Hi Brian, Responded inline. On Tue, Sep 20, 2016 at 5:45 AM, Brian Chang-Chien <brian.changchien@xxxxxxxxx> wrote: > > > 2016-09-20 10:14:38.761635 7f2049ffb700 20 HTTP_X_AUTH_TOKEN=b243614d27244d00b12b2f366b58d709 > 2016-09-20 10:14:38.761636 7f2049ffb700 20 QUERY_STRING= > ... > 2016-09-20 10:14:38.761720 7f2049ffb700 2 req 3:0.000078:swift:HEAD /swift/v1:stat_account:authorizing > 2016-09-20 10:14:38.761725 7f2049ffb700 10 failed to authorize request > 2016-09-20 10:14:38.761726 7f2049ffb700 20 handler->ERRORHANDLER: err_no=-1 new_err_no=-1 Those logs show there was no jump to the Keystone code at all. This is because the "token_id=..." debug message [1] is absent. The sole reason I see for such behavior is that the RadosGW instance internally sees rgw_keystone_url as empty [2][3]. Are you absolutely sure that the instance that got debug_rgw to its configuration file has rgw_keystone_url properly set? I mean whether the setting is in the same section, is written in pure ASCII (without some crazy UTF characters) and so on? I saw you posted the config earlier but we really need to double check. Could you also provide output from following curl command and corresponding RadosGW's log? 401 is fully expected as we'll intensionally send an invalid token. curl -i "http://<rgw_ip>:<rgw_port>/swift/v1" -X HEAD -H "X-Auth-Token: random_string" > > > I also have some problems > > Q1 : if use keystone, radosgw need create user and subuser? > in the case , i create admin user and admin:admin subuser , but i think it don't need , and i rght? Yup, this is unnecessary when using the Keystone auth. > > > Q2: > And i found a phenomenon, > Once I connect keystone and ceph radosgw before, and i use " rados --pool default.rgw.users.uid ls " > It will detail a like token uid > > but if swift response 401 > i can't find the token uid > Do you know keystone how to add token user to default.rgw.users.uid > finally , hope bellow msgs can help me to slove > anyway, thx your support greate You don't need to add anything. RadosGW will create RGWUserInfo if necessary on the first, successfully authenticated request [4]. The RADOS object will be named after the tenant ID in Keystone. Best regards, Radoslaw Zarzynski [1] https://github.com/ceph/ceph/blob/v10.2.2/src/rgw/rgw_swift.cc#L472 [2] https://github.com/ceph/ceph/blob/v10.2.2/src/rgw/rgw_swift.cc#L766-L769 [3] https://github.com/ceph/ceph/blob/v10.2.2/src/rgw/rgw_swift.h#L59-L61 [4] https://github.com/ceph/ceph/blob/v10.2.2/src/rgw/rgw_swift.cc#L413 _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |