Hi Chmouel, Thank you for your information.
I installed swift-keystone2 and modified proxy-server.conf. BUT authentication maybe not work well. for example, I want to check demo's status using the following command. [root@node01 ~]# swift -A http://127.0.0.1:5000/v1.0 -U demo -K password stat Account HEAD failed: http://api.cloud.com:8080/v1/AUTH_2 403 Forbidden [root@node01 ~]# swift -A http://127.0.0.1:5000/v1.0 -U demo -K password post test_container Container POST failed: http://api.cloud.com:8080/v1/AUTH_2/test_container403 Forbidden ALL operation (HEAD/PUT/POST/GET) will be returned with 403 Forbidden. But if I change proxy-server.conf back to the old config. ALL operation (HEAD/PUT/POST/GET) are ok. Keystone version: openstack-keystone-2011.3-b475.noarch Swift version: openstack-swift-1.4.3-b447.noarch openstack-swift-account-1.4.3-b447.noarch openstack-swift-proxy-1.4.3-b447.noarch openstack-swift-object-1.4.3-b447.noarch openstack-swift-container-1.4.3-b447.noarch proxy-server.conf [DEFAULT] bind_port = 8080 user = swift [pipeline:main] pipeline = catch_errors cache keystone2 proxy-server [app:proxy-server] use = egg:swift#proxy account_autocreate = true log_facility = LOG_LOCAL1 log_level = DEBUG [filter:keystone2] use = egg:swiftkeystone2#keystone2 keystone_admin_token = 999888777666 keystone_url = http://127.0.0.1:5001/v2.0 ( 5001 for admin api port, 5000 for service api port) [filter:cache] use = egg:swift#memcache set log_name = cache [filter:catch_errors] use = egg:swift#catch_errors Does it need to upgrade keystone to the latest version ? How to debug keystone2 ? Regards, Li Hua On Thu, Nov 3, 2011 at 3:29 PM, Chmouel Boudjnah < chmouel.boudj...@rackspace.co.uk> wrote: > Hi Li, > > Swift middleware shipped with keystone doesn't support ACL, you may want > to try this middleware instead : > > https://github.com/cloudbuilders/swift-keystone2 > > Chmouel. > > On 3 Nov 2011, at 05:45, Li Hua wrote: > > Hi Folks, > > I set up a SAIO test environment in RHEL6.1 using > openstack-swift-1.4.3-b447.noarch > from > http://yum.griddynamics.net/yum/diablo-centos/ . > > I want to test the container Read/Write access permission using the > following steps. > > Creating a container with read access permission for anyone. > > [root@node01 ~]# swift -A http://127.0.0.1:5000/v1.0 -U demo -K password > post -r '.r:*' testcontainer > > > Checking the stat of container: > > [root@node01 ~]# swift -A http://127.0.0.1:5000/v1.0 -U demo -K password > stat testcontainer Account: AUTH_2 > Container: testcontainer > Objects: 0 > Bytes: 0 > Read ACL: > Write ACL: > Sync To: > Sync Key: > Accept-Ranges: bytes > X-Trans-Id: tx1c0e9c6220ea433a90713c160a88b33f > > > It seems that testcontainer still has no Read ACL. Any comments ? > thanks. > > > Regards, > Li Hua > > > > Chmouel Boudjnah > Cloud Product Engineer [image: experience Fanatical Support] [image: LINE] > Tel: > +442087344212Fax: +44 20 8606 6111Web:www.rackspace.co.uk [image: > Rackspace] > > [image: Follow us on twitter] <http://www.twitter.com/rackspaceemea/> > > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
