ceph storage : swift apis fails with 401 unauthorized error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

We are developing spark application to save the data to ceph storage using swift apis. On drilling down, I see that any swift api using key stone authentication fails. I am unable to figure out why the authentication fails. From debug messages, I see that keystone redirects to the ceph url with a valid token but the token is not accepted by ceph.

I have checked the configuration in the keystone, the user, password and the roles are assigned right. I don't see any logs on the keystone or on the ceph gateway. 

Can someone please help me in understanding what is missing and resolving the issue? 

Keystone version : 0.7.1
Ceph version: jewel


SWIFT API FAILS WHEN USED WITH KEYSTONE

OS_PASSWORD=swift
OS_AUTH_URL=http://keystonegw:35357/v2.0
OS_USERNAME=swift
OS_TENANT_NAME=admin

swift stat -v
Account HEAD failed: http://cephgw/swift/v1 401 Unauthorized
Failed Transaction ID: tx000000000000000000a03-00593cceee-14852c-default

DEBUG LOGS

DEBUG:keystoneclient.session:REQ: curl -i -X POST http://keystonegw:35357/v2.0/tokens -H "Content-Type: application/json" -H "User-Agent: python-keystoneclient" -d '{"auth": {"tenantName": "admin", "passwordCredentials": {"username": "swift", "password": "swift"}}}'

DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): keystonegw

DEBUG:requests.packages.urllib3.connectionpool:http://keystonegw:35357 "POST /v2.0/tokens HTTP/1.1" 200 2988

DEBUG:keystoneclient.session:RESP: [200] {'Content-Length': '2988', 'Vary': 'X-Auth-Token', 'Connection': 'keep-alive', 'Date': 'Sun, 11 Jun 2017 04:58:02 GMT', 'Content-Type': 'application/json', 'X-Distribution': 'Ubuntu'}

RESP BODY: {"access": {"token": {"issued_at": "2017-06-11T04:58:02.281325", "expires": "2017-06-11T05:58:02Z", "id": "MIIFxAYJKoZIhvcNAQcCoIIFtTCCBbECAQExDTALBglghkgBZQMEAgEwggQSBgkqhkiG9w0BBwGgggQDBIID-ZHAU2leHd5HchISF4zxP2Ir2Vc1B+VPB65g==", "tenant": {"description": "Tenant Admin", "enabled": true, "id": "e749b5906c614b30b0d0b41df64f1da1", "name": "admin"}}, "serviceCatalog": [{"endpoints": [{"adminURL": "http://cephgw/swift/v1", "region": "regionOne", "internalURL": "http://cephgw/swift/v1", "id": "13840aac1f3b4c92a871728184450008", "publicURL": "http://cephgw/swift/v1"}], "endpoints_links": [], "type": "object-store", "name": "swift"}, {"endpoints": [{"adminURL": "http://keystonegw:35357/v2.0", "region": "RegionOne", "internalURL": "http://keystonegw:5000/v2.0", "id": "3c4901bace1846b7bb65733095018a4c", "publicURL": "http://keystonegw:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "keystone"}], "user": {"username": "swift", "roles_links": [], "id": "e412082961054ae9bfc568c71bb1a710", "roles": [{"name": "admin"}], "name": "swift"}, "metadata": {"is_admin": 0, "roles": ["9154fbc7474b40918e9ca4c848e2dd91"]}}}

DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): cephgw

DEBUG:requests.packages.urllib3.connectionpool:http://cephgw:80 "HEAD /swift/v1 HTTP/1.1" 401 0

INFO:swiftclient:REQ: curl -i http://cephgw/swift/v1 -I -H "X-Auth-Token: MIIFxAYJKoZIhvcNAQcCoIIFtTCCBbECAQExDTALBglghkgBZQMEAgEwggQSBgkqhkiG9w0BBwGgggQDBIID-

INFO:swiftclient:RESP STATUS: 401 Unauthorized

------------------------------------------------

V1 for same user works and data can be uploaded/downloaded from ceph

ST_USER=admin:swift
ST_KEY=7LEzObQbNj35Yk9m12TSmiT6KUhSzWhlFheOgmwS

swift stat
                 StorageURL: http://cephgw/swift/v1
                 Auth Token: AUTH_rgwtk0b00000061646d696e3a7377696674b6872a79e9fb2b02de1c3e59287fa0253d2cc306eb3c576b6cf05eeccdb9d1aae00c5440
------------------------------------------------

ceph.conf
[client.radosgw.gateway]
host = cephgw
keyring = /etc/ceph/ceph.client.radosgw.keyring
rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
log file = /var/log/radosgw/client.radosgw.gateway.log
rgw keystone url = "" href="http://keystonegw:35357">http://keystonegw:35357
rgw keystone admin user = swift
rgw keystone admin password = swift
rgw keystone admin tenant = admin
rgw keystone accepted roles = admin,_member_
rgw keystone token cache size = 500
rgw keystone revocation interval = 500
debug rgw = 20
                   
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux