I had a similar problem. See [1]. The fix was to add delay_auth_decision = 1 in the proxy-server.conf
[filter:authtoken] ... delay_auth_decision = 1 -Shri [1] https://answers.launchpad.net/swift/+question/225614 On Wed, Jul 10, 2013 at 4:43 AM, Morten Møller Riis <m...@gigahost.dk> wrote: > I've been looking at tempurl.py and found that the problem occurs here: > > def _get_key(self, env, account): > """ > Returns the X-Account-Meta-Temp-URL-Key header value for the > account, or None if none is set. > > :param env: The WSGI environment for the request. > :param account: Account str. > :returns: X-Account-Meta-Temp-URL-Key str value, or None. > """ > key = None > memcache = env.get('swift.cache') > if memcache: > key = memcache.get('temp-url-key/%s' % account) > if not key: > newenv = make_pre_authed_env(env, 'HEAD', '/v1/' + account, > self.agent) > newenv['CONTENT_LENGTH'] = '0' > newenv['wsgi.input'] = StringIO('') > key = [None] > > def _start_response(status, response_headers, exc_info=None): > for h, v in response_headers: > if h.lower() == 'x-account-meta-temp-url-key': > key[0] = v > > i = iter(self.app(newenv, _start_response)) > self.logger.info() > try: > i.next() > except StopIteration: > pass > key = key[0] > if key and memcache: > memcache.set('temp-url-key/%s' % account, key, timeout=60) > return key > > The request get 403 forbidden and thus never gets the key in the first > place. I'm looking at the github repo and the implementation there seems to > have changed. > > > Mvh / Best regards > Morten Møller Riis > Gigahost ApS > m...@gigahost.dk > > > > > On Jul 10, 2013, at 6:24 PM, Morten Møller Riis <m...@gigahost.dk> wrote: > > I'm having trouble getting tempurl to work. > > I set the "X-Account-Meta-Temp-Url-Key" metadata on the account. And a GET > request shows it's set correctly. > > I've enabled it on the proxy server in /etc/swift/proxy-server.conf: > > [DEFAULT] > bind_port = 8080 > workers = 8 > user = swift > > [pipeline:main] > pipeline = healthcheck cache tempurl swauth proxy-server > > [app:proxy-server] > use = egg:swift#proxy > allow_account_management = true > account_autocreate = true > > [filter:tempurl] > use = egg:swift#tempurl > > [filter:swauth] > use = egg:swauth#swauth > set log_name = swauth > super_admin_key = <removed> > default_swift_cluster = gigahost#https://<url>/v1#http://localhost:8080/v1 > > [filter:healthcheck] > use = egg:swift#healthcheck > > [filter:cache] > use = egg:swift#memcache > memcache_servers = 127.0.0.1:11211 > > When creating the tempurl's, even using the swift-temp-url program I get: > > ~ $ curl -i "https:// > <url>/v1/AUTH_224b1001-2c75-444c-aaef-30af13b9154c/000/206.pdf?temp_url_sig=387d79120a591e1cf6f4d4356f5c0a96fb49d202&temp_url_expires=1373438360" > HTTP/1.1 401 Unauthorized > Server: nginx > Date: Wed, 10 Jul 2013 08:21:32 GMT > Content-Type: text/plain > Content-Length: 35 > Connection: keep-alive > > 401 Unauthorized: Temp URL invalid > > I've even tried running it locally on the proxy-server to localhost:8080, > so I'm sure it's not nginx doing any funny stuff. > > Does anybody have any suggestions? I'm pretty lost :( > > > Mvh / Best regards > Morten Møller Riis > Gigahost ApS > m...@gigahost.dk > > > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
