Re: Openstack keystone with Radosgw

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Mark,

Thanks for your reply. Where should I be installing NSS package? On Gateway or Openstack Controller node? On both, I could not execute the following command as it resulted in bunch of errors.
openssl x509
 -in /etc/keystone/ssl/certs/ca.pem -pubkey | certutil -d /var/ceph/nss -A -n ca -t "TCu,Cu,Tuw"

Also, you mentioned about SSL. What should I be doing for this? Should rgw.conf in /etc/apache2/sites-enabled on gateway node be configured for SSL like this below. I do not have this right now.

SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key SetEnv SERVER_PORT_SECURE 443


Appreciate your help.
Lakshmi.



On Tuesday, October 7, 2014 10:23 PM, Mark Kirkwood <mark.kirkwood@xxxxxxxxxxxxxxx> wrote:


On 08/10/14 11:02, lakshmi k s wrote:
> I am trying to integrate OpenStack Keystone with Ceph Object Store using
> the link - http://ceph.com/docs/master/radosgw/keystone.
> <http://ceph.com/docs/master/radosgw/keystone> Swift V1.0 (without
> keystone) works quite fine. But for some reason, Swift v2.0 keystone
> calls to Ceph Object Store always results in 401 - Unauthorized message.
> I have tried to get a new token by contacting keystone and used that
> token for making Swift calls. But no luck. Please note that all other
> services like nova list, cinder list work which means Keystone is setup
> correctly. But Swift service fails. Only step I did not execute is to
> install nss db as I ran into package dependency issues. But I have
> commented that flag in ceph.conf . My ceph.conf looks like this below.
> [global]
> fsid = b35e8496-e809-416a-bd66-aba761d78fac
> mon_initial_members = node1
> mon_host = 192.0.2.211
> auth_cluster_required = cephx
> auth_service_required = cephx
> auth_client_required = cephx
> filestore_xattr_use_omap = true
> [client.admin]
> keyring = /etc/ceph/ceph.client.admin.keyring
> [client.radosgw.gateway]
> rgw keystone url = "" style="" class="" href="http://192.0.8.2:5000/" target="_blank" >http://192.0.8.2:5000
> rgw keystone admin token = 9c2ef11a69044defb9dbfa0f8ab73d86
> rgw keystone accepted roles = admin, Member, swiftoperator
> rgw keystone token cache size = 100
> rgw keystone revocation interval = 600
> rgw s3 auth use keystone = false
> #nss db path = /var/ceph/nss
> host = gateway
> keyring = /etc/ceph/ceph.client.radosgw.keyring
> rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
> log file = /var/log/ceph/client.radosgw.gateway.log
> rgw dns name = gateway
>
>
> *Output of Swift list*
> root@overcloud-controller0-fjvtpqjip2hl:~# swift --debug -V 2.0 -A
> http://192.0.8.2:5000/v2.0 -U ceph:cephUser -K "ceph123" list
>
> DEBUG:keystoneclient.session:REQ: curl -i -X POST
> http://192.0.8.2:5000/v2.0/tokens -H "Content-Type: application/json" -H
> "Accept: application/json" -H "User-Agent: python-keystoneclient" -d
> '{"auth": {"tenantName": "ceph", "passwordCredentials": {"username":
> "cephUser", "password": "ceph123"}}}'
> INFO:requests.packages.urllib3.connectionpool:Starting new HTTP
> connection (1): 192.0.8.2
> DEBUG:requests.packages.urllib3.connectionpool:"POST /v2.0/tokens
> HTTP/1.1" 200 3910
> DEBUG:keystoneclient.session:RESP: [200] {'date': 'Tue, 07 Oct 2014
> 20:05:20 GMT', 'content-type': 'application/json', 'content-length':
> '3910', 'vary': 'X-Auth-Token'}
> RESP BODY: {"access": {"token": {"issued_at":
> "2014-10-07T20:05:20.480562", "expires": "2014-10-08T00:05:20Z", "id":
> "45e14981c41f4c8c8055849b39bd4c23", "tenant": {"description": "",
> "enabled": true, "id": "bad9e2232b304f89acb03436635b80cc", "name":
> "ceph"}}, "serviceCatalog": [{"endpoints": [{"adminURL":
> "http://192.0.8.2:8774/v2/bad9e2232b304f89acb03436635b80cc", "region":
> "regionOne", "internalURL":
> "http://192.0.8.2:8774/v2/bad9e2232b304f89acb03436635b80cc", "id":
> "40e53124619d479ab0c34a99c7619bcc", "publicURL":
> "http://192.0.8.2:8774/v2/bad9e2232b304f89acb03436635b80cc"}],
> "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints":
> [{"adminURL": "http://192.0.8.2:9696/", "region": "regionOne",
> "internalURL": "http://192.0.8.2:9696/", "id":
> "4e5fb12504024554a762b46391b46309", "publicURL":
> "http://192.0.8.2:9696/"}], "endpoints_links": [], "type": "network",
> "name": "neutron"}, {"endpoints": [{"adminURL":
> "http://192.0.8.2:8774/v3", "region": "regionOne", "internalURL":
> "http://192.0.8.2:8774/v3", "id": "4e9f7514c3d94bd4b505207cfa52c306",
> "publicURL": "http://192.0.8.2:8774/v3"}], "endpoints_links": [],
> "type": "computev3", "name": "nova"}, {"endpoints": [{"adminURL":
> "http://192.0.8.2:9292/", "region": "regionOne", "internalURL":
> "http://192.0.8.2:9292/", "id": "3305668e44fc43f4bb57b45aa599d454",
> "publicURL": "http://192.0.8.2:9292/"}], "endpoints_links": [], "type":
> "image", "name": "glance"}, {"endpoints": [{"adminURL":
> "http://192.0.8.2:21131/v1", "region": "regionOne", "internalURL":
> "http://192.0.8.2:21131/v1", "id": "7b4ac2efaeba4074988e397bee403caa",
> "publicURL": "http://192.0.8.2:21131/v1"}], "endpoints_links": [],
> "type": "hp-catalog", "name": "sherpa"}, {"endpoints": [{"adminURL":
> "http://192.0.8.2:8777/", "region": "regionOne", "internalURL":
> "http://192.0.8.2:8777/", "id": "2f1de9c2e81049e99cd4da266931780b",
> "publicURL": "http://192.0.8.2:8777/"}], "endpoints_links": [], "type":
> "metering", "name": "ceilometer"}, {"endpoints": [{"adminURL":
> "http://192.0.8.2:8776/v1/bad9e2232b304f89acb03436635b80cc", "region":
> "regionOne", "internalURL":
> "http://192.0.8.2:8776/v1/bad9e2232b304f89acb03436635b80cc", "id":
> "0bbc1c8d91574c2083b6b28b237c7004", "publicURL":
> "http://192.0.8.2:8776/v1/bad9e2232b304f89acb03436635b80cc"}],
> "endpoints_links": [], "type": "volume", "name": "cinder"},
> {"endpoints": [{"adminURL": "http://192.0.8.2:8773/services/Admin",
> "region": "regionOne", "internalURL":
> "http://192.0.8.2:8773/services/Cloud", "id":
> "b15e7b43c7a44831a036f6f01479a6b1", "publicURL":
> "http://192.0.8.2:8773/services/Cloud"}], "endpoints_links": [], "type":
> "ec2", "name": "ec2"}, {"endpoints": [{"adminURL":
> "http://192.0.8.2:8004/v1/bad9e2232b304f89acb03436635b80cc", "region":
> "regionOne", "internalURL":
> "http://192.0.8.2:8004/v1/bad9e2232b304f89acb03436635b80cc", "id":
> "1eb0f6ee9c0d42d8b8d2f90fcae75bc5", "publicURL":
> "http://192.0.8.2:8004/v1/bad9e2232b304f89acb03436635b80cc"}],
> "endpoints_links": [], "type": "orchestration", "name": "heat"},
> {"endpoints": [{"adminURL": "http://gateway.ex.com/swift/v1", "region":
> "regionOne", "internalURL": "http://gateway.ex.com/swift/v1", "id":
> "0e31ae922dfe40fe8a160006a0033dd1", "publicURL":
> "http://gateway.ex.com/swift/v1"}], "endpoints_links": [], "type":
> "object-store", "name": "swift"}, {"endpoints": [{"adminURL":
> "http://192.0.8.2:35357/v2.0", "region": "regionOne", "internalURL":
> "http://192.0.8.2:5000/v2.0", "id": "1411956e83a14b94aa44deb09a536f2a",
> "publicURL": "http://192.0.8.2:5000/v2.0"}], "endpoints_links": [],
> "type": "identity", "name": "keystone"}], "user": {"username":
> "cephUser", "roles_links": [], "id": "4867f9caa033495caefa5cbeff574099",
> "roles": [{"name": "admin"}, {"name": "_member_"}, {"name":
> "swiftoperator"}], "name": "cephUser"}, "metadata": {"is_admin": 0,
> "roles": ["11aad352318a434589c8dfed4ebabf07",
> "9fe2ff9ee4384b1894a90878d3e92bab", "84c91802b0b744908b48eb16263ac014"]}}}
> DEBUG:iso8601.iso8601:Parsed 2014-10-08T00:05:20Z into {'tz_sign': None,
> 'second_fraction': None, 'hour': u'00', 'daydash': u'08', 'tz_hour':
> None, 'month': None, 'timezone': u'Z', 'second': u'20', 'tz_minute':
> None, 'year': u'2014', 'separator': u'T', 'monthdash': u'10', 'day':
> None, 'minute': u'05'} with default timezone <iso8601.iso8601.Utc object
> at 0x7f9d900c0b10>
> DEBUG:iso8601.iso8601:Got u'2014' for 'year' with default None
> DEBUG:iso8601.iso8601:Got u'10' for 'monthdash' with default 1
> DEBUG:iso8601.iso8601:Got 10 for 'month' with default 10
> DEBUG:iso8601.iso8601:Got u'08' for 'daydash' with default 1
> DEBUG:iso8601.iso8601:Got 8 for 'day' with default 8
> DEBUG:iso8601.iso8601:Got u'00' for 'hour' with default None
> DEBUG:iso8601.iso8601:Got u'05' for 'minute' with default None
> DEBUG:iso8601.iso8601:Got u'20' for 'second' with default None
> INFO:requests.packages.urllib3.connectionpool:Starting new HTTP
> connection (1): gateway.ex.com
> DEBUG:requests.packages.urllib3.connectionpool:"GET
> /swift/v1?format=json HTTP/1.1" 401 23
> INFO:swiftclient:REQ: curl -i http://gateway.ex.com/swift/v1?format=json
> -X GET -H "X-Auth-Token: 45e14981c41f4c8c8055849b39bd4c23"
> INFO:swiftclient:RESP STATUS: 401 Unauthorized
> INFO:swiftclient:RESP HEADERS: [('date', 'Tue, 07 Oct 2014 20:05:20
> GMT'), ('accept-ranges', 'bytes'), ('content-type', 'application/json;
> charset=utf-8'), ('content-length', '23'), ('server', 'Apache/2.4.7
> (Ubuntu)')]
> INFO:swiftclient:RESP BODY: {"Code":"AccessDenied"}
> DEBUG:keystoneclient.session:REQ: curl -i -X POST
> http://192.0.8.2:5000/v2.0/tokens -H "Content-Type: application/json" -H
> "Accept: application/json" -H "User-Agent: python-keystoneclient" -d
> '{"auth": {"tenantName": "ceph", "passwordCredentials": {"username":
> "cephUser", "password": "ceph123"}}}'
> INFO:requests.packages.urllib3.connectionpool:Starting new HTTP
> connection (1): 192.0.8.2
> DEBUG:requests.packages.urllib3.connectionpool:"POST /v2.0/tokens
> HTTP/1.1" 200 3910
> DEBUG:keystoneclient.session:RESP: [200] {'date': 'Tue, 07 Oct 2014
> 20:05:21 GMT', 'content-type': 'application/json', 'content-length':
> '3910', 'vary': 'X-Auth-Token'}
> RESP BODY: {"access": {"token": {"issued_at":
> "2014-10-07T20:05:21.581322", "expires": "2014-10-08T00:05:21Z", "id":
> "ab5c432d703447d7aa08e2215f0d8d24", "tenant": {"description": "",
> "enabled": true, "id": "bad9e2232b304f89acb03436635b80cc", "name":
> "ceph"}}, "serviceCatalog": [{"endpoints": [{"adminURL":
> "http://192.0.8.2:8774/v2/bad9e2232b304f89acb03436635b80cc", "region":
> "regionOne", "internalURL":
> "http://192.0.8.2:8774/v2/bad9e2232b304f89acb03436635b80cc", "id":
> "40e53124619d479ab0c34a99c7619bcc", "publicURL":
> "http://192.0.8.2:8774/v2/bad9e2232b304f89acb03436635b80cc"}],
> "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints":
> [{"adminURL": "http://192.0.8.2:9696/", "region": "regionOne",
> "internalURL": "http://192.0.8.2:9696/", "id":
> "4e5fb12504024554a762b46391b46309", "publicURL":
> "http://192.0.8.2:9696/"}], "endpoints_links": [], "type": "network",
> "name": "neutron"}, {"endpoints": [{"adminURL":
> "http://192.0.8.2:8774/v3", "region": "regionOne", "internalURL":
> "http://192.0.8.2:8774/v3", "id": "4e9f7514c3d94bd4b505207cfa52c306",
> "publicURL": "http://192.0.8.2:8774/v3"}], "endpoints_links": [],
> "type": "computev3", "name": "nova"}, {"endpoints": [{"adminURL":
> "http://192.0.8.2:9292/", "region": "regionOne", "internalURL":
> "http://192.0.8.2:9292/", "id": "3305668e44fc43f4bb57b45aa599d454",
> "publicURL": "http://192.0.8.2:9292/"}], "endpoints_links": [], "type":
> "image", "name": "glance"}, {"endpoints": [{"adminURL":
> "http://192.0.8.2:21131/v1", "region": "regionOne", "internalURL":
> "http://192.0.8.2:21131/v1", "id": "7b4ac2efaeba4074988e397bee403caa",
> "publicURL": "http://192.0.8.2:21131/v1"}], "endpoints_links": [],
> "type": "hp-catalog", "name": "sherpa"}, {"endpoints": [{"adminURL":
> "http://192.0.8.2:8777/", "region": "regionOne", "internalURL":
> "http://192.0.8.2:8777/", "id": "2f1de9c2e81049e99cd4da266931780b",
> "publicURL": "http://192.0.8.2:8777/"}], "endpoints_links": [], "type":
> "metering", "name": "ceilometer"}, {"endpoints": [{"adminURL":
> "http://192.0.8.2:8776/v1/bad9e2232b304f89acb03436635b80cc", "region":
> "regionOne", "internalURL":
> "http://192.0.8.2:8776/v1/bad9e2232b304f89acb03436635b80cc", "id":
> "0bbc1c8d91574c2083b6b28b237c7004", "publicURL":
> "http://192.0.8.2:8776/v1/bad9e2232b304f89acb03436635b80cc"}],
> "endpoints_links": [], "type": "volume", "name": "cinder"},
> {"endpoints": [{"adminURL": "http://192.0.8.2:8773/services/Admin",
> "region": "regionOne", "internalURL":
> "http://192.0.8.2:8773/services/Cloud", "id":
> "b15e7b43c7a44831a036f6f01479a6b1", "publicURL":
> "http://192.0.8.2:8773/services/Cloud"}], "endpoints_links": [], "type":
> "ec2", "name": "ec2"}, {"endpoints": [{"adminURL":
> "http://192.0.8.2:8004/v1/bad9e2232b304f89acb03436635b80cc", "region":
> "regionOne", "internalURL":
> "http://192.0.8.2:8004/v1/bad9e2232b304f89acb03436635b80cc", "id":
> "1eb0f6ee9c0d42d8b8d2f90fcae75bc5", "publicURL":
> "http://192.0.8.2:8004/v1/bad9e2232b304f89acb03436635b80cc"}],
> "endpoints_links": [], "type": "orchestration", "name": "heat"},
> {"endpoints": [{"adminURL": "http://gateway.ex.com/swift/v1", "region":
> "regionOne", "internalURL": "http://gateway.ex.com/swift/v1", "id":
> "0e31ae922dfe40fe8a160006a0033dd1", "publicURL":
> "http://gateway.ex.com/swift/v1"}], "endpoints_links": [], "type":
> "object-store", "name": "swift"}, {"endpoints": [{"adminURL":
> "http://192.0.8.2:35357/v2.0", "region": "regionOne", "internalURL":
> "http://192.0.8.2:5000/v2.0", "id": "1411956e83a14b94aa44deb09a536f2a",
> "publicURL": "http://192.0.8.2:5000/v2.0"}], "endpoints_links": [],
> "type": "identity", "name": "keystone"}], "user": {"username":
> "cephUser", "roles_links": [], "id": "4867f9caa033495caefa5cbeff574099",
> "roles": [{"name": "admin"}, {"name": "_member_"}, {"name":
> "swiftoperator"}], "name": "cephUser"}, "metadata": {"is_admin": 0,
> "roles": ["11aad352318a434589c8dfed4ebabf07",
> "9fe2ff9ee4384b1894a90878d3e92bab", "84c91802b0b744908b48eb16263ac014"]}}}
> DEBUG:iso8601.iso8601:Parsed 2014-10-08T00:05:21Z into {'tz_sign': None,
> 'second_fraction': None, 'hour': u'00', 'daydash': u'08', 'tz_hour':
> None, 'month': None, 'timezone': u'Z', 'second': u'21', 'tz_minute':
> None, 'year': u'2014', 'separator': u'T', 'monthdash': u'10', 'day':
> None, 'minute': u'05'} with default timezone <iso8601.iso8601.Utc object
> at 0x7f9d900c0b10>
> DEBUG:iso8601.iso8601:Got u'2014' for 'year' with default None
> DEBUG:iso8601.iso8601:Got u'10' for 'monthdash' with default 1
> DEBUG:iso8601.iso8601:Got 10 for 'month' with default 10
> DEBUG:iso8601.iso8601:Got u'08' for 'daydash' with default 1
> DEBUG:iso8601.iso8601:Got 8 for 'day' with default 8
> DEBUG:iso8601.iso8601:Got u'00' for 'hour' with default None
> DEBUG:iso8601.iso8601:Got u'05' for 'minute' with default None
> DEBUG:iso8601.iso8601:Got u'21' for 'second' with default None
> INFO:requests.packages.urllib3.connectionpool:Starting new HTTP
> connection (1): gateway.ex.com
> DEBUG:requests.packages.urllib3.connectionpool:"GET
> /swift/v1?format=json HTTP/1.1" 401 23
> INFO:swiftclient:REQ: curl -i http://gateway.ex.com/swift/v1?format=json
> -X GET -H "X-Auth-Token: ab5c432d703447d7aa08e2215f0d8d24"
> INFO:swiftclient:RESP STATUS: 401 Unauthorized
> INFO:swiftclient:RESP HEADERS: [('date', 'Tue, 07 Oct 2014 20:05:21
> GMT'), ('accept-ranges', 'bytes'), ('content-type', 'application/json;
> charset=utf-8'), ('content-length', '23'), ('server', 'Apache/2.4.7
> (Ubuntu)')]
> INFO:swiftclient:RESP BODY: {"Code":"AccessDenied"}
> ERROR:swiftclient:Account GET failed:
> http://gateway.ex.com/swift/v1?format=json 401
> Unauthorized{"Code":"AccessDenied"}
> Traceback (most recent call last):
> File "/opt/stack/python-swiftclient/swiftclient/client.py", line 1208,
> in _retry
> rv = func(self.url, self.token, *args, **kwargs)
> File "/opt/stack/python-swiftclient/swiftclient/client.py", line 461, in
> get_account
> http_response_content=body)
> ClientException: Account GET failed:
> http://gateway.ex.com/swift/v1?format=json 401
> Unauthorized{"Code":"AccessDenied"}
> Account GET failed: http://gateway.ex.com/swift/v1?format=json 401
> Unauthorized{"Code":"AccessDenied"}
>
> *radosgw log*
> 2014-10-07 13:05:08.263370 7f4af5ffb7002
> RGWDataChangesLog::ChangesRenewThread: start
> 2014-10-07 13:05:20.207764 7f4adaffd700 20 enqueued request
> req=0x7f4ae800dfc0
> 2014-10-07 13:05:20.207788 7f4adaffd700 20 RGWWQ:
> 2014-10-07 13:05:20.207790 7f4adaffd700 20 req: 0x7f4ae800dfc0
> 2014-10-07 13:05:20.207795 7f4adaffd700 10 allocated request
> req=0x7f4ae8025e00
> 2014-10-07 13:05:20.207871 7f4ab67c4700 20 dequeued request
> req=0x7f4ae800dfc0
> 2014-10-07 13:05:20.207876 7f4ab67c4700 20 RGWWQ: empty
> 2014-10-07 13:05:20.207915 7f4ab67c4700 20 CONTEXT_DOCUMENT_ROOT=/var/www
> 2014-10-07 13:05:20.207917 7f4ab67c4700 20 CONTEXT_PREFIX=
> 2014-10-07 13:05:20.207918 7f4ab67c4700 20 DOCUMENT_ROOT=/var/www
> 2014-10-07 13:05:20.207919 7f4ab67c4700 20 FCGI_ROLE=RESPONDER
> 2014-10-07 13:05:20.207919 7f4ab67c4700 20 GATEWAY_INTERFACE=CGI/1.1
> 2014-10-07 13:05:20.207920 7f4ab67c4700 20 HTTP_ACCEPT=*/*
> 2014-10-07 13:05:20.207921 7f4ab67c4700 20 HTTP_ACCEPT_ENCODING=gzip,
> deflate
> 2014-10-07 13:05:20.207922 7f4ab67c4700 20 HTTP_AUTHORIZATION=
> 2014-10-07 13:05:20.207923 7f4ab67c4700 20 HTTP_HOST=gateway.ex.com
> 2014-10-07 13:05:20.207924 7f4ab67c4700 20
> HTTP_USER_AGENT=python-swiftclient-2.1.0.9.g3d0de79
> 2014-10-07 13:05:20.207925 7f4ab67c4700 20
> HTTP_X_AUTH_TOKEN=45e14981c41f4c8c8055849b39bd4c23
> 2014-10-07 13:05:20.207925 7f4ab67c4700 20
> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
> 2014-10-07 13:05:20.207926 7f4ab67c4700 20 QUERY_STRING=format=json
> 2014-10-07 13:05:20.207927 7f4ab67c4700 20 REMOTE_ADDR=192.0.2.26
> 2014-10-07 13:05:20.207928 7f4ab67c4700 20 REMOTE_PORT=44768
> 2014-10-07 13:05:20.207929 7f4ab67c4700 20 REQUEST_METHOD=GET
> 2014-10-07 13:05:20.207932 7f4ab67c4700 20 REQUEST_SCHEME=http
> 2014-10-07 13:05:20.207933 7f4ab67c4700 20 REQUEST_URI=/swift/v1?format=json
> 2014-10-07 13:05:20.207934 7f4ab67c4700 20
> SCRIPT_FILENAME=/var/www/s3gw.fcgi
> 2014-10-07 13:05:20.207935 7f4ab67c4700 20 SCRIPT_NAME=/swift/v1
> 2014-10-07 13:05:20.207935 7f4ab67c4700 20
> SCRIPT_URI=http://gateway.ex.com/swift/v1
> 2014-10-07 13:05:20.207936 7f4ab67c4700 20 SCRIPT_URL=/swift/v1
> 2014-10-07 13:05:20.207937 7f4ab67c4700 20 SERVER_ADDR=192.0.2.214
> 2014-10-07 13:05:20.207938 7f4ab67c4700 20 SERVER_ADMIN=gateway@xxxxxx
> 2014-10-07 13:05:20.207939 7f4ab67c4700 20 SERVER_NAME=gateway.ex.com
> 2014-10-07 13:05:20.207940 7f4ab67c4700 20 SERVER_PORT=80
> 2014-10-07 13:05:20.207940 7f4ab67c4700 20 SERVER_PROTOCOL=HTTP/1.1
> 2014-10-07 13:05:20.207941 7f4ab67c4700 20 SERVER_SIGNATURE=
> 2014-10-07 13:05:20.207942 7f4ab67c4700 20 SERVER_SOFTWARE=Apache/2.4.7
> (Ubuntu)
> 2014-10-07 13:05:20.207944 7f4ab67c47001 ====== starting new request
> req=0x7f4ae800dfc0 =====
> 2014-10-07 13:05:20.207961 7f4ab67c47002 req 1:0.000017::GET
> /swift/v1::initializing
> 2014-10-07 13:05:20.208001 7f4ab67c4700 10 ver=v1 first= req=
> 2014-10-07 13:05:20.208004 7f4ab67c4700 10 s->object=<NULL> s->bucket=<NULL>
> 2014-10-07 13:05:20.208009 7f4ab67c47002 req 1:0.000066:swift:GET
> /swift/v1::getting op
> 2014-10-07 13:05:20.208013 7f4ab67c47002 req 1:0.000070:swift:GET
> /swift/v1:list_buckets:authorizing
> 2014-10-07 13:05:20.208019 7f4ab67c4700 10 failed to authorize request
> 2014-10-07 13:05:20.208046 7f4ab67c47002 req 1:0.000102:swift:GET
> /swift/v1:list_buckets:http status=401
> 2014-10-07 13:05:20.208048 7f4ab67c47001 ====== req done
> req=0x7f4ae800dfc0 http_status=401 ======
> 2014-10-07 13:05:20.208057 7f4ab67c4700 20 process_request() returned -1
> 2014-10-07 13:05:21.287819 7f4adaffd700 20 enqueued request
> req=0x7f4ae8025e00
> 2014-10-07 13:05:21.287869 7f4adaffd700 20 RGWWQ:
> 2014-10-07 13:05:21.287872 7f4adaffd700 20 req: 0x7f4ae8025e00
> 2014-10-07 13:05:21.287876 7f4adaffd700 10 allocated request
> req=0x7f4ae8025850
> 2014-10-07 13:05:21.287955 7f4ab67c4700 20 dequeued request
> req=0x7f4ae8025e00
> 2014-10-07 13:05:21.287961 7f4ab67c4700 20 RGWWQ: empty
> 2014-10-07 13:05:21.287991 7f4ab67c4700 20 CONTEXT_DOCUMENT_ROOT=/var/www
> 2014-10-07 13:05:21.287992 7f4ab67c4700 20 CONTEXT_PREFIX=
> 2014-10-07 13:05:21.287994 7f4ab67c4700 20 DOCUMENT_ROOT=/var/www
> 2014-10-07 13:05:21.287995 7f4ab67c4700 20 FCGI_ROLE=RESPONDER
> 2014-10-07 13:05:21.287996 7f4ab67c4700 20 GATEWAY_INTERFACE=CGI/1.1
> 2014-10-07 13:05:21.287997 7f4ab67c4700 20 HTTP_ACCEPT=*/*
> 2014-10-07 13:05:21.287998 7f4ab67c4700 20 HTTP_ACCEPT_ENCODING=gzip,
> deflate
> 2014-10-07 13:05:21.287999 7f4ab67c4700 20 HTTP_AUTHORIZATION=
> 2014-10-07 13:05:21.288000 7f4ab67c4700 20 HTTP_HOST=gateway.ex.com
> 2014-10-07 13:05:21.288006 7f4ab67c4700 20
> HTTP_USER_AGENT=python-swiftclient-2.1.0.9.g3d0de79
> 2014-10-07 13:05:21.288007 7f4ab67c4700 20
> HTTP_X_AUTH_TOKEN=ab5c432d703447d7aa08e2215f0d8d24
> 2014-10-07 13:05:21.288008 7f4ab67c4700 20
> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
> 2014-10-07 13:05:21.288008 7f4ab67c4700 20 QUERY_STRING=format=json
> 2014-10-07 13:05:21.288009 7f4ab67c4700 20 REMOTE_ADDR=192.0.2.26
> 2014-10-07 13:05:21.288010 7f4ab67c4700 20 REMOTE_PORT=44775
> 2014-10-07 13:05:21.288011 7f4ab67c4700 20 REQUEST_METHOD=GET
> 2014-10-07 13:05:21.288012 7f4ab67c4700 20 REQUEST_SCHEME=http
> 2014-10-07 13:05:21.288013 7f4ab67c4700 20 REQUEST_URI=/swift/v1?format=json
> 2014-10-07 13:05:21.288014 7f4ab67c4700 20
> SCRIPT_FILENAME=/var/www/s3gw.fcgi
> 2014-10-07 13:05:21.288014 7f4ab67c4700 20 SCRIPT_NAME=/swift/v1
> 2014-10-07 13:05:21.288015 7f4ab67c4700 20
> SCRIPT_URI=http://gateway.ex.com/swift/v1
> 2014-10-07 13:05:21.288016 7f4ab67c4700 20 SCRIPT_URL=/swift/v1
> 2014-10-07 13:05:21.288017 7f4ab67c4700 20 SERVER_ADDR=192.0.2.214
> 2014-10-07 13:05:21.288018 7f4ab67c4700 20 SERVER_ADMIN=gateway@xxxxxx
> 2014-10-07 13:05:21.288019 7f4ab67c4700 20 SERVER_NAME=gateway.ex.com
> 2014-10-07 13:05:21.288019 7f4ab67c4700 20 SERVER_PORT=80
> 2014-10-07 13:05:21.288020 7f4ab67c4700 20 SERVER_PROTOCOL=HTTP/1.1
> 2014-10-07 13:05:21.288021 7f4ab67c4700 20 SERVER_SIGNATURE=
> 2014-10-07 13:05:21.288022 7f4ab67c4700 20 SERVER_SOFTWARE=Apache/2.4.7
> (Ubuntu)
> 2014-10-07 13:05:21.288027 7f4ab67c47001 ====== starting new request
> req=0x7f4ae8025e00 =====
> 2014-10-07 13:05:21.288040 7f4ab67c47002 req 2:0.000013::GET
> /swift/v1::initializing
> 2014-10-07 13:05:21.288070 7f4ab67c4700 10 ver=v1 first= req=
> 2014-10-07 13:05:21.288072 7f4ab67c4700 10 s->object=<NULL> s->bucket=<NULL>
> 2014-10-07 13:05:21.288075 7f4ab67c47002 req 2:0.000049:swift:GET
> /swift/v1::getting op
> 2014-10-07 13:05:21.288078 7f4ab67c47002 req 2:0.000051:swift:GET
> /swift/v1:list_buckets:authorizing
> 2014-10-07 13:05:21.288081 7f4ab67c4700 10 failed to authorize request
> 2014-10-07 13:05:21.288099 7f4ab67c47002 req 2:0.000073:swift:GET
> /swift/v1:list_buckets:http status=401
> 2014-10-07 13:05:21.288102 7f4ab67c47001 ====== req done
> req=0x7f4ae8025e00 http_status=401 ======
> 2014-10-07 13:05:21.288108 7f4ab67c4700 20 process_request() returned -1
>
>

Hmm - I think you really need the nss package and the certs for it to
work. I have a setup analogous to yours and the swift url works for me.

It might be good to add:

debug rgw = 20

in your rgw's section of ceph.conf, restrat the gatway and see what is
in the log when you retry the swift list. I've pasted below what I see
(it shows it sending off to keystone for authorization, and in your case
should be enlightening about why it isn't working):

2014-10-08 18:16:55.071713 7f1984ff9700 20 sending request to
http://stack1:35357/v2.0/tokens/f610984eaf8f41b69add5e5d3f6ba4d3
2014-10-08 18:16:55.083312 7f1984ff9700 20 received response: {"access":
{"token": {"issued_at": "2014-10-08T05:16:56.004263", "expires":
"2014-10-08T06:16:55Z", "id": "f610984eaf8f41b69add5e5d3f6ba4d3",
"tenant": {"enabled": true, "id": "f535ae4f66654326807c556acff2697e",
"name": "demo", "description": null}, "audit_ids":
["pzQpb0wqSoqI-CRcT6MnMg"]}, "serviceCatalog": [{"endpoints_links": [],
"endpoints": [{"adminURL":
"http://192.168.122.31:8774/v2/f535ae4f66654326807c556acff2697e",
"region": "RegionOne", "publicURL":
"http://192.168.122.31:8774/v2/f535ae4f66654326807c556acff2697e", "id":
"18f3fbfbc51441b8a50d57247215f2c0", "internalURL":
"http://192.168.122.31:8774/v2/f535ae4f66654326807c556acff2697e"}],
"type": "compute", "name": "nova"}, {"endpoints_links": [], "endpoints":
[{"adminURL": "http://192.168.122.31:9696/", "region": "RegionOne",
"publicURL": "http://192.168.122.31:9696/", "id":
"2fd20b8c57cf43259d30e9368ba7bee3", "internalURL":
"http://192.168.122.31:9696/"}], "type": "network", "name": "neutron"},
{"endpoints_links": [], "endpoints": [{"adminURL":
"http://192.168.122.31:8776/v2/f535ae4f66654326807c556acff2697e",
"region": "RegionOne", "publicURL":
"http://192.168.122.31:8776/v2/f535ae4f66654326807c556acff2697e", "id":
"867a4b38f7da43f8bac6c11a32c32fb8", "internalURL":
"http://192.168.122.31:8776/v2/f535ae4f66654326807c556acff2697e"}],
"type": "volumev2", "name": "cinderv2"}, {"endpoints_links": [],
"endpoints": [{"adminURL": "http://192.168.122.31:8774/v3", "region":
"RegionOne", "publicURL": "http://192.168.122.31:8774/v3", "id":
"247d9e48585e497187c06108938d451a", "internalURL":
"http://192.168.122.31:8774/v3"}], "type": "computev3", "name":
"novav3"}, {"endpoints_links": [], "endpoints": [{"adminURL":
"http://ceph4", "region": "RegionOne", "publicURL": "http://ceph4",
"id": "36409774c29740f59523a4e9ab345d4a", "internalURL":
"http://ceph4"}], "type": "s3", "name": "s3"}, {"endpoints_links": [],
"endpoints": [{"adminURL": "http://192.168.122.31:9292", "region":
"RegionOne", "publicURL": "http://192.168.122.31:9292", "id":
"72899b68f4cc41a1b731ca6bdfcf2d56", "internalURL":
"http://192.168.122.31:9292"}], "type": "image", "name": "glance"},
{"endpoints_links": [], "endpoints": [{"adminURL":
"http://192.168.122.31:8779/v1.0/f535ae4f66654326807c556acff2697e",
"region": "RegionOne", "publicURL":
"http://192.168.122.31:8779/v1.0/f535ae4f66654326807c556acff2697e",
"id": "46defd68671a4212975bea19bcf20e07", "internalURL":
"http://192.168.122.31:8779/v1.0/f535ae4f66654326807c556acff2697e"}],
"type": "database", "name": "trove"}, {"endpoints_links": [],
"endpoints": [{"adminURL": "http://192.168.122.31:8000/v1", "region":
"RegionOne", "publicURL": "http://192.168.122.31:8000/v1", "id":
"556c5bd2dc7540c281d8a64489b2a550", "internalURL":
"http://192.168.122.31:8000/v1"}], "type": "cloudformation", "name":
"heat-cfn"}, {"endpoints_links": [], "endpoints": [{"adminURL":
"http://192.168.122.31:8776/v1/f535ae4f66654326807c556acff2697e",
"region": "RegionOne", "publicURL":
"http://192.168.122.31:8776/v1/f535ae4f66654326807c556acff2697e", "id":
"0fdaa1358e204218b2bcff51165c1b81", "internalURL":
"http://192.168.122.31:8776/v1/f535ae4f66654326807c556acff2697e"}],
"type": "volume", "name": "cinder"}, {"endpoints_links": [],
"endpoints": [{"adminURL": "http://192.168.122.31:8773/services/Admin",
"region": "RegionOne", "publicURL":
"http://192.168.122.31:8773/services/Cloud", "id":
"76776aafe609410abbc00ddebcf22d80", "internalURL":
"http://192.168.122.31:8773/services/Cloud"}], "type": "ec2", "name":
"ec2"}, {"endpoints_links": [], "endpoints": [{"adminURL":
"http://192.168.122.31:8004/v1/f535ae4f66654326807c556acff2697e",
"region": "RegionOne", "publicURL":
"http://192.168.122.31:8004/v1/f535ae4f66654326807c556acff2697e", "id":
"051b20d9212445bc94abbbdbbd4bca0e", "internalURL":
"http://192.168.122.31:8004/v1/f535ae4f66654326807c556acff2697e"}],
"type": "orchestration", "name": "heat"}, {"endpoints_links": [],
"endpoints": [{"adminURL": "http://ceph4/swift/v1/", "region":
"RegionOne", "publicURL": "http://ceph4/swift/v1/", "id":
"5dab97694525451081d567ca7919ae8d", "internalURL":
"http://ceph4/swift/v1/"}], "type": "object-store", "name": "swift"},
{"endpoints_links": [], "endpoints": [{"adminURL":
"http://192.168.122.31:35357/v2.0", "region": "RegionOne", "publicURL":
"http://192.168.122.31:5000/v2.0", "id":
"2175a34f4f784be49f3f2cb25a6056cc", "internalURL":
"http://192.168.122.31:5000/v2.0"}], "type": "identity", "name":
"keystone"}], "user": {"username": "demo", "roles_links": [], "id":
"81c1d7807743447c8930030bc09e925e", "roles": [{"name": "anotherrole"},
{"name": "heat_stack_owner"}, {"name": "Member"}, {"name": "_member_"}],
"name": "demo"}, "metadata": {"is_admin": 0, "roles":
["892e46a38cfe49b2a863f23f2904a6ae", "0ad44f88295c42cf83fb40b1c3422704",
"77460d03eb174d48928cf03b803268c0", "9fe2ff9ee4384b1894a90878d3e92bab"]}}}
2014-10-08 18:16:55.085182 7f1984ff9700  0 validated token: demo:demo
expires: 1412749015
2014-10-08 18:16:55.085236 7f1984ff9700 20 get_obj_state:
rctx=0x7f197c01eae0 obj=.users.uid:f535ae4f66654326807c556acff2697e
state=0x7f197c01fb18 s->prefetch_data=0
2014-10-08 18:16:55.085246 7f1984ff9700 10 cache get:
name=.users.uid+f535ae4f66654326807c556acff2697e : hit
2014-10-08 18:16:55.085252 7f1984ff9700 20 get_obj_state: s->obj_tag was
set empty
2014-10-08 18:16:55.085257 7f1984ff9700 10 cache get:
name=.users.uid+f535ae4f66654326807c556acff2697e : hit
2014-10-08 18:16:55.085278 7f1984ff9700  2 req 8:0.013605:swift:GET
/swift/v1/:list_buckets:reading permissions
2014-10-08 18:16:55.085286 7f1984ff9700  2 req 8:0.013613:swift:GET
/swift/v1/:list_buckets:init op
2014-10-08 18:16:55.085289 7f1984ff9700  2 req 8:0.013615:swift:GET
/swift/v1/:list_buckets:verifying op mask
2014-10-08 18:16:55.085290 7f1984ff9700 20 required_mask= 1 user.op_mask=7
2014-10-08 18:16:55.085292 7f1984ff9700  2 req 8:0.013619:swift:GET
/swift/v1/:list_buckets:verifying op permissions
2014-10-08 18:16:55.085293 7f1984ff9700  2 req 8:0.013620:swift:GET
/swift/v1/:list_buckets:verifying op params
2014-10-08 18:16:55.085295 7f1984ff9700  2 req 8:0.013622:swift:GET
/swift/v1/:list_buckets:executing
2014-10-08 18:16:55.087642 7f1984ff9700  2 req 8:0.015969:swift:GET
/swift/v1/:list_buckets:http status=200
2014-10-08 18:16:55.087664 7f1984ff9700  1 ====== req done req=0x1288380
http_status=200 ======





_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux