[Openstack] grizzly swift keystone, http to 8080/8888 wont work

2013-04-16 Thread Axel Christiansen 
Dear List,


i got stuck with a setup of openstack grizzly. This setup consists of:

- swift proxy 1.0.8.1
- swift storage nodes 1.0.8.1
- keystone
- ceilometer


I kept browsing the web and reading openstack docs for days now and
can't just get it working right. Because of openstacks diversity a
wasn't able to find something really similar to my situation.


The thing is, i changed swift-proxy from using swauth to keystone.
Keystone and swift-proxy do interact all right as fare as i can say.
What i can't get working is that simple webpage which gave the ability
to log in as superuser, adding new user and so on. It is that webpart
that connects to the proxy on port 8080, respectively port .


Thx o lot for taking a look into this.
Axel




Theses are the browser urls i try:

(delay_auth_decision = 1)
http://the.swift.proxy:/auth/
bad url
Apr 16 11:49:31 ns-proxy01 swift-proxy Calling Swift3 Middleware (txn:
txcfde073b9ffe4f379da392056e2176de)
Apr 16 11:49:31 ns-proxy01 swift-proxy {'headers': {'Accept-Language':
'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip,
deflate', 'Host': 'backend', 'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0)
Gecko/20100101 Firefox/20.0', 'Connection': 'close', 'Content-Type':
None}, 'environ': {'SCRIPT_NAME': '', 'REQUEST_METHOD': 'GET',
'PATH_INFO': '/auth/', 'SERVER_PROTOCOL': 'HTTP/1.0', 'HTTP_USER_AGENT':
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101
Firefox/20.0', 'HTTP_CONNECTION': 'close', 'eventlet.posthooks': [],
'SERVER_NAME': '10.42.44.101', 'REMOTE_ADDR': '10.42.44.5',
'eventlet.input': eventlet.wsgi.Input object at 0x1d93f10,
'wsgi.url_scheme': 'http', 'SERVER_PORT': '', 'wsgi.input':
swift.common.utils.InputProxy object at 0x2691050, 'HTTP_HOST':
'backend', 'swift.cache': swift.common.memcached.MemcacheRing object at
0x268a750, 'wsgi.multithread': True, 'HTTP_ACCEPT':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once':
False, 'wsgi.errors': swift.common.utils.LoggerFileObject object at
0x1656190, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE':
'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'swift.trans_id':
'txcfde073b9ffe4f379da392056e2176de', 'CONTENT_TYPE': None,
'HTTP_ACCEPT_ENCODING': 'gzip, deflate'}}
Apr 16 11:49:31 ns-proxy01 swift-proxy Authorizing as anonymous (txn:
txcfde073b9ffe4f379da392056e2176de)
Apr 16 11:49:31 ns-proxy01 swift-proxy 10.42.44.5 10.42.44.5
16/Apr/2013/09/49/31 GET /auth/ HTTP/1.0 412 -
Mozilla/5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010.8%3B%20rv%3A20.0%29%20Gecko/20100101%20Firefox/20.0
- - 7 - txcfde073b9ffe4f379da392056e2176de - 0.0003 -


(delay_auth_decision = 0)
http://the.swift.proxy:/auth/
401 Unauthorized
Apr 16 11:56:35 ns-proxy01 swift-proxy Calling Swift3 Middleware (txn:
tx508b08866bbc410399543d98cafa2856)
Apr 16 11:56:35 ns-proxy01 swift-proxy {'headers': {'Accept-Language':
'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip,
deflate', 'Host': 'backend', 'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0)
Gecko/20100101 Firefox/20.0', 'Connection': 'close', 'Cache-Control':
'max-age=0', 'Content-Type': None}, 'environ': {'SCRIPT_NAME': '',
'REQUEST_METHOD': 'GET', 'PATH_INFO': '/auth/', 'SERVER_PROTOCOL':
'HTTP/1.0', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X
10.8; rv:20.0) Gecko/20100101 Firefox/20.0', 'HTTP_CONNECTION': 'close',
'eventlet.posthooks': [], 'SERVER_NAME': '10.42.44.101', 'REMOTE_ADDR':
'10.42.44.5', 'eventlet.input': eventlet.wsgi.Input object at
0x1fa41d0, 'wsgi.url_scheme': 'http', 'SERVER_PORT': '',
'wsgi.input': swift.common.utils.InputProxy object at 0x1fa40d0,
'HTTP_HOST': 'backend', 'swift.cache':
swift.common.memcached.MemcacheRing object at 0x288e750,
'wsgi.multithread': True, 'HTTP_CACHE_CONTROL': 'max-age=0',
'HTTP_ACCEPT':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once':
False, 'wsgi.errors': swift.common.utils.LoggerFileObject object at
0x185e190, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE':
'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'swift.trans_id':
'tx508b08866bbc410399543d98cafa2856', 'CONTENT_TYPE': None,
'HTTP_ACCEPT_ENCODING': 'gzip, deflate'}}






export OS_SERVICE_TOKEN=XXX
export OS_SERVICE_ENDPOINT=http://10.42.44.101:35357/v2.0


root@ns-proxy01:/etc/swift# swift -V 2.0 -A
http://10.42.44.101:5000/v2.0 -U admin -K XXX stat
   Account: AUTH_c2dc53651a73430db9e0551fca4200de
Containers: 4354
   Objects: 2622
 Bytes: 114207
Accept-Ranges: bytes
X-Timestamp: 1365601461.87732
X-Trans-Id: txa6273bb374d5468da6e4b6ad48929762
Content-Type: text/plain; charset=utf-8





root@ns-proxy01:/etc/swift# keystone --debug user-list

Re: [Openstack] grizzly swift keystone, http to 8080/8888 wont work

2013-04-16 Thread Simon Pasquier 

Hi,
I'm not sure to understand exactly your issue but since your setup 
includes ceilometer, I can just give you a hint for the ceilometer/swift 
integration.
You have to create a 'ResellerAdmin' role and assign that role to your 
ceilometer user. Alternatively you can define the 'reseller_admin_role' 
parameter (default value=ResellerAdmin) in the [filter:authtoken] 
section of /etc/swift/proxy-server.conf.

Cheers,
Simon

Le 16/04/2013 12:04, Axel Christiansen a écrit :

Dear List,


i got stuck with a setup of openstack grizzly. This setup consists of:

- swift proxy 1.0.8.1
- swift storage nodes 1.0.8.1
- keystone
- ceilometer


I kept browsing the web and reading openstack docs for days now and
can't just get it working right. Because of openstacks diversity a
wasn't able to find something really similar to my situation.


The thing is, i changed swift-proxy from using swauth to keystone.
Keystone and swift-proxy do interact all right as fare as i can say.
What i can't get working is that simple webpage which gave the ability
to log in as superuser, adding new user and so on. It is that webpart
that connects to the proxy on port 8080, respectively port .


Thx o lot for taking a look into this.
Axel




Theses are the browser urls i try:

(delay_auth_decision = 1)
http://the.swift.proxy:/auth/
bad url
Apr 16 11:49:31 ns-proxy01 swift-proxy Calling Swift3 Middleware (txn:
txcfde073b9ffe4f379da392056e2176de)
Apr 16 11:49:31 ns-proxy01 swift-proxy {'headers': {'Accept-Language':
'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip,
deflate', 'Host': 'backend', 'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0)
Gecko/20100101 Firefox/20.0', 'Connection': 'close', 'Content-Type':
None}, 'environ': {'SCRIPT_NAME': '', 'REQUEST_METHOD': 'GET',
'PATH_INFO': '/auth/', 'SERVER_PROTOCOL': 'HTTP/1.0', 'HTTP_USER_AGENT':
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101
Firefox/20.0', 'HTTP_CONNECTION': 'close', 'eventlet.posthooks': [],
'SERVER_NAME': '10.42.44.101', 'REMOTE_ADDR': '10.42.44.5',
'eventlet.input': eventlet.wsgi.Input object at 0x1d93f10,
'wsgi.url_scheme': 'http', 'SERVER_PORT': '', 'wsgi.input':
swift.common.utils.InputProxy object at 0x2691050, 'HTTP_HOST':
'backend', 'swift.cache': swift.common.memcached.MemcacheRing object at
0x268a750, 'wsgi.multithread': True, 'HTTP_ACCEPT':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once':
False, 'wsgi.errors': swift.common.utils.LoggerFileObject object at
0x1656190, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE':
'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'swift.trans_id':
'txcfde073b9ffe4f379da392056e2176de', 'CONTENT_TYPE': None,
'HTTP_ACCEPT_ENCODING': 'gzip, deflate'}}
Apr 16 11:49:31 ns-proxy01 swift-proxy Authorizing as anonymous (txn:
txcfde073b9ffe4f379da392056e2176de)
Apr 16 11:49:31 ns-proxy01 swift-proxy 10.42.44.5 10.42.44.5
16/Apr/2013/09/49/31 GET /auth/ HTTP/1.0 412 -
Mozilla/5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010.8%3B%20rv%3A20.0%29%20Gecko/20100101%20Firefox/20.0
- - 7 - txcfde073b9ffe4f379da392056e2176de - 0.0003 -


(delay_auth_decision = 0)
http://the.swift.proxy:/auth/
401 Unauthorized
Apr 16 11:56:35 ns-proxy01 swift-proxy Calling Swift3 Middleware (txn:
tx508b08866bbc410399543d98cafa2856)
Apr 16 11:56:35 ns-proxy01 swift-proxy {'headers': {'Accept-Language':
'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip,
deflate', 'Host': 'backend', 'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0)
Gecko/20100101 Firefox/20.0', 'Connection': 'close', 'Cache-Control':
'max-age=0', 'Content-Type': None}, 'environ': {'SCRIPT_NAME': '',
'REQUEST_METHOD': 'GET', 'PATH_INFO': '/auth/', 'SERVER_PROTOCOL':
'HTTP/1.0', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X
10.8; rv:20.0) Gecko/20100101 Firefox/20.0', 'HTTP_CONNECTION': 'close',
'eventlet.posthooks': [], 'SERVER_NAME': '10.42.44.101', 'REMOTE_ADDR':
'10.42.44.5', 'eventlet.input': eventlet.wsgi.Input object at
0x1fa41d0, 'wsgi.url_scheme': 'http', 'SERVER_PORT': '',
'wsgi.input': swift.common.utils.InputProxy object at 0x1fa40d0,
'HTTP_HOST': 'backend', 'swift.cache':
swift.common.memcached.MemcacheRing object at 0x288e750,
'wsgi.multithread': True, 'HTTP_CACHE_CONTROL': 'max-age=0',
'HTTP_ACCEPT':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once':
False, 'wsgi.errors': swift.common.utils.LoggerFileObject object at
0x185e190, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE':
'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'swift.trans_id':
'tx508b08866bbc410399543d98cafa2856', 'CONTENT_TYPE': None,
'HTTP_ACCEPT_ENCODING': 'gzip, deflate'}}






export

Re: [Openstack] grizzly swift keystone, http to 8080/8888 wont work

2013-04-16 Thread Axel Christiansen 


Thanks for your quick reply, Simon,


The role ResellerAdmin does exists and looks good, does it?

root@ns-proxy01:/etc/swift# keystone user-get ceilometer
+--+--+
| Property |  Value   |
+--+--+
|  email   |  |
| enabled  |   True   |
|id| cde44fe9c6d446da99ea370b88ec7d63 |
|   name   |ceilometer|
| tenantId | 054ca85bca2e44c29cf4730e1450517f |
+--+--+
root@ns-proxy01:/etc/swift# keystone user-role-list --user-id
cde44fe9c6d446da99ea370b88ec7d63 --tenant-id
054ca85bca2e44c29cf4730e1450517f
+--+---+--+--+
|id|  name | user_id
 |tenant_id |
+--+---+--+--+
| c2df2bc0fd6f404794565f10cc0e5e7a | ResellerAdmin |
cde44fe9c6d446da99ea370b88ec7d63 | 054ca85bca2e44c29cf4730e1450517f |
| 9fe2ff9ee4384b1894a90878d3e92bab |_member_   |
cde44fe9c6d446da99ea370b88ec7d63 | 054ca85bca2e44c29cf4730e1450517f |
+--+---+--+--+

And i can see ceilometer log entrys, counting bytes. So that looks good.




My issue it, that with the old swauth setup there was a real simple web
based user manager.

surfing to http://my.swift.proxy:/auth/; was the entry url to this
sort of user manager. But now, after the change to keystone, i get http
result codes like 412 or 401.


Since i inherit this setup i even do not know for sure if this
swift-user-manager it actually a part of swift. i believe so.


Can please one confirm which urls do work on swift-proxy http port
8080/ (proxy-server.conf - [DEFAULT] - bind_port). Should /auth/
return a page?


Thank you. Axel




Am 16.04.13 12:41, schrieb Simon Pasquier:
 Hi,
 I'm not sure to understand exactly your issue but since your setup
 includes ceilometer, I can just give you a hint for the ceilometer/swift
 integration.
 You have to create a 'ResellerAdmin' role and assign that role to your
 ceilometer user. Alternatively you can define the 'reseller_admin_role'
 parameter (default value=ResellerAdmin) in the [filter:authtoken]
 section of /etc/swift/proxy-server.conf.
 Cheers,
 Simon
 
 Le 16/04/2013 12:04, Axel Christiansen a écrit :
 Dear List,


 i got stuck with a setup of openstack grizzly. This setup consists of:

 - swift proxy 1.0.8.1
 - swift storage nodes 1.0.8.1
 - keystone
 - ceilometer


 I kept browsing the web and reading openstack docs for days now and
 can't just get it working right. Because of openstacks diversity a
 wasn't able to find something really similar to my situation.


 The thing is, i changed swift-proxy from using swauth to keystone.
 Keystone and swift-proxy do interact all right as fare as i can say.
 What i can't get working is that simple webpage which gave the ability
 to log in as superuser, adding new user and so on. It is that webpart
 that connects to the proxy on port 8080, respectively port .


 Thx o lot for taking a look into this.
 Axel




 Theses are the browser urls i try:

 (delay_auth_decision = 1)
 http://the.swift.proxy:/auth/
 bad url
 Apr 16 11:49:31 ns-proxy01 swift-proxy Calling Swift3 Middleware (txn:
 txcfde073b9ffe4f379da392056e2176de)
 Apr 16 11:49:31 ns-proxy01 swift-proxy {'headers': {'Accept-Language':
 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip,
 deflate', 'Host': 'backend', 'Accept':
 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0)
 Gecko/20100101 Firefox/20.0', 'Connection': 'close', 'Content-Type':
 None}, 'environ': {'SCRIPT_NAME': '', 'REQUEST_METHOD': 'GET',
 'PATH_INFO': '/auth/', 'SERVER_PROTOCOL': 'HTTP/1.0', 'HTTP_USER_AGENT':
 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101
 Firefox/20.0', 'HTTP_CONNECTION': 'close', 'eventlet.posthooks': [],
 'SERVER_NAME': '10.42.44.101', 'REMOTE_ADDR': '10.42.44.5',
 'eventlet.input': eventlet.wsgi.Input object at 0x1d93f10,
 'wsgi.url_scheme': 'http', 'SERVER_PORT': '', 'wsgi.input':
 swift.common.utils.InputProxy object at 0x2691050, 'HTTP_HOST':
 'backend', 'swift.cache': swift.common.memcached.MemcacheRing object at
 0x268a750, 'wsgi.multithread': True, 'HTTP_ACCEPT':
 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
 'wsgi.version': (1, 0), 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.run_once':
 False, 'wsgi.errors': swift.common.utils.LoggerFileObject object at
 0x1656190, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE':
 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3',

Re: [Openstack] grizzly swift keystone, http to 8080/8888 wont work

2013-04-16 Thread Axel Christiansen 

The mystery seems solved. There it a webadmin for swauth.
https://github.com/gholt/swauth#web-admin-install


Does there exists is similar thing for keystone?


Regards, Axel



Am 16.04.13 14:53, schrieb Axel Christiansen:
 
 
 Thanks for your quick reply, Simon,
 
 
 The role ResellerAdmin does exists and looks good, does it?
 
 root@ns-proxy01:/etc/swift# keystone user-get ceilometer
 +--+--+
 | Property |  Value   |
 +--+--+
 |  email   |  |
 | enabled  |   True   |
 |id| cde44fe9c6d446da99ea370b88ec7d63 |
 |   name   |ceilometer|
 | tenantId | 054ca85bca2e44c29cf4730e1450517f |
 +--+--+
 root@ns-proxy01:/etc/swift# keystone user-role-list --user-id
 cde44fe9c6d446da99ea370b88ec7d63 --tenant-id
 054ca85bca2e44c29cf4730e1450517f
 +--+---+--+--+
 |id|  name | user_id
  |tenant_id |
 +--+---+--+--+
 | c2df2bc0fd6f404794565f10cc0e5e7a | ResellerAdmin |
 cde44fe9c6d446da99ea370b88ec7d63 | 054ca85bca2e44c29cf4730e1450517f |
 | 9fe2ff9ee4384b1894a90878d3e92bab |_member_   |
 cde44fe9c6d446da99ea370b88ec7d63 | 054ca85bca2e44c29cf4730e1450517f |
 +--+---+--+--+
 
 And i can see ceilometer log entrys, counting bytes. So that looks good.
 
 
 
 
 My issue it, that with the old swauth setup there was a real simple web
 based user manager.
 
 surfing to http://my.swift.proxy:/auth/; was the entry url to this
 sort of user manager. But now, after the change to keystone, i get http
 result codes like 412 or 401.
 
 
 Since i inherit this setup i even do not know for sure if this
 swift-user-manager it actually a part of swift. i believe so.
 
 
 Can please one confirm which urls do work on swift-proxy http port
 8080/ (proxy-server.conf - [DEFAULT] - bind_port). Should /auth/
 return a page?
 
 
 Thank you. Axel
 
 
 
 
 Am 16.04.13 12:41, schrieb Simon Pasquier:
 Hi,
 I'm not sure to understand exactly your issue but since your setup
 includes ceilometer, I can just give you a hint for the ceilometer/swift
 integration.
 You have to create a 'ResellerAdmin' role and assign that role to your
 ceilometer user. Alternatively you can define the 'reseller_admin_role'
 parameter (default value=ResellerAdmin) in the [filter:authtoken]
 section of /etc/swift/proxy-server.conf.
 Cheers,
 Simon

 Le 16/04/2013 12:04, Axel Christiansen a écrit :
 Dear List,


 i got stuck with a setup of openstack grizzly. This setup consists of:

 - swift proxy 1.0.8.1
 - swift storage nodes 1.0.8.1
 - keystone
 - ceilometer


 I kept browsing the web and reading openstack docs for days now and
 can't just get it working right. Because of openstacks diversity a
 wasn't able to find something really similar to my situation.


 The thing is, i changed swift-proxy from using swauth to keystone.
 Keystone and swift-proxy do interact all right as fare as i can say.
 What i can't get working is that simple webpage which gave the ability
 to log in as superuser, adding new user and so on. It is that webpart
 that connects to the proxy on port 8080, respectively port .


 Thx o lot for taking a look into this.
 Axel




 Theses are the browser urls i try:

 (delay_auth_decision = 1)
 http://the.swift.proxy:/auth/
 bad url
 Apr 16 11:49:31 ns-proxy01 swift-proxy Calling Swift3 Middleware (txn:
 txcfde073b9ffe4f379da392056e2176de)
 Apr 16 11:49:31 ns-proxy01 swift-proxy {'headers': {'Accept-Language':
 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip,
 deflate', 'Host': 'backend', 'Accept':
 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0)
 Gecko/20100101 Firefox/20.0', 'Connection': 'close', 'Content-Type':
 None}, 'environ': {'SCRIPT_NAME': '', 'REQUEST_METHOD': 'GET',
 'PATH_INFO': '/auth/', 'SERVER_PROTOCOL': 'HTTP/1.0', 'HTTP_USER_AGENT':
 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101
 Firefox/20.0', 'HTTP_CONNECTION': 'close', 'eventlet.posthooks': [],
 'SERVER_NAME': '10.42.44.101', 'REMOTE_ADDR': '10.42.44.5',
 'eventlet.input': eventlet.wsgi.Input object at 0x1d93f10,
 'wsgi.url_scheme': 'http', 'SERVER_PORT': '', 'wsgi.input':
 swift.common.utils.InputProxy object at 0x2691050, 'HTTP_HOST':
 'backend', 'swift.cache': swift.common.memcached.MemcacheRing object at
 0x268a750, 'wsgi.multithread': True, 'HTTP_ACCEPT':