To help with troubleshooting, here is what I've executed thus far on my proxy node... Obvious problem/symptom = inability to verify a new Swift install from scratch due to 401 Unauthorized.
- 1x proxy node - 5x storage nodes I'll continue working this but anyone have any thoughts? See email to -operators list for further history. Thanks! Adam Below is a bash history/output of what is happening right now: > login as: c5201274 > c5201274@10.173.0.66's password: > Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.2.0-55-generic x86_64) > * Documentation: https://help.ubuntu.com/ > Last login: Thu Feb 6 21:05:32 2014 from 10.7.106.110 > Powered by Monsoon (Version 2.2.465) Platform: ubuntu 12.04 > Hostname : mo-ad1469a10.mo.sap.corp Name : node0p > Organization : c5201274 Project : swift_poc > Url : https://monsoon.mo.sap.corp/instances/mo-ad1469a10 > c5201274@mo-ad1469a10:~$ sudo su > root@mo-ad1469a10:/home/c5201274# . credrc.sh > root@mo-ad1469a10:/home/c5201274# swift-init proxy start > proxy-server running (5502 - /etc/swift/proxy-server.conf) > proxy-server already started... > root@mo-ad1469a10:/home/c5201274# curl -k -v -H 'X-Storage-User: > test:tester' -H 'X-Storage-Pass: testing' https:// > $PROXY_LOCAL_NET_IP:8080/auth/v1.0 > * About to connect() to 10.173.0.66 port 8080 (#0) > * Trying 10.173.0.66... connected > * successfully set certificate verify locations: > * CAfile: none > CApath: /etc/ssl/certs > * SSLv3, TLS handshake, Client hello (1): > * SSLv3, TLS handshake, Server hello (2): > * SSLv3, TLS handshake, CERT (11): > * SSLv3, TLS handshake, Server finished (14): > * SSLv3, TLS handshake, Client key exchange (16): > * SSLv3, TLS change cipher, Client hello (1): > * SSLv3, TLS handshake, Finished (20): > * SSLv3, TLS change cipher, Client hello (1): > * SSLv3, TLS handshake, Finished (20): > * SSL connection using AES256-SHA > * Server certificate: > * subject: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd > * start date: 2014-01-29 00:34:55 GMT > * expire date: 2014-02-28 00:34:55 GMT > * SSL: unable to obtain common name from peer certificate > > GET /auth/v1.0 HTTP/1.1 > > User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 > OpenSSL/1.0.1 zlib/1.2.3.4libidn/1.23 librtmp/2.3 > > Host: 10.173.0.66:8080 > > Accept: */* > > X-Storage-User: test:tester > > X-Storage-Pass: testing > > > < HTTP/1.1 401 Unauthorized > < Content-Length: 131 > < Content-Type: text/html; charset=UTF-8 > < Date: Fri, 07 Feb 2014 18:20:13 GMT > < > * Connection #0 to host 10.173.0.66 left intact > * Closing connection #0 > * SSLv3, TLS alert, Client hello (1): > <html><h1>Unauthorized</h1><p>This server could not verify that you are > authorized to access the document you requested.</p></html>root@mo-ad1469a10 > :/home/c5201274# > root@mo-ad1469a10:/home/c5201274# curl -k -v -H 'X-Auth-Token: > AUTH_tkf85b7788c36143ac99e5a5b42d95d628' https:// > $PROXY_LOCAL_NET_IP:8080/v1/AUTH_system > * About to connect() to 10.173.0.66 port 8080 (#0) > * Trying 10.173.0.66... connected > * successfully set certificate verify locations: > * CAfile: none > CApath: /etc/ssl/certs > * SSLv3, TLS handshake, Client hello (1): > * SSLv3, TLS handshake, Server hello (2): > * SSLv3, TLS handshake, CERT (11): > * SSLv3, TLS handshake, Server finished (14): > * SSLv3, TLS handshake, Client key exchange (16): > * SSLv3, TLS change cipher, Client hello (1): > * SSLv3, TLS handshake, Finished (20): > * SSLv3, TLS change cipher, Client hello (1): > * SSLv3, TLS handshake, Finished (20): > * SSL connection using AES256-SHA > * Server certificate: > * subject: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd > * start date: 2014-01-29 00:34:55 GMT > * expire date: 2014-02-28 00:34:55 GMT > * SSL: unable to obtain common name from peer certificate > > GET /v1/AUTH_system HTTP/1.1 > > User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 > OpenSSL/1.0.1 zlib/1.2.3.4libidn/1.23 librtmp/2.3 > > Host: 10.173.0.66:8080 > > Accept: */* > > X-Auth-Token: AUTH_tkf85b7788c36143ac99e5a5b42d95d628 > > > < HTTP/1.1 401 Unauthorized > < Content-Length: 131 > < Content-Type: text/html; charset=UTF-8 > < Date: Fri, 07 Feb 2014 18:21:22 GMT > < > * Connection #0 to host 10.173.0.66 left intact > * Closing connection #0 > * SSLv3, TLS alert, Client hello (1): > <html><h1>Unauthorized</h1><p>This server could not verify that you are > authorized to access the document you > requested.</p></html>root@mo-ad1469a10:/home/c5201274# > ^C > root@mo-ad1469a10:/home/c5201274# ^C > root@mo-ad1469a10:/home/c5201274# curl -k -v -H 'X-Auth-Token: > AUTH_tkf85b7788c36143ac99e5a5b42d95d628' https:// > $PROXY_LOCAL_NET_IP:8080/v1/AUTH_system > * About to connect() to 10.173.0.66 port 8080 (#0) > * Trying 10.173.0.66... connected > * successfully set certificate verify locations: > * CAfile: none > CApath: /etc/ssl/certs > * SSLv3, TLS handshake, Client hello (1): > * SSLv3, TLS handshake, Server hello (2): > * SSLv3, TLS handshake, CERT (11): > * SSLv3, TLS handshake, Server finished (14): > * SSLv3, TLS handshake, Client key exchange (16): > * SSLv3, TLS change cipher, Client hello (1): > * SSLv3, TLS handshake, Finished (20): > * SSLv3, TLS change cipher, Client hello (1): > * SSLv3, TLS handshake, Finished (20): > * SSL connection using AES256-SHA > * Server certificate: > * subject: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd > * start date: 2014-01-29 00:34:55 GMT > * expire date: 2014-02-28 00:34:55 GMT > * SSL: unable to obtain common name from peer certificate > > GET /v1/AUTH_system HTTP/1.1 > > User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 > OpenSSL/1.0.1 zlib/1.2.3.4libidn/1.23 librtmp/2.3 > > Host: 10.173.0.66:8080 > > Accept: */* > > X-Auth-Token: AUTH_tkf85b7788c36143ac99e5a5b42d95d628 > > > < HTTP/1.1 401 Unauthorized > < Content-Length: 131 > < Content-Type: text/html; charset=UTF-8 > < Date: Fri, 07 Feb 2014 18:22:52 GMT > < > * Connection #0 to host 10.173.0.66 left intact > * Closing connection #0 > * SSLv3, TLS alert, Client hello (1): > <html><h1>Unauthorized</h1><p>This server could not verify that you are > authorized to access the document you requ > root@mo-ad1469a10:/home/c5201274# swift -A > https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0 > -U test:tester -K testing stat > Auth GET failed: https://10.173.0.66:8080/auth/v1.0 401 Unauthorized > root@mo-ad1469a10:/home/c5201274# *Adam Lawson* AQORN, Inc. 427 North Tatnall Street Ste. 58461 Wilmington, Delaware 19801-2230 Toll-free: (888) 406-7620 On Thu, Feb 6, 2014 at 1:57 PM, Adam Lawson <alaw...@aqorn.com> wrote: > Hey OpenStack peeps! > > I'm trying to verify a Swift manual installation with 1x proxy and 5x > storage nodes. I turned on all services with no errors (well, no errors I > didn't fix anyway). > My problem is with trying to create an account and heading it. Below is > what I'm scripting as I go along. > > I executed Step1 successfully using system:root as the user. But when I > executed Step2, I received a 401 Unauthorized reply. > Undaunted I executed Step3 which produced nothing. I then tried running > Step1 again as shown below with test:tester as the user (thinking it was > because I don't actually run as root but I run commands via sudo) and now > it always gives me 401 unauthorized replies. > > Is this an obvious problem with an easy remedy? > > > # 1 Aqcuire X-Storage-Url and X-Auth-Token >> curl -k -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' >> https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0 > > > # 2 Test HEAD account process >> # SAMPLE: curl -k -v -H 'X-Auth-Token: <token-from-x-auth-token-above>' >> <url-from-x-storage-url-above> >> curl -k -v -H 'X-Auth-Token: AUTH_tkf85b7788c36143ac99e5a5b42d95d628' >> https://$PROXY_LOCAL_NET_IP:8080/v1/AUTH_system > > > # Test Swift is actually working >> swift -A https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0 -U system:testuser >> -K testpass stat > > > Thoughts? > > *Adam Lawson* > AQORN, Inc. > 427 North Tatnall Street > Ste. 58461 > Wilmington, Delaware 19801-2230 > Toll-free: (888) 406-7620 > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
