When configuring the paste pipeline for Swift's proxy, it appears that you must explicitly state the service and authentication protocol as http if you're not using an SSL connection, as this is the default. The current configuration section of the keystone documentation doesn't make this clear.
My sample proxy-server.conf file for the Essex packages in the Ubuntu 12.04LTS beta thus looks as follows: DEFAULT] bind_port = 8080 bind_ip = 172.16.1.5 user = swift log_name = SWIFT_PROXY log_level = DEBUG log_headers = True [pipeline:main] pipeline = catch_errors healthcheck cache swift3 s3token authtoken keystone prox y-server #pipeline = catch_errors healthcheck cache authtoken keystone proxy-server [app:proxy-server] use = egg:swift#proxy allow_account_management = true account_autocreate = true [filter:swift3] use = egg:swift#swift3 [filter:s3token] paste.filter_factory = keystone.middleware.s3_token:filter_factory auth_port = 5000 auth_host = essex1 auth_protocol = http [filter:keystone] paste.filter_factory = keystone.middleware.swift_auth:filter_factory operator_roles = admin, swiftoperator, Admin, SwiftOperator [filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory delay_auth_decision = 1 service_protocol = http service_port = 5000 service_host = essex1 auth_protocol = http auth_port = 35357 auth_host = essex1 auth_token = ADMIN8475760012 admin_token = ADMIN8475760012 [filter:catch_errors] use = egg:swift#catch_errors [filter:healthcheck] use = egg:swift#healthcheck [filter:cache] use = egg:swift#memcache memcache_server = 127.0.0.1:11211 Also, setting the log_level in the proxy's configuration file does not enable logging in the keystone authentication modules included in the paste pipeline. To discover this configuration bug, I needed to hack the auth_token.py module to get logging to work (copied from swift's catch_errors.py module) and discover that it was trying to connect via an SSL connection. Is this a bug? Otherwise auth_token.py will report a "no handler" exception. Regards, Ross _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
