We are developing spark application to save the data to ceph storage using swift apis. On drilling down, I see that any swift api using key stone authentication fails. I am unable to figure out why the authentication fails. From debug messages, I see that keystone redirects to the ceph url with a valid token but the token is not accepted by ceph.
I have checked the configuration in the keystone, the user, password and the roles are assigned right. I don't see any logs on the keystone or on the ceph gateway. Can someone please help me in understanding what is missing and resolving the issue? *Keystone version* : 0.7.1 *Ceph version*: jewel *SWIFT API FAILS WHEN USED WITH KEYSTONE* OS_PASSWORD=swift OS_AUTH_URL=http://keystonegw:35357/v2.0 OS_USERNAME=swift OS_TENANT_NAME=admin *swift stat -v* *Account HEAD failed: http://cephgw/swift/v1 <http://cephgw/swift/v1> 401 UnauthorizedFailed Transaction ID: tx000000000000000000a03-00593cceee-14852c-default* *DEBUG LOGS* DEBUG:keystoneclient.session:REQ: curl -i -X POST http://keystonegw:35357/v2.0/tokens -H "Content-Type: application/json" -H "User-Agent: python-keystoneclient" -d '{"auth": {"tenantName": "admin", "passwordCredentials": {"username": "swift", "password": "swift"}}}' DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): keystonegw DEBUG:requests.packages.urllib3.connectionpool:http://keystonegw:35357 "POST /v2.0/tokens HTTP/1.1" 200 2988 DEBUG:keystoneclient.session:RESP: [200] {'Content-Length': '2988', 'Vary': 'X-Auth-Token', 'Connection': 'keep-alive', 'Date': 'Sun, 11 Jun 2017 04:58:02 GMT', 'Content-Type': 'application/json', 'X-Distribution': 'Ubuntu'} RESP BODY: {"access": {"token": {"issued_at": "2017-06-11T04:58:02.281325", "expires": "2017-06-11T05:58:02Z", "id": "MIIFxAYJKoZIhvcNAQcCoIIFtTCCBbECAQExDTALBglghkgBZQMEAgEwggQSBgkqhkiG9w0BBwGgggQDBIID-ZHAU2leHd5HchISF4zxP2Ir2Vc1B+VPB65g==", "tenant": {"description": "Tenant Admin", "enabled": true, "id": "e749b5906c614b30b0d0b41df64f1da1", "name": "admin"}}, "serviceCatalog": [{"endpoints": [{"adminURL": "http://cephgw/swift/v1";, "region": "regionOne", "internalURL": "http://cephgw/swift/v1";, "id": "13840aac1f3b4c92a871728184450008", "publicURL": "http://cephgw/swift/v1"}], "endpoints_links": [], "type": "object-store", "name": "swift"}, {"endpoints": [{"adminURL": "http://keystonegw:35357/v2.0";, "region": "RegionOne", "internalURL": "http://keystonegw:5000/v2.0";, "id": "3c4901bace1846b7bb65733095018a4c", "publicURL": " http://keystonegw:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "keystone"}], "user": {"username": "swift", "roles_links": [], "id": "e412082961054ae9bfc568c71bb1a710", "roles": [{"name": "admin"}], "name": "swift"}, "metadata": {"is_admin": 0, "roles": ["9154fbc7474b40918e9ca4c848e2dd91"]}}} DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): cephgw DEBUG:requests.packages.urllib3.connectionpool:http://cephgw:80 "HEAD /swift/v1 HTTP/1.1" 401 0 INFO:swiftclient:REQ: curl -i http://cephgw/swift/v1 -I -H "X-Auth-Token: MIIFxAYJKoZIhvcNAQcCoIIFtTCCBbECAQExDTALBglghkgBZQMEAgEwggQSBgkqhkiG9w0BBwGgggQDBIID- *INFO:swiftclient:RESP STATUS: 401 Unauthorized* ------------------------------------------------ *V1 for same user works and data can be uploaded/downloaded from ceph* ST_AUTH=http://cephgw/auth/v1.0 ST_USER=admin:swift ST_KEY=7LEzObQbNj35Yk9m12TSmiT6KUhSzWhlFheOgmwS *swift stat* StorageURL: http://cephgw/swift/v1 Auth Token: AUTH_rgwtk0b00000061646d696e3a7377696674b6872a79e9fb2b02de1c3e59287fa0253d2cc306eb3c576b6cf05eeccdb9d1aae00c5440 ------------------------------------------------ *ceph.conf* [client.radosgw.gateway] host = cephgw keyring = /etc/ceph/ceph.client.radosgw.keyring rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock log file = /var/log/radosgw/client.radosgw.gateway.log rgw keystone url = http://keystonegw:35357 rgw keystone admin user = swift rgw keystone admin password = swift rgw keystone admin tenant = admin rgw keystone accepted roles = admin,_member_ rgw keystone token cache size = 500 rgw keystone revocation interval = 500 debug rgw = 20
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
