I upgraded our test cluster to 1.7.4, and still have the same issue. I also bumped the expires to time() + 600 and made sure the clocks on client and servers are in sync to the second (client was 2 minutes off earlier) but so that didn't change anything. expires is def. higher than the current time on the server so..
any help appreciated. thanks, Dieter On Fri, 19 Oct 2012 13:17:39 -0400 Dieter Plaetinck <die...@plaetinck.be> wrote: > Hi, > using swift 1.4.8 on Centos machines. (latest packages for centos. note that > i'm assuming tempurl works with this version merely because all the code > seems to be there, i couldn't find clear docs on whether it should work or > not?) > I want to use the swift tempURL feature as per > http://failverse.com/using-temporary-urls-on-rackspace-cloud-files/ > http://docs.rackspace.com/files/api/v1/cf-devguide/content/TempURL-d1a4450.html > http://docs.rackspace.com/files/api/v1/cf-devguide/content/Set_Account_Metadata-d1a4460.html > > TLDR: set up metadata correctly, but tempurl requests yield http 401, can't > figure it out, _get_hmac() doesn't seem to be called. > > First, I set the key metadata (this works fine) (tried both the swift CLI > program as well as curl), and I tried setting it both on container level > (container "uploads") as well as account level > (though i would prefer container level) > > alias vimeoswift=swift -A http://$ip:8080/auth/v1.0 -U system:root -K > testpass' > vimeoswift post -m Temp-Url-Key:key uploads > vimeoswift post -m Temp-Url-Key:key > curl -i -X POST -H X-Auth-Token:$t -H X-Account-Meta-Temp-URL-Key:key > http://$ip:8080/v1/AUTH_system > > this seems to work, because when I stat the account and the container, they > show up: > > > [root@dfvimeodfsproxy1 ~]# vimeoswift stat uploads > Account: AUTH_system > Container: uploads > Objects: 1 > Bytes: 1253 > Read ACL: > Write ACL: > Sync To: > Sync Key: > Meta Temp-Url-Key: key <------------------ > Accept-Ranges: bytes > [root@dfvimeodfsproxy1 ~]# vimeoswift stat > Account: AUTH_system > Containers: 1 > Objects: 1 > Bytes: 1253 > Meta Temp-Url-Key: key <------------------ > Accept-Ranges: bytes > [root@dfvimeodfsproxy1 ~]# > > I have already put a file in container uploads (which I can retrieve just > fine using an auth token): > [root@dfvimeodfsproxy1 ~]# vimeoswift stat uploads mylogfile.log | grep > 'Content Length' > Content Length: 1253 > > now however, if i want to retrieve this file using the tempURL feature, it > doesn't work: > > using this script > #!/usr/bin/python2 > import hmac > from hashlib import sha1 > from time import time > method = 'GET' > expires = int(time() + 60) > base = 'http://10.90.151.5:8080' > path = '/v1/AUTH_system/uploads/mylogfile.log' > key = 'key' > hmac_body = '%s\n%s\n%s' % (method, expires, path) > sig = hmac.new(key, hmac_body, sha1).hexdigest() > print '%s%s?temp_url_sig=%s&temp_url_expires=%s' % (base, path, sig, expires) > > ~ ❯ openstack-signed-url2.py > http://10.90.151.5:8080/v1/AUTH_system/uploads/mylogfile.log?temp_url_sig=e700f568cd099a432890db00e263b29b999d3604&temp_url_expires=1350666309 > ~ ❯ wget > 'http://10.90.151.5:8080/v1/AUTH_system/uploads/mylogfile.log?temp_url_sig=e700f568cd099a432890db00e263b29b999d3604&temp_url_expires=1350666309' > --2012-10-19 13:04:14-- > http://10.90.151.5:8080/v1/AUTH_system/uploads/mylogfile.log?temp_url_sig=e700f568cd099a432890db00e263b29b999d3604&temp_url_expires=1350666309 > Connecting to 10.90.151.5:8080... connected. > HTTP request sent, awaiting response... 401 Unauthorized > Authorization failed. > > > I thought I could easily debug this myself by changing the _get_hmac() > function > in /usr/lib/python2.6/site-packages/swift/common/middleware/tempurl.py like > so: > > def _get_hmac(self, env, expires, key, request_method=None): > """ > (...) > """ > if not request_method: > request_method = env['REQUEST_METHOD'] > self.logger("getting HMAC for method %s, expires %s, path %s" % > (request_method, expires, env['PATH_INFO'])) > hmac = hmac.new(key, '%s\n%s\n%s' % (request_method, expires, > env['PATH_INFO']), sha1).hexdigest() > self.logger("hmac is " + hmac) > return hmac > > > however, after restarting the proxy, I don't see my messages showing up > anywhere (logging works otherwise, because proxy-server messages are showing > up in /var/log/message, showing all incoming http requests and their responses > > > any help is appreciated, thanks! > > Dieter _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
