[Crowbar] Question regarding Swift and keystone as built by crowbar 1.2

Andi_Abes at Dell.com Andi_Abes at Dell.com
Thu Jan 12 08:51:57 CST 2012


You shouldn't need to add endpointTemplates - you only need one of them per swift cluster, and crowbar already sets that up.

That said IIRC, the 'swift' utility bundled with the Diablo final didn't really handle keystone auth quite right (part of the keystone shenanigans at the tail end of the Diablo release)
I've been using direct curl calls to both get tokens, and to interact with the swift cluster.

You'd get a token with something like this (localhost is assumed to be the keystone IP)
curl -d '{"auth": {"passwordCredentials":{"username": "admin", "password":  "crowbar"}}}' -H "Content-type: application/json"  http://localhost:5000/v2.0/tokens

>From the reply, you'd take the token ID ( bolded below):
 {"token": {"expires": "2015-02-05T00:00:00", "id": "682310148888"}


To play with swift, you'd use something like the curl below (replacing the URL with what you got in reply from keystone for either the adminURL or the public URL (depending on what network you're on)
curl -k -X GET -H "X-Auth-Token: 682310148888" https://127.0.0.1:8080/v1/AUTH_1

hth,
a.

From: crowbar-bounces On Behalf Of Phil Rogers
Sent: Wednesday, January 11, 2012 11:26 PM
To: crowbar
Subject: [Crowbar] Question regarding Swift and keystone as built by crowbar 1.2

Hi Guys

2 days ago I build a new crowbar 1.2 openstack iso off  github

The crowbar build went fine and I was able to build a full swift system on virtual machines with 3 storage nodes and 1 controller node containing keystone + proxy  + rings

Everything provisioned perfectly.

All process on the proxy appear to be running fine

I did the following
keystone-manage tenant add tenant1
keystone-manage user add phil test123
keystone-manage role grant Member phil tenant1
Setup link for proxy connections to auth for swift
keystone-manage endpointTemplates add RegionOne swift \
http://192.168.124.81:8080/v1/AUTH_%tenant_id%<http://192.168.124.81:8080/v1/AUTH_%25tenant_id%25> \
http://192.168.124.81:8080/v1.0/ \
http://192.168.124.81:8080/v1/AUTH_%tenant_id%<http://192.168.124.81:8080/v1/AUTH_%25tenant_id%25> \
1 1

Proxy-server.conf as provisioned by crowbar
<snip>
[filter:keystone]
use = egg:keystone#swiftauth
keystone_url = http://192.168.124.81:35357/
reseller_prefix=AUTH
keystone_admin_token = 512375617141
<end snip>
I don't seem to be able to auth to the proxy
All services seems to be running ok
If I run
swift -A http://192.168.124.81:5000/v1.0 -U phil -K test123 stat
It returns
Account HEAD failed: https://192.168.122.2:8080/v1/AUTH_2,http://192.168.124.81:8080AUTH_2<https://192.168.122.2:8080/v1/AUTH_2,http:/192.168.124.81:8080AUTH_2> 412 Precondition Failed

In the manual I saw conflicting config using authtoken in proxy-server.conf
http://keystone.openstack.org/configuringservices.html
filter:keystone]
use = egg:keystone#tokenauth
auth_protocol = http
auth_host = 127.0.0.1
auth_port = 35357
admin_token = 999888777666
delay_auth_decision = 0
service_protocol = http
service_host = 127.0.0.1
service_port = 8100
service_pass = dTpw
cache = swift.cache

[filter:cache]
use = egg:swift#memcache
set log_name = cache

[filter:catch_errors]
use = egg:swift#catch_errors
IN THE MANUAL Keystone v2012.1-dev documentation<http://keystone.openstack.org/index.html>
There example references port 5000

$ swift -A http://127.0.0.1:5000/v1.0 -U joeuser -K secrete post container

$ swift -A http://127.0.0.1:5000/v1.0 -U joeuser -K secrete stat -v

StorageURL: http://127.0.0.1:8888/v1/AUTH_1234

Auth Token: 74ce1b05-e839-43b7-bd76-85ef178726c3

Account: AUTH_1234

Containers: 1

Objects: 0

Bytes: 0

Accept-Ranges: bytes

X-Trans-Id: tx25c1a6969d8f4372b63912f411de3c3b

I am getting very confused as to what is correct I used to use port 8080 on #swiftauth
Does anyone know what is correct I am struggling here
Thanks
Phil








-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.us.dell.com/pipermail/crowbar/attachments/20120112/ca15918d/attachment-0001.html 


More information about the Crowbar mailing list