In the output you pasted, you don't have any successful response. I'd suggest looking at the tempauth stanza in the proxy server conf to make sure the users are set up correctly.
--John On Feb 7, 2014, at 4:55 PM, Adam Lawson <alaw...@aqorn.com> wrote: > To help with troubleshooting, here is what I've executed thus far on my proxy > node... > Obvious problem/symptom = inability to verify a new Swift install from > scratch due to 401 Unauthorized. > • 1x proxy node > • 5x storage nodes > I'll continue working this but anyone have any thoughts? See email to > -operators list for further history. > > Thanks! > Adam > > Below is a bash history/output of what is happening right now: > login as: c5201274 > c5201274@10.173.0.66's password: > Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.2.0-55-generic x86_64) > * Documentation: https://help.ubuntu.com/ > Last login: Thu Feb 6 21:05:32 2014 from 10.7.106.110 > Powered by Monsoon (Version 2.2.465) Platform: ubuntu 12.04 > Hostname : mo-ad1469a10.mo.sap.corp Name : node0p > Organization : c5201274 Project : swift_poc > Url : https://monsoon.mo.sap.corp/instances/mo-ad1469a10 > c5201274@mo-ad1469a10:~$ sudo su > root@mo-ad1469a10:/home/c5201274# . credrc.sh > root@mo-ad1469a10:/home/c5201274# swift-init proxy start > proxy-server running (5502 - /etc/swift/proxy-server.conf) > proxy-server already started... > root@mo-ad1469a10:/home/c5201274# curl -k -v -H 'X-Storage-User: test:tester' > -H 'X-Storage-Pass: testing' https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0 > * About to connect() to 10.173.0.66 port 8080 (#0) > * Trying 10.173.0.66... connected > * successfully set certificate verify locations: > * CAfile: none > CApath: /etc/ssl/certs > * SSLv3, TLS handshake, Client hello (1): > * SSLv3, TLS handshake, Server hello (2): > * SSLv3, TLS handshake, CERT (11): > * SSLv3, TLS handshake, Server finished (14): > * SSLv3, TLS handshake, Client key exchange (16): > * SSLv3, TLS change cipher, Client hello (1): > * SSLv3, TLS handshake, Finished (20): > * SSLv3, TLS change cipher, Client hello (1): > * SSLv3, TLS handshake, Finished (20): > * SSL connection using AES256-SHA > * Server certificate: > * subject: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd > * start date: 2014-01-29 00:34:55 GMT > * expire date: 2014-02-28 00:34:55 GMT > * SSL: unable to obtain common name from peer certificate > > GET /auth/v1.0 HTTP/1.1 > > User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 > > zlib/1.2.3.4libidn/1.23 librtmp/2.3 > > Host: 10.173.0.66:8080 > > Accept: */* > > X-Storage-User: test:tester > > X-Storage-Pass: testing > > > < HTTP/1.1 401 Unauthorized > < Content-Length: 131 > < Content-Type: text/html; charset=UTF-8 > < Date: Fri, 07 Feb 2014 18:20:13 GMT > < > * Connection #0 to host 10.173.0.66 left intact > * Closing connection #0 > * SSLv3, TLS alert, Client hello (1): > <html><h1>Unauthorized</h1><p>This server could not verify that you are > authorized to access the document you > requested.</p></html>root@mo-ad1469a10:/home/c5201274# > root@mo-ad1469a10:/home/c5201274# curl -k -v -H 'X-Auth-Token: > AUTH_tkf85b7788c36143ac99e5a5b42d95d628' > https://$PROXY_LOCAL_NET_IP:8080/v1/AUTH_system > * About to connect() to 10.173.0.66 port 8080 (#0) > * Trying 10.173.0.66... connected > * successfully set certificate verify locations: > * CAfile: none > CApath: /etc/ssl/certs > * SSLv3, TLS handshake, Client hello (1): > * SSLv3, TLS handshake, Server hello (2): > * SSLv3, TLS handshake, CERT (11): > * SSLv3, TLS handshake, Server finished (14): > * SSLv3, TLS handshake, Client key exchange (16): > * SSLv3, TLS change cipher, Client hello (1): > * SSLv3, TLS handshake, Finished (20): > * SSLv3, TLS change cipher, Client hello (1): > * SSLv3, TLS handshake, Finished (20): > * SSL connection using AES256-SHA > * Server certificate: > * subject: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd > * start date: 2014-01-29 00:34:55 GMT > * expire date: 2014-02-28 00:34:55 GMT > * SSL: unable to obtain common name from peer certificate > > GET /v1/AUTH_system HTTP/1.1 > > User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 > > zlib/1.2.3.4libidn/1.23 librtmp/2.3 > > Host: 10.173.0.66:8080 > > Accept: */* > > X-Auth-Token: AUTH_tkf85b7788c36143ac99e5a5b42d95d628 > > > < HTTP/1.1 401 Unauthorized > < Content-Length: 131 > < Content-Type: text/html; charset=UTF-8 > < Date: Fri, 07 Feb 2014 18:21:22 GMT > < > * Connection #0 to host 10.173.0.66 left intact > * Closing connection #0 > * SSLv3, TLS alert, Client hello (1): > <html><h1>Unauthorized</h1><p>This server could not verify that you are > authorized to access the document you > requested.</p></html>root@mo-ad1469a10:/home/c5201274# ^C > root@mo-ad1469a10:/home/c5201274# ^C > root@mo-ad1469a10:/home/c5201274# curl -k -v -H 'X-Auth-Token: > AUTH_tkf85b7788c36143ac99e5a5b42d95d628' > https://$PROXY_LOCAL_NET_IP:8080/v1/AUTH_system > * About to connect() to 10.173.0.66 port 8080 (#0) > * Trying 10.173.0.66... connected > * successfully set certificate verify locations: > * CAfile: none > CApath: /etc/ssl/certs > * SSLv3, TLS handshake, Client hello (1): > * SSLv3, TLS handshake, Server hello (2): > * SSLv3, TLS handshake, CERT (11): > * SSLv3, TLS handshake, Server finished (14): > * SSLv3, TLS handshake, Client key exchange (16): > * SSLv3, TLS change cipher, Client hello (1): > * SSLv3, TLS handshake, Finished (20): > * SSLv3, TLS change cipher, Client hello (1): > * SSLv3, TLS handshake, Finished (20): > * SSL connection using AES256-SHA > * Server certificate: > * subject: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd > * start date: 2014-01-29 00:34:55 GMT > * expire date: 2014-02-28 00:34:55 GMT > * SSL: unable to obtain common name from peer certificate > > GET /v1/AUTH_system HTTP/1.1 > > User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 > > zlib/1.2.3.4libidn/1.23 librtmp/2.3 > > Host: 10.173.0.66:8080 > > Accept: */* > > X-Auth-Token: AUTH_tkf85b7788c36143ac99e5a5b42d95d628 > > > < HTTP/1.1 401 Unauthorized > < Content-Length: 131 > < Content-Type: text/html; charset=UTF-8 > < Date: Fri, 07 Feb 2014 18:22:52 GMT > < > * Connection #0 to host 10.173.0.66 left intact > * Closing connection #0 > * SSLv3, TLS alert, Client hello (1): > <html><h1>Unauthorized</h1><p>This server could not verify that you are > authorized to access the document you requ > root@mo-ad1469a10:/home/c5201274# swift -A > https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0 -U test:tester -K testing stat > Auth GET failed: https://10.173.0.66:8080/auth/v1.0 401 Unauthorized > root@mo-ad1469a10:/home/c5201274# > > > Adam Lawson > AQORN, Inc. > 427 North Tatnall Street > Ste. 58461 > Wilmington, Delaware 19801-2230 > Toll-free: (888) 406-7620 > > > > On Thu, Feb 6, 2014 at 1:57 PM, Adam Lawson <alaw...@aqorn.com> wrote: > Hey OpenStack peeps! > > I'm trying to verify a Swift manual installation with 1x proxy and 5x storage > nodes. I turned on all services with no errors (well, no errors I didn't fix > anyway). > My problem is with trying to create an account and heading it. Below is what > I'm scripting as I go along. > > I executed Step1 successfully using system:root as the user. But when I > executed Step2, I received a 401 Unauthorized reply. > Undaunted I executed Step3 which produced nothing. I then tried running Step1 > again as shown below with test:tester as the user (thinking it was because I > don't actually run as root but I run commands via sudo) and now it always > gives me 401 unauthorized replies. > > Is this an obvious problem with an easy remedy? > > > # 1 Aqcuire X-Storage-Url and X-Auth-Token > curl -k -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' > https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0 > > # 2 Test HEAD account process > # SAMPLE: curl -k -v -H 'X-Auth-Token: <token-from-x-auth-token-above>' > <url-from-x-storage-url-above> > curl -k -v -H 'X-Auth-Token: AUTH_tkf85b7788c36143ac99e5a5b42d95d628' > https://$PROXY_LOCAL_NET_IP:8080/v1/AUTH_system > > # Test Swift is actually working > swift -A https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0 -U system:testuser -K > testpass stat > > Thoughts? > > Adam Lawson > AQORN, Inc. > 427 North Tatnall Street > Ste. 58461 > Wilmington, Delaware 19801-2230 > Toll-free: (888) 406-7620 > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
