Update: Happy days are here again. I figured out my problem which was a couple issues. I'll share with the group so others won't run into this.
I was using two sources of documentation that referenced the URL in two different ways that I didn't catch earlier (one used /AUTH and the other used /auth). That's obviously not going to work but I didn't see it previously. Second, after doing some further research I learned that tokens are stored in memcached and without memcached running, access is impossible. So to be sure it wasn't that I checked and lo and behold, it wasn't running and wouldnt run even if i started the service. I checked /etc/swift/memcached.conf and realized I had memcached listening on an IP address listed as -1 10.173.0.66 and not -l 10.173.0.66 (basically I was using number one instead of the letter L). Using L worked. So, all is well for now. Just thought I'd share that with you guys. Mahalo, Adam *Adam Lawson* AQORN, Inc. 427 North Tatnall Street Ste. 58461 Wilmington, Delaware 19801-2230 Toll-free: (888) 406-7620 On Mon, Feb 10, 2014 at 1:57 PM, Adam Lawson <alaw...@aqorn.com> wrote: > Thanks for your ideas John. I checked proxy-server.conf and it appears the > user exists as it should and tempauth is denoted correctly as well. > > I am able to perform Step1 without an error but Step2 gives me an > unauthorized reply and Step3 says account could not be HEADED. Exact > response below. > > Below are the steps I'm executing, the result and the contents of > proxy-server.conf. > > *STEPS:* > >> # 1 Aqcuire X-Storage-Url and X-Auth-Token >> curl -k -v -H 'X-Storage-User: system:root' -H 'X-Storage-Pass: testing' >> https://$PROXY_LOCAL_NET_IP:8080/AUTH/v1.0 >> >> # 2 Test HEAD account process >> # SAMPLE: curl -k -v -H 'X-Auth-Token: <token-from-x-auth-token-above>' >> <url-from-x-storage-url-above> >> curl -k -v -H 'X-Auth-Token: AUTH_tkf85b7788c36143ac99e5a5b42d95d628' >> https://$PROXY_LOCAL_NET_IP:8080/v1/AUTH_system >> # 3 Test Swift is actually working >> swift -A https://$PROXY_LOCAL_NET_IP:8080/AUTH/v1.0 -U system:root -K >> testpass stat > > > > *OUTPUT:* > >> root@mo-ad1469a10:/home/c52xxx74# swift -A >> https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0 >> -U system:root -K testpass stat >> Account HEAD failed: https://10.173.0.66:8080/v1/AUTH_system 401 >> Unauthorized >> root@mo-ad1469a10:/home/c52xxx74# curl -k -v -H 'X-Storage-User: >> system:root' -H 'X-Storage-Pass: testpass' https:// >> $PROXY_LOCAL_NET_IP:8080/auth/v1.0 >> * About to connect() to 10.173.0.66 port 8080 (#0) >> * Trying 10.173.0.66... connected >> * successfully set certificate verify locations: >> * CAfile: none >> CApath: /etc/ssl/certs >> * SSLv3, TLS handshake, Client hello (1): >> * SSLv3, TLS handshake, Server hello (2): >> * SSLv3, TLS handshake, CERT (11): >> * SSLv3, TLS handshake, Server finished (14): >> * SSLv3, TLS handshake, Client key exchange (16): >> * SSLv3, TLS change cipher, Client hello (1): >> * SSLv3, TLS handshake, Finished (20): >> * SSLv3, TLS change cipher, Client hello (1): >> * SSLv3, TLS handshake, Finished (20): >> * SSL connection using AES256-SHA >> * Server certificate: >> * subject: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd >> * start date: 2014-01-29 00:34:55 GMT >> * expire date: 2014-02-28 00:34:55 GMT >> * SSL: unable to obtain common name from peer certificate >> > GET /auth/v1.0 HTTP/1.1 >> > User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 >> OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3 >> > Host: 10.173.0.66:8080 >> > Accept: */* >> > X-Storage-User: system:root >> > X-Storage-Pass: testpass >> > >> < HTTP/1.1 200 OK >> < X-Storage-Url: https://10.173.0.66:8080/v1/AUTH_system >> < X-Auth-Token: AUTH_tk43103ea556414c57a5aecad62155a8e4 >> < Content-Type: text/html; charset=UTF-8 >> < X-Storage-Token: AUTH_tk43103ea556414c57a5aecad62155a8e4 >> < Content-Length: 0 >> < Date: Mon, 10 Feb 2014 21:41:54 GMT >> < >> * Connection #0 to host 10.173.0.66 left intact >> * Closing connection #0 >> * SSLv3, TLS alert, Client hello (1): >> root@mo-ad1469a10:/home/c52xxx74# curl -k -v -H 'X-Auth-Token: >> AUTH_tk43103ea556414c57a5aecad62155a8e4' >> https://10.173.0.66:8080/v1/AUTH_system >> * About to connect() to 10.173.0.66 port 8080 (#0) >> * Trying 10.173.0.66... connected >> * successfully set certificate verify locations: >> * CAfile: none >> CApath: /etc/ssl/certs >> * SSLv3, TLS handshake, Client hello (1): >> * SSLv3, TLS handshake, Server hello (2): >> * SSLv3, TLS handshake, CERT (11): >> * SSLv3, TLS handshake, Server finished (14): >> * SSLv3, TLS handshake, Client key exchange (16): >> * SSLv3, TLS change cipher, Client hello (1): >> * SSLv3, TLS handshake, Finished (20): >> * SSLv3, TLS change cipher, Client hello (1): >> * SSLv3, TLS handshake, Finished (20): >> * SSL connection using AES256-SHA >> * Server certificate: >> * subject: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd >> * start date: 2014-01-29 00:34:55 GMT >> * expire date: 2014-02-28 00:34:55 GMT >> * SSL: unable to obtain common name from peer certificate >> > GET /v1/AUTH_system HTTP/1.1 >> > User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 >> OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3 >> > Host: 10.173.0.66:8080 >> > Accept: */* >> > X-Auth-Token: AUTH_tk43103ea556414c57a5aecad62155a8e4 >> > >> < HTTP/1.1 401 Unauthorized >> < Content-Length: 131 >> < Content-Type: text/html; charset=UTF-8 >> < Date: Mon, 10 Feb 2014 21:43:29 GMT >> < >> * Connection #0 to host 10.173.0.66 left intact >> * Closing connection #0 >> * SSLv3, TLS alert, Client hello (1): >> <html><h1>Unauthorized</h1><p>This server could not verify that you are >> authorized to access the document you requested.</p></html>root@mo-ad1469a10 >> :/home/c52xxx74# >> root@mo-ad1469a10:/home/c52xxx74# swift -A >> https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0 >> -U system:root -K testpass stat >> Account HEAD failed: https://10.173.0.66:8080/v1/AUTH_system 401 >> Unauthorized > > > > *PROXY-SERVER.CONF* > >> [DEFAULT] >> cert_file = /etc/swift/cert.crt >> key_file = /etc/swift/cert.key >> bind_port = 8080 >> workers = 8 >> user = swift >> [pipeline:main] >> pipeline = healthcheck proxy-logging cache tempauth proxy-logging >> proxy-server >> [app:proxy-server] >> use = egg:swift#proxy >> allow_account_management = true >> account_autocreate = true >> [filter:proxy-logging] >> use = egg:swift#proxy_logging >> [filter:tempauth] >> use = egg:swift#tempauth >> user_system_root = testpass .admin >> https://10.173.0.66:8080/v1/AUTH_system >> [filter:healthcheck] >> use = egg:swift#healthcheck >> [filter:cache] >> use = egg:swift#memcache >> memcache_servers = 10.173.0.66:11211 > > > > What am I missing here? > > > > *Adam Lawson* > AQORN, Inc. > 427 North Tatnall Street > Ste. 58461 > Wilmington, Delaware 19801-2230 > Toll-free: (888) 406-7620 > > > > On Fri, Feb 7, 2014 at 6:19 PM, John Dickinson <m...@not.mn> wrote: > >> In the output you pasted, you don't have any successful response. I'd >> suggest looking at the tempauth stanza in the proxy server conf to make >> sure the users are set up correctly. >> >> --John >> >> >> >> On Feb 7, 2014, at 4:55 PM, Adam Lawson <alaw...@aqorn.com> wrote: >> >> > To help with troubleshooting, here is what I've executed thus far on my >> proxy node... >> > Obvious problem/symptom = inability to verify a new Swift install from >> scratch due to 401 Unauthorized. >> > * 1x proxy node >> > * 5x storage nodes >> > I'll continue working this but anyone have any thoughts? See email to >> -operators list for further history. >> > >> > Thanks! >> > Adam >> > >> > Below is a bash history/output of what is happening right now: >> > login as: c5201274 >> > c5201274@10.173.0.66's password: >> > Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.2.0-55-generic x86_64) >> > * Documentation: https://help.ubuntu.com/ >> > Last login: Thu Feb 6 21:05:32 2014 from 10.7.106.110 >> > Powered by Monsoon (Version 2.2.465) Platform: ubuntu 12.04 >> > Hostname : mo-ad1469a10.mo.sap.corp Name : node0p >> > Organization : c5201274 Project : swift_poc >> > Url : https://monsoon.mo.sap.corp/instances/mo-ad1469a10 >> > c5201274@mo-ad1469a10:~$ sudo su >> > root@mo-ad1469a10:/home/c5201274# . credrc.sh >> > root@mo-ad1469a10:/home/c5201274# swift-init proxy start >> > proxy-server running (5502 - /etc/swift/proxy-server.conf) >> > proxy-server already started... >> > root@mo-ad1469a10:/home/c5201274# curl -k -v -H 'X-Storage-User: >> test:tester' -H 'X-Storage-Pass: testing' https:// >> $PROXY_LOCAL_NET_IP:8080/auth/v1.0 >> > * About to connect() to 10.173.0.66 port 8080 (#0) >> > * Trying 10.173.0.66... connected >> > * successfully set certificate verify locations: >> > * CAfile: none >> > CApath: /etc/ssl/certs >> > * SSLv3, TLS handshake, Client hello (1): >> > * SSLv3, TLS handshake, Server hello (2): >> > * SSLv3, TLS handshake, CERT (11): >> > * SSLv3, TLS handshake, Server finished (14): >> > * SSLv3, TLS handshake, Client key exchange (16): >> > * SSLv3, TLS change cipher, Client hello (1): >> > * SSLv3, TLS handshake, Finished (20): >> > * SSLv3, TLS change cipher, Client hello (1): >> > * SSLv3, TLS handshake, Finished (20): >> > * SSL connection using AES256-SHA >> > * Server certificate: >> > * subject: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd >> > * start date: 2014-01-29 00:34:55 GMT >> > * expire date: 2014-02-28 00:34:55 GMT >> > * SSL: unable to obtain common name from peer certificate >> > > GET /auth/v1.0 HTTP/1.1 >> > > User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 >> OpenSSL/1.0.1 zlib/1.2.3.4libidn/1.23 librtmp/2.3 >> > > Host: 10.173.0.66:8080 >> > > Accept: */* >> > > X-Storage-User: test:tester >> > > X-Storage-Pass: testing >> > > >> > < HTTP/1.1 401 Unauthorized >> > < Content-Length: 131 >> > < Content-Type: text/html; charset=UTF-8 >> > < Date: Fri, 07 Feb 2014 18:20:13 GMT >> > < >> > * Connection #0 to host 10.173.0.66 left intact >> > * Closing connection #0 >> > * SSLv3, TLS alert, Client hello (1): >> > <html><h1>Unauthorized</h1><p>This server could not verify that you are >> authorized to access the document you requested.</p></html>root@mo-ad1469a10 >> :/home/c5201274# >> > root@mo-ad1469a10:/home/c5201274# curl -k -v -H 'X-Auth-Token: >> AUTH_tkf85b7788c36143ac99e5a5b42d95d628' https:// >> $PROXY_LOCAL_NET_IP:8080/v1/AUTH_system >> > * About to connect() to 10.173.0.66 port 8080 (#0) >> > * Trying 10.173.0.66... connected >> > * successfully set certificate verify locations: >> > * CAfile: none >> > CApath: /etc/ssl/certs >> > * SSLv3, TLS handshake, Client hello (1): >> > * SSLv3, TLS handshake, Server hello (2): >> > * SSLv3, TLS handshake, CERT (11): >> > * SSLv3, TLS handshake, Server finished (14): >> > * SSLv3, TLS handshake, Client key exchange (16): >> > * SSLv3, TLS change cipher, Client hello (1): >> > * SSLv3, TLS handshake, Finished (20): >> > * SSLv3, TLS change cipher, Client hello (1): >> > * SSLv3, TLS handshake, Finished (20): >> > * SSL connection using AES256-SHA >> > * Server certificate: >> > * subject: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd >> > * start date: 2014-01-29 00:34:55 GMT >> > * expire date: 2014-02-28 00:34:55 GMT >> > * SSL: unable to obtain common name from peer certificate >> > > GET /v1/AUTH_system HTTP/1.1 >> > > User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 >> OpenSSL/1.0.1 zlib/1.2.3.4libidn/1.23 librtmp/2.3 >> > > Host: 10.173.0.66:8080 >> > > Accept: */* >> > > X-Auth-Token: AUTH_tkf85b7788c36143ac99e5a5b42d95d628 >> > > >> > < HTTP/1.1 401 Unauthorized >> > < Content-Length: 131 >> > < Content-Type: text/html; charset=UTF-8 >> > < Date: Fri, 07 Feb 2014 18:21:22 GMT >> > < >> > * Connection #0 to host 10.173.0.66 left intact >> > * Closing connection #0 >> > * SSLv3, TLS alert, Client hello (1): >> > <html><h1>Unauthorized</h1><p>This server could not verify that you are >> authorized to access the document you >> requested.</p></html>root@mo-ad1469a10:/home/c5201274# >> ^C >> > root@mo-ad1469a10:/home/c5201274# ^C >> > root@mo-ad1469a10:/home/c5201274# curl -k -v -H 'X-Auth-Token: >> AUTH_tkf85b7788c36143ac99e5a5b42d95d628' https:// >> $PROXY_LOCAL_NET_IP:8080/v1/AUTH_system >> > * About to connect() to 10.173.0.66 port 8080 (#0) >> > * Trying 10.173.0.66... connected >> > * successfully set certificate verify locations: >> > * CAfile: none >> > CApath: /etc/ssl/certs >> > * SSLv3, TLS handshake, Client hello (1): >> > * SSLv3, TLS handshake, Server hello (2): >> > * SSLv3, TLS handshake, CERT (11): >> > * SSLv3, TLS handshake, Server finished (14): >> > * SSLv3, TLS handshake, Client key exchange (16): >> > * SSLv3, TLS change cipher, Client hello (1): >> > * SSLv3, TLS handshake, Finished (20): >> > * SSLv3, TLS change cipher, Client hello (1): >> > * SSLv3, TLS handshake, Finished (20): >> > * SSL connection using AES256-SHA >> > * Server certificate: >> > * subject: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd >> > * start date: 2014-01-29 00:34:55 GMT >> > * expire date: 2014-02-28 00:34:55 GMT >> > * SSL: unable to obtain common name from peer certificate >> > > GET /v1/AUTH_system HTTP/1.1 >> > > User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 >> OpenSSL/1.0.1 zlib/1.2.3.4libidn/1.23 librtmp/2.3 >> > > Host: 10.173.0.66:8080 >> > > Accept: */* >> > > X-Auth-Token: AUTH_tkf85b7788c36143ac99e5a5b42d95d628 >> > > >> > < HTTP/1.1 401 Unauthorized >> > < Content-Length: 131 >> > < Content-Type: text/html; charset=UTF-8 >> > < Date: Fri, 07 Feb 2014 18:22:52 GMT >> > < >> > * Connection #0 to host 10.173.0.66 left intact >> > * Closing connection #0 >> > * SSLv3, TLS alert, Client hello (1): >> > <html><h1>Unauthorized</h1><p>This server could not verify that you are >> authorized to access the document you requ >> > root@mo-ad1469a10:/home/c5201274# swift -A >> > https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0 >> -U test:tester -K testing stat >> > Auth GET failed: https://10.173.0.66:8080/auth/v1.0 401 Unauthorized >> > root@mo-ad1469a10:/home/c5201274# >> > >> > >> > Adam Lawson >> > AQORN, Inc. >> > 427 North Tatnall Street >> > Ste. 58461 >> > Wilmington, Delaware 19801-2230 >> > Toll-free: (888) 406-7620 >> > >> > >> > >> > On Thu, Feb 6, 2014 at 1:57 PM, Adam Lawson <alaw...@aqorn.com> wrote: >> > Hey OpenStack peeps! >> > >> > I'm trying to verify a Swift manual installation with 1x proxy and 5x >> storage nodes. I turned on all services with no errors (well, no errors I >> didn't fix anyway). >> > My problem is with trying to create an account and heading it. Below is >> what I'm scripting as I go along. >> > >> > I executed Step1 successfully using system:root as the user. But when I >> executed Step2, I received a 401 Unauthorized reply. >> > Undaunted I executed Step3 which produced nothing. I then tried running >> Step1 again as shown below with test:tester as the user (thinking it was >> because I don't actually run as root but I run commands via sudo) and now >> it always gives me 401 unauthorized replies. >> > >> > Is this an obvious problem with an easy remedy? >> > >> > >> > # 1 Aqcuire X-Storage-Url and X-Auth-Token >> > curl -k -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: >> testing' https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0 >> > >> > # 2 Test HEAD account process >> > # SAMPLE: curl -k -v -H 'X-Auth-Token: <token-from-x-auth-token-above>' >> <url-from-x-storage-url-above> >> > curl -k -v -H 'X-Auth-Token: AUTH_tkf85b7788c36143ac99e5a5b42d95d628' >> https://$PROXY_LOCAL_NET_IP:8080/v1/AUTH_system >> > >> > # Test Swift is actually working >> > swift -A https://$PROXY_LOCAL_NET_IP:8080/auth/v1.0 -U system:testuser >> -K testpass stat >> > >> > Thoughts? >> > >> > Adam Lawson >> > AQORN, Inc. >> > 427 North Tatnall Street >> > Ste. 58461 >> > Wilmington, Delaware 19801-2230 >> > Toll-free: (888) 406-7620 >> > >> > >> > _______________________________________________ >> > Mailing list: >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> > Post to : openstack@lists.openstack.org >> > Unsubscribe : >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> >> >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
