Hola folks! I had a working Swift deployment (one proxy, 10 storage nodes) using tempauth/swauth and with that config everything works fine. Add/remove objects, list etc. I am now in the process of trying to integrate Keystone and getting confused with number of possible problems the more I research so I figured I'd post it here.
I built a new Keystone server using the following documents: Configuring keystone <http://docs.openstack.org/developer/keystone/configuration.html> I also updated Swift to use Keystone using the following document: Configure Swift to Use Keystone<http://docs.openstack.org/developer/swift/overview_auth.html#configuring-swift-to-use-keystone> Problem: Unable to authenticate using service:swift + "password". I'm mostly getting 401 Connection Refused errors and service catalog errors, depending which method I try. What am I missing? *User-list in Keystone:* $ keystone user-list`<br> +----------------------------------+---------+-------+-------+ | id | enabled | email | name | +----------------------------------+---------+-------+-------+ | 3b26d681b7b5448b94c563b1d8bb55fd | True | None | admin | | e186d19ab0ab4cc681b24196e76b9032 | True | None | swift | +----------------------------------+---------+-------+-------+ *User-get in Keystone:* $ keystone user-get e186d19ab0ab4cc681b24196e76b9032+----------+----------------------------------+| Property | Value |+----------+----------------------------------+| email | None || enabled | True || id | e186d19ab0ab4cc681b24196e76b9032 || name | swift || tenantId | 7e9b8a64252340c2ba4dd292acf18e80 |+----------+----------------------------------+ *Tenant-list in Keystone:* $ keystone tenant-list+----------------------------------+---------+---------+| id | name | enabled |+----------------------------------+---------+---------+| 539749c631044f64be5f29066ae486c4 | demo | True || 6140b18239284cce8b51305649dbb792 | admin | True || 7e9b8a64252340c2ba4dd292acf18e80 | service | True |+----------------------------------+---------+---------+ *Role-list in Keystone:* $ keystone role-list+----------------------------------+-------+| id | name |+----------------------------------+-------+| 6d64ff8265d6404983d774e34159dcd5 | admin |+----------------------------------+-------+ *Service-list in keystone* $ keystone service-list+----------------------------------+----------+--------------+------------------+| id | name | type | description |+----------------------------------+----------+--------------+------------------+| 0b2248b31e37499192d4e3cdf4288223 | keystone | identity | Identity Service || 5ef2c32abd274473ab8b42f480feeb72 | swift | object-store | Swift Service |+----------------------------------+----------+--------------+------------------+ *Endpoint-list in Keystone:* $ keystone endpoint-list+----------------------------------+-----------+------------------------------------------------+------------------------------------------------+--------------------------------+| id | region | publicurl | internalurl | adminurl |+----------------------------------+-----------+------------------------------------------------+------------------------------------------------+--------------------------------+| 46600a4c54a94eee881e9a4a2c648b8b | RegionOne | http://10.173.0.165:8888/v1/AUTH_%(tenant_id)s | http://10.173.0.165:8888/v1/AUTH_%(tenant_id)s | http://10.173.0.165:8888/v1 || 660c5babbe7746d485d31d85353ab1b8 | RegionOne | http://10.173.0.165.:5000/v2.0 | http://10.173.0.165:5000/v2.0 | http://10.173.0.165:35357/v2.0 |+----------------------------------+-----------+------------------------------------------------+------------------------------------------------+--------------------------------+ */etc/swift/proxy-server.conf on Swift proxy:* [DEFAULT] cert_file = /etc/swift/cert.crt key_file = /etc/swift/cert.key bind_port = 8080 workers = 8 user = swift [pipeline:main] pipeline = healthcheck proxy-logging cache authtoken keystoneauth proxy-logging proxy-server [app:proxy-server]use = egg:swift#proxy allow_account_management = true account_autocreate = true [filter:proxy-logging]use = egg:swift#proxy_logging [filter:tempauth]use = egg:swift#tempauth user_system_root = testpass .admin [filter:healthcheck]use = egg:swift#healthcheck [filter:cache]use = egg:swift#memcache memcache_servers = 10.173.0.66:11211 [filter:authtoken] paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory auth_host = 10.173.0.165 auth_port = 35357 auth_protocol = http auth_uri = http://10.173.0.165:5000/ admin_tenant_name = service admin_user = swift admin_password = password cache = swift.cache include_service_catalog = True [filter:keystoneauth]use = egg:swift#keystoneauth operator_roles = admin, swiftoperator *Test command:* export OS_AUTH_URL=http://10.173.0.165:5000/v2.0export OS_USERNAME=swiftexport OS_PASSWORD=password swift -V 2 stat *Command output:* raise exceptions.EmptyCatalog('The service catalog is empty.') keystoneclient.exceptions.EmptyCatalog: The service catalog is empty. Other commands I've tried include: swift -A https://$PROXY_LOCAL_NET_IP:8080/auth/v2 -U service:swift -K password stat *...which also fail for other reasons...* Auth GET failed: https://10.173.0.66:8080/auth/v2 401 Unauthorized Thoughts? I'm stumped. *Adam Lawson* AQORN, Inc. 427 North Tatnall Street Ste. 58461 Wilmington, Delaware 19801-2230 Toll-free: (888) 406-7620
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
