear List, i got stuck with a setup of openstack grizzly. This setup consists of: - swift proxy 1.0.8.1 - swift storage nodes 1.0.8.1 - keystone - ceilometer I kept browsing the web and reading openstack docs for days now and can't just get it working right. Because of openstacks diversity a wasn't able to find something really similar to my situation. The thing is, i changed swift-proxy from using swauth to keystone. Keystone and swift-proxy do interact all right as fare as i can say. What i can't get working is that simple webpage which gave the ability to log in as superuser, adding new user and so on. It is that webpart that connects to the proxy on port 8080, respectively port . Thx o lot for taking a look into this. Axel Theses are the browser urls i try: (delay_auth_decision = 1) http://the.swift.proxy:/auth/ bad url Apr 16 11:49:31 ns-proxy01 swift-proxy Calling Swift3 Middleware (txn: txcfde073b9ffe4f379da392056e2176de) Apr 16 11:49:31 ns-proxy01 swift-proxy {'headers': {'Accept-Language': 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate', 'Host': 'backend', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101 Firefox/20.0', 'Connection': 'close', 'Content-Type': None}, 'environ': {'SCRIPT_NAME': '', 'REQUEST_METHOD': 'GET', 'PATH_INFO': '/auth/', 'SERVER_PROTOCOL': 'HTTP/1.0', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101 Firefox/20.0', 'HTTP_CONNECTION': 'close', 'eventlet.posthooks': [], 'SERVER_NAME': '10.42.44.101', 'REMOTE_ADDR': '10.42.44.5', 'eventlet.input': eventlet.wsgi.Input object at 0x1d93f10, 'wsgi.url_scheme': 'http', 'SERVER_PORT': '', 'wsgi.input': swift.common.utils.InputProxy object at 0x2691050, 'HTTP_HOST': 'backend', 'swift.cache': swift.common.memcached.MemcacheRing object at 0x268a750, 'wsgi.multithread': True, 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once': False, 'wsgi.errors': swift.common.utils.LoggerFileObject object at 0x1656190, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE': 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3',
Re: [Openstack] grizzly swift keystone, http to 8080/8888 wont work
The mystery seems solved. There it a webadmin for swauth. https://github.com/gholt/swauth#web-admin-install Does there exists is similar thing for keystone? Regards, Axel Am 16.04.13 14:53, schrieb Axel Christiansen: Thanks for your quick reply, Simon, The role ResellerAdmin does exists and looks good, does it? root@ns-proxy01:/etc/swift# keystone user-get ceilometer +--+--+ | Property | Value | +--+--+ | email | | | enabled | True | |id| cde44fe9c6d446da99ea370b88ec7d63 | | name |ceilometer| | tenantId | 054ca85bca2e44c29cf4730e1450517f | +--+--+ root@ns-proxy01:/etc/swift# keystone user-role-list --user-id cde44fe9c6d446da99ea370b88ec7d63 --tenant-id 054ca85bca2e44c29cf4730e1450517f +--+---+--+--+ |id| name | user_id |tenant_id | +--+---+--+--+ | c2df2bc0fd6f404794565f10cc0e5e7a | ResellerAdmin | cde44fe9c6d446da99ea370b88ec7d63 | 054ca85bca2e44c29cf4730e1450517f | | 9fe2ff9ee4384b1894a90878d3e92bab |_member_ | cde44fe9c6d446da99ea370b88ec7d63 | 054ca85bca2e44c29cf4730e1450517f | +--+---+--+--+ And i can see ceilometer log entrys, counting bytes. So that looks good. My issue it, that with the old swauth setup there was a real simple web based user manager. surfing to http://my.swift.proxy:/auth/; was the entry url to this sort of user manager. But now, after the change to keystone, i get http result codes like 412 or 401. Since i inherit this setup i even do not know for sure if this swift-user-manager it actually a part of swift. i believe so. Can please one confirm which urls do work on swift-proxy http port 8080/ (proxy-server.conf - [DEFAULT] - bind_port). Should /auth/ return a page? Thank you. Axel Am 16.04.13 12:41, schrieb Simon Pasquier: Hi, I'm not sure to understand exactly your issue but since your setup includes ceilometer, I can just give you a hint for the ceilometer/swift integration. You have to create a 'ResellerAdmin' role and assign that role to your ceilometer user. Alternatively you can define the 'reseller_admin_role' parameter (default value=ResellerAdmin) in the [filter:authtoken] section of /etc/swift/proxy-server.conf. Cheers, Simon Le 16/04/2013 12:04, Axel Christiansen a écrit : Dear List, i got stuck with a setup of openstack grizzly. This setup consists of: - swift proxy 1.0.8.1 - swift storage nodes 1.0.8.1 - keystone - ceilometer I kept browsing the web and reading openstack docs for days now and can't just get it working right. Because of openstacks diversity a wasn't able to find something really similar to my situation. The thing is, i changed swift-proxy from using swauth to keystone. Keystone and swift-proxy do interact all right as fare as i can say. What i can't get working is that simple webpage which gave the ability to log in as superuser, adding new user and so on. It is that webpart that connects to the proxy on port 8080, respectively port . Thx o lot for taking a look into this. Axel Theses are the browser urls i try: (delay_auth_decision = 1) http://the.swift.proxy:/auth/ bad url Apr 16 11:49:31 ns-proxy01 swift-proxy Calling Swift3 Middleware (txn: txcfde073b9ffe4f379da392056e2176de) Apr 16 11:49:31 ns-proxy01 swift-proxy {'headers': {'Accept-Language': 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate', 'Host': 'backend', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101 Firefox/20.0', 'Connection': 'close', 'Content-Type': None}, 'environ': {'SCRIPT_NAME': '', 'REQUEST_METHOD': 'GET', 'PATH_INFO': '/auth/', 'SERVER_PROTOCOL': 'HTTP/1.0', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101 Firefox/20.0', 'HTTP_CONNECTION': 'close', 'eventlet.posthooks': [], 'SERVER_NAME': '10.42.44.101', 'REMOTE_ADDR': '10.42.44.5', 'eventlet.input': eventlet.wsgi.Input object at 0x1d93f10, 'wsgi.url_scheme': 'http', 'SERVER_PORT': '', 'wsgi.input': swift.common.utils.InputProxy object at 0x2691050, 'HTTP_HOST': 'backend', 'swift.cache': swift.common.memcached.MemcacheRing object at 0x268a750, 'wsgi.multithread': True, 'HTTP_ACCEPT':