Re: [Openstack] Improved browser-based access to Swift
On Thu, Jul 18, 2013 at 2:20 PM, Koert van der Veer ko...@cloudvps.com wrote: Both middleware projects are released under the Apache 2.0 licence, and can be found on our github page: https://github.com/CloudVPS/better-staticweb https://github.com/CloudVPS/swift-basicauth Nice! You probably want to use the swift.authorize mechanism instead of doing authorization in __call__ eg : https://github.com/openstack/swift/blob/master/swift/common/middleware/keystoneauth.py#L106 see http://docs.openstack.org/developer/swift/development_auth.html : Authorization is performed through callbacks by the Swift Proxy server to the WSGI environment’s swift.authorize value, if one is set. The swift.authorize value should simply be a function that takes a Request as an argument and returns None if access is granted or returns a callable(environ, start_response) if access is denied. This callable is a standard WSGI callable. Generally, you should return 403 Forbidden for requests by an authenticated user and 401 Unauthorized for an unauthenticated request. For example, here’s an authorize function that only allows GETs (in this case you’d probably return 405 Method Not Allowed, but ignore that for the moment).: Chmouel. Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [ANN] Caimito 0.11 - WebDAV frontend for OpenStack Swift Cloud Storage
Hi Gabe, On 17 Jul 2013, at 15:41, Gabe Wong gabri...@ngasi.com wrote: Thanks Chmoue. Unfortunately I don't see any contact info on the site. Don't know if Stefano Maffulli is still involved with communications. I had also asked Michael J Fork, the author of https://wiki.openstack.org/wiki/RelatedProjects, but got no response. Regards This is a document inside openstack swift : https://github.com/openstack/swift/blob/master/doc/source/associated_projects.rst you just need to submit a review updating the document in the source tree and this will get reviewed : https://wiki.openstack.org/wiki/How_To_Contribute Cheers, Chmouel. -Original Message- From: Chmouel Boudjnah chmo...@enovance.com Sent: Tuesday, July 16, 2013 2:45am To: Gabe Wong gabri...@ngasi.com Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] [ANN] Caimito 0.11 - WebDAV frontend for OpenStack Swift Cloud Storage On Wed, Jul 10, 2013 at 4:14 PM, Gabe Wong gabri...@ngasi.com wrote: Lots of work has been done to Caimito. In addition to bug fixes: - Faster request handling. - Better handling of files with spaces and other characters. Thanks to everyone who have contributed. Of course the community's valuable feedback is much welcomed. Feel free to download Caimito here: http://caimito.ngasi.com Cool, congrats on the new release. You may want to list this in http://docs.openstack.org/developer/swift/associated_projects.html (the associated_projects.rst is in the github repo of swift). Chmouel. Cheers. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [ANN] Caimito 0.11 - WebDAV frontend for OpenStack Swift Cloud Storage
On Wed, Jul 10, 2013 at 4:14 PM, Gabe Wong gabri...@ngasi.com wrote: Lots of work has been done to Caimito. In addition to bug fixes: - Faster request handling. - Better handling of files with spaces and other characters. Thanks to everyone who have contributed. Of course the community's valuable feedback is much welcomed. Feel free to download Caimito here: http://caimito.ngasi.com Cool, congrats on the new release. You may want to list this in http://docs.openstack.org/developer/swift/associated_projects.html (the associated_projects.rst is in the github repo of swift). Chmouel. Cheers. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Design] Why/how object storage(Swift) better than scale-out NAS?
On Wed, Jul 3, 2013 at 8:47 AM, Li, Leon leon@emc.com wrote: However a scale-out NAS could also have these benefits, if you build the scale-out NAS with open source cluster FS(for example HDFS), just like many Internet company did. Please feel free to considerate contributing to this blueprint effort : https://blueprints.launchpad.net/swift/+spec/diskfile-databasebroker-as-apis which would potentially allows you to plug your scale-out NAS (or whatever you call it) to swift Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Swift] Updating best practices for XFS inode size
On Mon, Jul 1, 2013 at 9:02 AM, Robert van Leeuwen robert.vanleeu...@spilgames.com wrote: I would like to thank the XFS folks at Redhat for letting us know about the improvements in XFS, and the XFS team in general for the great work they have done. Thanks for the heads up. Do you, or any of the Redhat people, know if the Red Hat 6 kernel is also recent enough (are those improvements back-ported to RHEL 6)? I was wondering that too and would love to know which distro/kernel version have those improvements. The only thing I can find in the kernel logs is that patch : http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8daaa83145ef1f0a146680618328dbbd0fa76939 which is quite old (but recent when if are talking stable ;)) Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] HTTP headers are incorrectly treated case sensitive by jClouds causing OpenStack x-storage-url to fail
On Fri, Jun 28, 2013 at 2:00 AM, Ali, Saqib docbook@gmail.com wrote: Is there anything we can do to work around this, while someone from the jClouds community fixes this issue? I would be believe a jclouds fix would be faster to get in than to try agree on a hack to do on swift. Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Folsom Keystone and Grizzly Swift
python-keystoneclient latest should be release independent and should be compatible with folsom and have the fix you need for caching (the cache=swift.cache parameter to have in auth_token). You will need a recent version of swift tho to get everything working well. On Tue, Jun 11, 2013 at 4:39 PM, John Dickinson m...@not.mn wrote: Yes it will work, but I would not recommend it for production systems. There were some changes in Keystone during the Grizzly release that are pretty much required for Keystone to be usable with Swift (specifically around Keystone's ability to support token caching). My recommendation would be to upgrade Keystone to its grizzly release or consider an alternative auth system for Swift. --John On Jun 11, 2013, at 1:23 AM, raydzu rary...@interia.pl wrote: Good morning, I have really simple and stupid question but I just want to confirm my assumptions Do you expect any possible problems if I will use Folsom release of Keystone with Grizzly release of Swift ? I believe that there shouldn't be any as swift in both versions using the same protocol , but I will feel much safer if you can confirm that Thank you Radek ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] grizzly keystone with v1.0 API
FYI I had a clean extension for keystone doing just that : https://github.com/chmouel/keystone-legacyv1-extension but it needed the review in keystone : https://review.openstack.org/#/c/25235/ for keystone which was unfortunately not accepted for a reason I am not totally sure about. Chmouel. On Wed, Jun 5, 2013 at 12:14 PM, Axel Christiansen axel.christian...@softreset.de wrote: Thank you Matthieu, that sounds very interesting. The grizzly i am using comes with an all in one keystone.conf. I think that is fine and should work. Would you be so kind and send me your /etc/keystone/keystone.conf and /etc/keystone/keystone-paste.ini. I would like to compare these to mine and hope it brings me a lot closer. Yes, thats what i ment on the zmanda-blog. Thnak you! Axel Am 05.06.13 11:30, schrieb Matthieu Huin: Hello Axel, If you refer to this post : http://www.zmanda.com/blogs/?p=1002 , I managed to set it up successfully on a devstack ( that's the trunk version, though, not grizzly ). There is a mistake in the instructions; the config file to modify is not /etc/keystone/keystone.conf but /etc/keystone/keystone-paste.ini . Hope that helps. Matthieu Huin m...@enovance.com - Original Message - From: Axel Christiansen axel.christian...@softreset.de To: openstack@lists.launchpad.net Sent: Wednesday, June 5, 2013 11:23:13 AM Subject: [Openstack] grizzly keystone with v1.0 API Hello List again, on the zmanda-blog is a description to make a swift/keystone setup work again via the v1.0 API. Had anyone success doing this on grizzly? I sadly did not. Regards, Axel ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Swift] Intermittent error 403 Access was denied to this resource
I have seen this when keystone is too busy for validating tokens. getting keystone behind apache or scaling up keystone make things a better (and make sure you are using swift memcache connection in auth_token). Chmouel. On Mon, Jun 3, 2013 at 8:15 PM, Andrii Loshkovskyi loshkovs...@gmail.com wrote: Hello, I would appreciate if you help me to troubleshoot the following issue: I am having error 403 intermittenly when listing containers in swift. Sometimes the error appears a few times per hour, sometimes once per day. Basically, it's possible to reproduce the error with a simple curl command: curl --get -v -H 'X-Auth-Token: ef644...' http://swift-proxy.example.com:8080/v1/AUTH_323d0... body h1403 Forbidden/h1 Access was denied to this resource.br /br / /body The token and swift proxy endpoint are all correct as most of the time the command works. A few words about infrastructure: I use swift 1.7.4 and several swift proxies. Users are authenticated via Keystone. Tokens are cached with memcached on swift proxy servers. I did a lot of tests to figure out what service generates such error: - same issue happens with each swift proxy server, with or without memcached enabled - it happens with different users and in different tenants - I downloaded sources of swift and Keystone and grepped on that error. There are some HTTPForbidden values returned in code but no one with the body 'Access denied to this resource' - I tried monitoring traffic with tcpdump to catch the error and understand who's sending it but with no success yet - the issue might be related to swift ACL rules but I haven't set any read/write permissions for containers - set debug logs for swift proxy but nothing has been found yet Please help me to understand how this error is returned. Thank you for your time. -- Kind regards, Andrii Loshkovskyi ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Swift] Intermittent error 403 Access was denied to this resource
On Tue, Jun 4, 2013 at 2:41 PM, Andrii Loshkovskyi loshkovs...@gmail.com wrote: Thank you for answer. Chmouel, do you mean the auth_token on Keystone or swift proxy server? from /etc/keystone/keystone.conf [filter:token_auth] paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory from /etc/swift/proxy-server.conf [filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory ... memcache_servers = 127.0.0.1:11211 in here, remove that line and use cache=swift.cache make sure you configure the cache middleware properly. Further debugging proved that hosts without memcached don't return the error 403. I'm still investigating what service can return such error body message. well you probably want to have caching... On Tue, Jun 4, 2013 at 12:55 PM, Chmouel Boudjnah chmo...@enovance.com wrote: I have seen this when keystone is too busy for validating tokens. getting keystone behind apache or scaling up keystone make things a better (and make sure you are using swift memcache connection in auth_token). Chmouel. On Mon, Jun 3, 2013 at 8:15 PM, Andrii Loshkovskyi loshkovs...@gmail.com wrote: Hello, I would appreciate if you help me to troubleshoot the following issue: I am having error 403 intermittenly when listing containers in swift. Sometimes the error appears a few times per hour, sometimes once per day. Basically, it's possible to reproduce the error with a simple curl command: curl --get -v -H 'X-Auth-Token: ef644...' http://swift-proxy.example.com:8080/v1/AUTH_323d0... body h1403 Forbidden/h1 Access was denied to this resource.br /br / /body The token and swift proxy endpoint are all correct as most of the time the command works. A few words about infrastructure: I use swift 1.7.4 and several swift proxies. Users are authenticated via Keystone. Tokens are cached with memcached on swift proxy servers. I did a lot of tests to figure out what service generates such error: - same issue happens with each swift proxy server, with or without memcached enabled - it happens with different users and in different tenants - I downloaded sources of swift and Keystone and grepped on that error. There are some HTTPForbidden values returned in code but no one with the body 'Access denied to this resource' - I tried monitoring traffic with tcpdump to catch the error and understand who's sending it but with no success yet - the issue might be related to swift ACL rules but I haven't set any read/write permissions for containers - set debug logs for swift proxy but nothing has been found yet Please help me to understand how this error is returned. Thank you for your time. -- Kind regards, Andrii Loshkovskyi ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp -- Kind regards, Andrii Loshkovskyi ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift questions
On Wed, May 22, 2013 at 3:53 AM, Chuck Thier cth...@gmail.com wrote: It can be set to 1, and I think the default devstack install may do exactly that. this is correct, this is the default devstack install to set one replica. Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Error while trying to login to Devstack dashboard
On Mon, Mar 18, 2013 at 7:03 PM, Abhishek Chanda abhishek.li...@gmail.com wrote: 2013-03-18 13:30:55ERROR [keystone.common.cms] Signing error: Unable to load certificate - ensure you've configured PKI with 'keystone-manage pki_setup' perhaps by doing this? Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Swift]
On Fri, Mar 15, 2013 at 8:02 AM, Tomáš Šoltys tomas.sol...@gmail.com wrote: curl -k -v -H 'X-Storage-User: service:swift' -H 'X-Storage-Pass: 12345678' -X 'POST' http://localhost:5000/v2.0/auth But when for following it works: curl -k -v -X 'POST' http://localhost:5000/v2.0/tokens -d '{auth:{passwordCredentials:{username:swift, password:12345678}, tenantName:service}}' -H 'Content-type: application/json' -H 'Accept: application/xml' What am I missing here? The first one is auth v1 style auth the second one is v2 it seems that there is a bug in the manual (feel free to raise a bug in openstack-manuals launchpad project). To verify an installation with a keystone install (i.e: v2) the swift -V2.0 command is enough above the curl command is enough. Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Entering DST madness zone again
On Tue, Mar 12, 2013 at 11:24 AM, Thierry Carrez thie...@openstack.org wrote: Remember that all our OpenStack online meetings are expressed in UTC time (which does not have DST nonsense), and doublecheck what that means for you using tools like: Or for the lazy ones (i.e: most of us) who don't want to switch and open a browser tab while in the command line : -$ TZ=UTC date Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] openstack installation of swift
You can install Swift as standalone and you can even use its builtin auth server like swauth if you really don't want deps on other things than swift. (auth v1 only). Chmouel. On Thu, Mar 7, 2013 at 8:28 AM, Arun Fera fer...@gmail.com wrote: Is it necessary to install all the components for using swift alone. I need to store some data in cloud. that is my only need. Can anyone help me. -- Arun Fera M Assistant Professor, Department of Information Technology, Thiagarajar College of Engineering, Madurai-15. Mob:9790292924 E-mail:f...@tce.edu ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Swift] Define storage size for specified tenant/user
Maybe this is what you are looking for : https://github.com/cschwede/swquota Chmouel. On Mon, Mar 4, 2013 at 3:17 PM, jeffty wantwater...@gmail.com wrote: Thanks Gareth, But how to set the storage limit? The swift is installed in a single node, and all the authorized user can use the upload. The total amount of storage can be configured and new hard disc can be added into the ring, but I don't know how to divide individual space for a user. I try to find related info in manual but failed. Thanks. On 3/4/2013 12:43 AM, Gareth wrote: I think storage limit is a good feature. On Sat, Mar 2, 2013 at 1:14 PM, jeffty wantwater...@gmail.com mailto:wantwater...@gmail.com wrote: Hi All, I can upload/download in swift by execute 'swift upload' and 'swift download'. Is it possible to create storage and define its size for a specified tenant/user without providing any instance? Then the user can upload/download his own files in swift and don't need to own an vm instance. Thanks. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net mailto:openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp -- Gareth /Cloud Computing, Openstack, Fitness, Basketball / /Novice Openstack contributer/ /My promise: if you find any spelling or grammar mistake in my email from Mar 1 2013, notice me / /and I'll donate 1$ or 1¥ to open organization specified by you./ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Swift]A design draft of Storage Quota
I haven't had the chance to do a full reviews but here is a few toughts : - the account quota goes along this review: https://review.openstack.org/#/c/21563/ so we can get easily have account metadatas from middlewares. - I am not sure I fancy much the json blob in the ini config (why not a new config file?) - I have already an implementation that mostly follow the same structure as (the already merged) container quota middleware but I am waiting on the other review for account info metadata to send it for reviews. - Down the line but probably not for the v1 I like to be able to notify somewhere about the account being over quota ideally it would be an option to get to ceilometer or other plugged in system. Chmouel. On Wed, Feb 20, 2013 at 11:11 AM, Alex Yang alex890...@gmail.com wrote: Storage Quotas Designhttps://docs.google.com/document/d/1b5hkT_E8PyzaAPjNImW0SF-yyh8vGrN_DNjMChol4_Q/edit This is the design draft of Storage Quota. Implementation of this design is https://github.com/AlexYangYu/StackLab-swift/tree/dev-quota -- 杨雨 Email: alex890...@gmail.com GitHub: https://github.com/AlexYangYu Blog:http://alexyang.sinaapp.com Weibo: http://www.weibo.com/alexyangyu ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Swift]A design draft of Storage Quota
Hi Kevin, On Wed, Feb 20, 2013 at 5:26 PM, Kevin L. Mitchell kevin.mitch...@rackspace.com wrote: I'll also point out Boson: https://wiki.openstack.org/wiki/Boson and https://github.com/klmitch/boson with some initial work. Unfortunately, I'm not able to work on Boson at the moment due to higher-priority tasks… From a quick look of it why can't we do the same as Boson without synaps[1]+ceilometer+swift_container_update. I don't know very well those but from the look of it you could have synaps generating alerts based on resources collection from ceilometer and set the enforcement using the native service mechanism? Chmouel, [1] when properly working with a proper API. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Swift]A design draft of Storage Quota
I was guessing this is the part of what synaps do but from looking at https://wiki.openstack.org/wiki/Synaps it may just provide only notifications and not enforcements. Chmouel. On Wed, Feb 20, 2013 at 9:17 PM, Kevin L. Mitchell kevin.mitch...@rackspace.com wrote: On Wed, 2013-02-20 at 21:09 +0100, Chmouel Boudjnah wrote: On Wed, Feb 20, 2013 at 5:26 PM, Kevin L. Mitchell kevin.mitch...@rackspace.com wrote: I'll also point out Boson: https://wiki.openstack.org/wiki/Boson and https://github.com/klmitch/boson with some initial work. Unfortunately, I'm not able to work on Boson at the moment due to higher-priority tasks… From a quick look of it why can't we do the same as Boson without synaps[1]+ceilometer+swift_container_update. I don't know very well those but from the look of it you could have synaps generating alerts based on resources collection from ceilometer and set the enforcement using the native service mechanism? I do not understand your question. Quotas have nothing to do with notifications, as far as I understand it; quotas limit the maximum amount of a given resource a given user can have, while ceilometer just notifies other consumers about actions, right? -- Kevin L. Mitchell kevin.mitch...@rackspace.com ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift + Keystone integration problem
you seem to use ssl with a http:// url. Chmouel. On Mon, Feb 4, 2013 at 10:38 AM, Andrey V. Romanchev andrey.romanc...@gmail.com wrote: Of course. # cat /etc/swift/proxy-server.conf [DEFAULT] cert_file = /etc/swift/cert.crt key_file = /etc/swift/cert.key bind_port = bind_ip = host workers = 8 user = swift log_facility = LOG_LOCAL1 log_level = DEBUG [pipeline:main] pipeline = catch_errors healthcheck cache authtoken keystone proxy-server [app:proxy-server] use = egg:swift#proxy allow_account_management = true account_autocreate = true [filter:keystone] paste.filter_factory = keystone.middleware.swift_auth:filter_factory operator_roles = admin, swift [filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory # Delaying the auth decision is required to support token-less # usage for anonymous referrers ('.r:*'). delay_auth_decision = 0 auth_protocol = http service_port = 5000 service_host = host auth_port = 35357 auth_host = host auth_uri = http://host:5000/ auth_token = 6bde76d029582066e4ee2edcf0d1c212 admin_token = 6bde76d029582066e4ee2edcf0d1c212 admin_tenant_name = service admin_user = swift admin_password = swiftpass signing_dir = /etc/swift [filter:healthcheck] use = egg:swift#healthcheck [filter:cache] use = egg:swift#memcache memcache_servers = host:11211 [filter:catch_errors] use = egg:swift#catch_errors 2013/2/2 Chmouel Boudjnah chmo...@chmouel.com You probably want to past your proxy-server.conf this may be helpful for us to help you. Chmouel. On Fri, Feb 1, 2013 at 8:49 PM, David Goetz david.go...@rackspace.comwrote: I'm sorry- I didn't read that part about the proxy restart :) The proxy may not log if it gets hung up in some middleware. What middleware do you have running? You can try adding in some log messages into the middleware you have running to find out where. On Feb 1, 2013, at 1:37 PM, David Goetz wrote: Sounds like swift isn't listening on that port. What is the bind_port in your proxy-server.conf? On Feb 1, 2013, at 12:53 PM, Andrey V. Romanchev wrote: Hello! I've installed swift + keystone and have incomprehensible problem First of all I get auth tokens curl -d '{auth: {tenantName: service, passwordCredentials:{username: swift, password: swiftpass}}}' -H Content-type: application/json http://host:5000/v2.0/tokens | python -mjson.tool This command works fine, I get token id and publicURL Then curl -H X-AUTH-TOKEN: cf1d44080a184e6c8f94e3fe52e89d48 http:// host:/v1/AUTH_b74d4d57b1f5473bb2d8ffe5110a3d5a This command just hangs and that's all. No swift logs, no response. If I restart proxy server, I get on client side curl: (56) Recv failure: Connection reset by peer I've completely stuck here. I even turned on debug logs in swift-proxy - no result as well. Is there any possibility to understand what's wrong? ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift + Keystone integration problem
you need to add the proxy-logging middleware, see swift's default proxy-server.conf https://github.com/openstack/swift/blob/master/etc/proxy-server.conf-sample Chmouel. On Mon, Feb 4, 2013 at 10:37 AM, Andrey V. Romanchev andrey.romanc...@gmail.com wrote: [pipeline:main] pipeline = catch_errors healthcheck cache authtoken keystone proxy-server How to add log messages to middleware components? 2013/2/1 David Goetz david.go...@rackspace.com I'm sorry- I didn't read that part about the proxy restart :) The proxy may not log if it gets hung up in some middleware. What middleware do you have running? You can try adding in some log messages into the middleware you have running to find out where. On Feb 1, 2013, at 1:37 PM, David Goetz wrote: Sounds like swift isn't listening on that port. What is the bind_port in your proxy-server.conf? On Feb 1, 2013, at 12:53 PM, Andrey V. Romanchev wrote: Hello! I've installed swift + keystone and have incomprehensible problem First of all I get auth tokens curl -d '{auth: {tenantName: service, passwordCredentials:{username: swift, password: swiftpass}}}' -H Content-type: application/json http://host:5000/v2.0/tokens | python -mjson.tool This command works fine, I get token id and publicURL Then curl -H X-AUTH-TOKEN: cf1d44080a184e6c8f94e3fe52e89d48 http:// host:/v1/AUTH_b74d4d57b1f5473bb2d8ffe5110a3d5a This command just hangs and that's all. No swift logs, no response. If I restart proxy server, I get on client side curl: (56) Recv failure: Connection reset by peer I've completely stuck here. I even turned on debug logs in swift-proxy - no result as well. Is there any possibility to understand what's wrong? ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift + Keystone integration problem
You probably want to past your proxy-server.conf this may be helpful for us to help you. Chmouel. On Fri, Feb 1, 2013 at 8:49 PM, David Goetz david.go...@rackspace.comwrote: I'm sorry- I didn't read that part about the proxy restart :) The proxy may not log if it gets hung up in some middleware. What middleware do you have running? You can try adding in some log messages into the middleware you have running to find out where. On Feb 1, 2013, at 1:37 PM, David Goetz wrote: Sounds like swift isn't listening on that port. What is the bind_port in your proxy-server.conf? On Feb 1, 2013, at 12:53 PM, Andrey V. Romanchev wrote: Hello! I've installed swift + keystone and have incomprehensible problem First of all I get auth tokens curl -d '{auth: {tenantName: service, passwordCredentials:{username: swift, password: swiftpass}}}' -H Content-type: application/json http://host:5000/v2.0/tokens | python -mjson.tool This command works fine, I get token id and publicURL Then curl -H X-AUTH-TOKEN: cf1d44080a184e6c8f94e3fe52e89d48 http:// host:/v1/AUTH_b74d4d57b1f5473bb2d8ffe5110a3d5a This command just hangs and that's all. No swift logs, no response. If I restart proxy server, I get on client side curl: (56) Recv failure: Connection reset by peer I've completely stuck here. I even turned on debug logs in swift-proxy - no result as well. Is there any possibility to understand what's wrong? ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Network setup - Swift / keystone location and configuraton?
On Sat, Jan 19, 2013 at 9:57 AM, Kuo Hugo tonyt...@gmail.com wrote: The swift-client is using --publicurl as I know . FYI: You can change that behavior with the --os-endpoint-type switch Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OpenStack][Swift] Fast way of uploading 200GB of 200KB files to Swift
as Chuck explain you usually would see that on the server, having said that if you use latest swiftclient from github you will be able to see the requests that swiftclient make via keystoneclient to keystone to get a token. If you go on the swift proxy server and only if you use a recent checked out version of swift you will be able to see the auth_token debug messages (the authentication middleware for validating a token to keystone) in your proxy-server log. I would advise to take a look at a devstack, running it with swift and see how it work on the swift proxy server console (in screen). On Mon, Jan 14, 2013 at 8:00 PM, Leander Bessa Beernaert leande...@gmail.com wrote: Neither keystone nor swift proxy are producing any logs. I'm not sure what to do :S On Mon, Jan 14, 2013 at 6:50 PM, Chuck Thier cth...@gmail.com wrote: You would have to look at the proxy log to see if a request is being made. The results from the swift command line are just the calls that the client makes. The server still haves to validate the token on every request. -- Chuck On Mon, Jan 14, 2013 at 12:37 PM, Leander Bessa Beernaert leande...@gmail.com wrote: Below is an output from Swift stat, since I don't see any requests to keystone, I'm assuming that memcache is being used right? REQ: curl -i http://192.168.111.215:8080/v1/AUTH_[ID] -X HEAD -H X-Auth-Token: [TOKEN] DEBUG:swiftclient:REQ: curl -i http://192.168.111.215:8080/v1/AUTH_[ID]-X HEAD -H X-Auth-Token: [TOKEN] RESP STATUS: 204 DEBUG:swiftclient:RESP STATUS: 204 Account: AUTH_[ID] Containers: 44 Objects: 4818 Bytes: 112284450 Accept-Ranges: bytes X-Timestamp: 1358184925.20885 X-Trans-Id: tx8cffb469c9c542be830db10a2b90d901 On Mon, Jan 14, 2013 at 6:31 PM, Dolph Mathews dolph.math...@gmail.com wrote: If memcache is being utilized by your keystone middleware, you should see keystone attaching to it on the first incoming request, e.g.: keystoneclient.middleware.auth_token [INFO]: Using Keystone memcache for caching token You may also want to use auth_token from keystoneclient = v0.2.0 if you're not already (instead of from keystone itself). -Dolph On Mon, Jan 14, 2013 at 11:43 AM, Leander Bessa Beernaert leande...@gmail.com wrote: Are you by any chance referring to this topic https://lists.launchpad.net/openstack/msg08639.html regarding the keystone token cache? If so I've already added the configuration line and have not noticed any speedup :/ On Mon, Jan 14, 2013 at 5:19 PM, Leander Bessa Beernaert leande...@gmail.com wrote: I'm using the ubuntu 12.04 packages of the folsom repository by the way. On Mon, Jan 14, 2013 at 5:18 PM, Chuck Thier cth...@gmail.com wrote: On Mon, Jan 14, 2013 at 11:03 AM, Leander Bessa Beernaert leande...@gmail.com wrote: Also, I'm unable to run the swift-bench with keystone. Hrm... That was supposed to be fixed with this bug: https://bugs.launchpad.net/swift/+bug/1011727 My keystone dev instance isn't working at the moment, but I'll see if I can get one of the team to take a look at it. -- Chuck ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] What's the function of devstack?
Here is the webpage describing the project : http://devstack.org/ and AFAIK I don't think there will be a GUI to stack.sh (some may consider a graphical terminal a GUI tho) On Tue, Jan 15, 2013 at 9:32 AM, Jia Lee jeffryl...@gmail.com wrote: Hi, Could someone tell me the function of devstack and will there be a graphical user interface when the 'stack.sh' is executed? -- 世界因你而精彩~ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OpenStack][Swift] Fast way of uploading 200GB of 200KB files to Swift
any chances you can try with latest swift as well and set : log_level = DEBUG in swift proxy-server.conf and what what the authtoken middleware is doing in the /var/log/syslog (or wherever syslog log on your distro). Chmouel. On Tue, Jan 15, 2013 at 12:09 PM, Leander Bessa Beernaert leande...@gmail.com wrote: I've updated the keystoneclient to the lastest version available in GitHub and I'm still not getting any speedups. I've switched to the tempauth system and noticed an immediate increase in throughput (6.4 GB/day to 53.5 GB/day). Since I'm time-restrained, I'll stick with the tempauth system for now. I'll check back on the keystone token cache later. Thanks for all the help. On Tue, Jan 15, 2013 at 8:36 AM, Chmouel Boudjnah chmo...@chmouel.comwrote: as Chuck explain you usually would see that on the server, having said that if you use latest swiftclient from github you will be able to see the requests that swiftclient make via keystoneclient to keystone to get a token. If you go on the swift proxy server and only if you use a recent checked out version of swift you will be able to see the auth_token debug messages (the authentication middleware for validating a token to keystone) in your proxy-server log. I would advise to take a look at a devstack, running it with swift and see how it work on the swift proxy server console (in screen). On Mon, Jan 14, 2013 at 8:00 PM, Leander Bessa Beernaert leande...@gmail.com wrote: Neither keystone nor swift proxy are producing any logs. I'm not sure what to do :S On Mon, Jan 14, 2013 at 6:50 PM, Chuck Thier cth...@gmail.com wrote: You would have to look at the proxy log to see if a request is being made. The results from the swift command line are just the calls that the client makes. The server still haves to validate the token on every request. -- Chuck On Mon, Jan 14, 2013 at 12:37 PM, Leander Bessa Beernaert leande...@gmail.com wrote: Below is an output from Swift stat, since I don't see any requests to keystone, I'm assuming that memcache is being used right? REQ: curl -i http://192.168.111.215:8080/v1/AUTH_[ID] -X HEAD -H X-Auth-Token: [TOKEN] DEBUG:swiftclient:REQ: curl -i http://192.168.111.215:8080/v1/AUTH_[ID] -X HEAD -H X-Auth-Token: [TOKEN] RESP STATUS: 204 DEBUG:swiftclient:RESP STATUS: 204 Account: AUTH_[ID] Containers: 44 Objects: 4818 Bytes: 112284450 Accept-Ranges: bytes X-Timestamp: 1358184925.20885 X-Trans-Id: tx8cffb469c9c542be830db10a2b90d901 On Mon, Jan 14, 2013 at 6:31 PM, Dolph Mathews dolph.math...@gmail.com wrote: If memcache is being utilized by your keystone middleware, you should see keystone attaching to it on the first incoming request, e.g.: keystoneclient.middleware.auth_token [INFO]: Using Keystone memcache for caching token You may also want to use auth_token from keystoneclient = v0.2.0 if you're not already (instead of from keystone itself). -Dolph On Mon, Jan 14, 2013 at 11:43 AM, Leander Bessa Beernaert leande...@gmail.com wrote: Are you by any chance referring to this topic https://lists.launchpad.net/openstack/msg08639.html regarding the keystone token cache? If so I've already added the configuration line and have not noticed any speedup :/ On Mon, Jan 14, 2013 at 5:19 PM, Leander Bessa Beernaert leande...@gmail.com wrote: I'm using the ubuntu 12.04 packages of the folsom repository by the way. On Mon, Jan 14, 2013 at 5:18 PM, Chuck Thier cth...@gmail.com wrote: On Mon, Jan 14, 2013 at 11:03 AM, Leander Bessa Beernaert leande...@gmail.com wrote: Also, I'm unable to run the swift-bench with keystone. Hrm... That was supposed to be fixed with this bug: https://bugs.launchpad.net/swift/+bug/1011727 My keystone dev instance isn't working at the moment, but I'll see if I can get one of the team to take a look at it. -- Chuck ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OpenStack][Swift] Cannot perform multiple requests with Python API
can you do a export SWIFTCLIENT_DEBUG=true before running the interpreters and tell us the output? Chmouel. On Tue, Jan 8, 2013 at 4:57 PM, Leander Bessa Beernaert leande...@gmail.com wrote: I'm still getting the same error. Here's what I did: - git clone https://github.com/openstack/python-swiftclient - cd python-swiftclient - sudo python setup.py install - Repeated the previous procedures Did it not install correctly? On Tue, Jan 8, 2013 at 3:47 PM, Chmouel Boudjnah chmo...@chmouel.comwrote: I am not sure why it does that (works fine for me), can you try with the git version to see if you can reproduce ? Thanks, Chmouel. On Mon, Jan 7, 2013 at 7:31 PM, Leander Bessa Beernaert leande...@gmail.com wrote: Hello all, I'm having an issue when using the Python API for swift [1]. I am unable to do two sequential operations. The first operation works and the second ceases to work. Is this expected, or is this a bug? I'm using Ubuntu 12.04 with the Folsom Packages. Example output (Python Interpreter): import swiftclient swiftclient.get_container([URL],[TOKEN],'test') ({'content-length': '174', 'x-container-object-count': '1', 'accept-ranges': 'bytes', 'x-container-bytes-used': '200', 'x-timestamp': '1357299184.84634', 'date': 'Mon, 07 Jan 2013 18:25:41 GMT', 'content-type': 'application/json; charset=utf-8'}, [{'bytes': 200, 'last_modified': '2013-01-07T18:07:17.289060', 'hash': 'fbaf48ec981a5eecdb57b929fdd426e8', 'name': 'test_object', 'content_type': 'application/octet-stream'}]) swiftclient.get_container([URL],[TOKEN],'test') Traceback (most recent call last): File stdin, line 1, in module File /usr/lib/python2.7/dist-packages/swiftclient/client.py, line 487, in get_container resp = conn.getresponse() File /usr/lib/python2.7/dist-packages/swift/common/bufferedhttp.py, line 103, in getresponse logging.debug(_(HTTP PERF: %(time).5f seconds to %(method)s TypeError: 'tuple' object is not callable Regards, Leander [1] https://github.com/openstack/python-swiftclient ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] S3 Token
On Mon, Dec 10, 2012 at 4:17 AM, Adam Young ayo...@redhat.com wrote: As a Keystone core developer, I have to say that I don't see it as a huge burden to keep it in place. We want to maintain API backward compatability, and removing it would break that. We should deprecate it and get people to sign off on a complete removal before taking it out of keystone. Thanks for the feedback guy, if that's not much of troubles to keep it in keystone we can leave it there. Cheers, Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] S3 Token
Hello Anne, Where are those feedbacks? Any chances if I can see them? I am wondering if people are using s3 with swauth or with keystone. Cheers, Chmouel. On Sat, Dec 8, 2012 at 10:53 PM, Anne Gentle a...@openstack.org wrote: Hi Chmouel - We get a lot of questions from the doc about supporting S3, but I don't know if it's with Keystone or without. Basically, it's this page that gets a lot of feedback and use: http://docs.openstack.org/trunk/openstack-object-storage/admin/content/configuring-openstack-object-storage-with-s3_api.html So, tell me if that's s3 token? Or just using S3 creds sans Keystone? That would help me help you decide how to proceed. Whew. :) Thanks, Anne On Sat, Dec 8, 2012 at 2:49 PM, Blair Bethwaite blair.bethwa...@gmail.com wrote: Hi Chmouel, On 9 December 2012 00:22, Chmouel Boudjnah chmo...@chmouel.com wrote: i personally would vote for number three, I don't think much people using this (i.e: swift+keystone+s3) or at least I didn't hear many feedback about the middleware. Option 3 is very unpalatable IMHO. People have existing clients using the EC2 creds with libraries such as Boto and Libcloud, so any kind of complete removal would need to be staged over releases to give fair warning. What's more, surely part of the point in providing the AWS APIs in the first place is to ease porting, requiring different creds for EC2 and S3 APIs unnecessarily complicates that. I vote for option 1 or 2. -- Cheers, ~Blairo ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] S3 Token
Hi, I'm working on removing the swift+keystone middleware from keystone, we have moved it already as keystoneauth since last OpenStack release into the main swift repository. One thing that left in keystone is the s3_token middleware. Since in OpenStack/Swift we are not supporting third party API this could not be moved there. The options : 1) Keep s3token in keystone 2) Remove s3token from keystone and try to convince the swift3 maintainer to integrate it. 3) Try to figure out if there is actually people using this and if not just nuke it. 4) move s3token to its own repo on github somewhere. i personally would vote for number three, I don't think much people using this (i.e: swift+keystone+s3) or at least I didn't hear many feedback about the middleware. Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Couldn't find stack-screenrc
On Thu, Nov 15, 2012 at 4:09 AM, Everett Toews everett.to...@rackspace.com wrote: From: Johannes Baltimore johannes.b...@gmail.com Date: Wednesday, November 14, 2012 8:34 AM To: openstack@lists.launchpad.net openstack@lists.launchpad.net Subject: [Openstack] Couldn't find stack-screenrc Hi. I got devstack today, but I've been going through a problem. Whenever i turn on the machine, I cannot run the rejoin-stack.sh script, even though I've ran stack.sh before. It says the stack-screenrc file couldn't be found, and then asks me to run stack.sh again. Does anyone knows why does this happen? Thanks in advance --- Did you run stack.sh as root? Not sure why the screenrc was not created but how do you run stack.sh as root? There is a mechanism in the script to avoid that : if [[ $EUID -eq 0 ]]; then ROOTSLEEP=${ROOTSLEEP:-10} echo You are running this script as root. echo In $ROOTSLEEP seconds, we will create a user 'stack' and run as that user sleep $ROOTSLEEP Chmouel. I've noticed that when you start as root the stack-screenrc file doesn't get created. You can copy over an old stack-screenrc or just start it as a new user. Everett ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [SWIFT] Proxies Sizing for 90.000 / 200.000 RPM
On Wed, Oct 24, 2012 at 4:45 PM, heckj he...@mac.com wrote: Specifically, I'm concerned with the way auth_token handles memcache connections. I'm not sure how well it will work in swift with eventlet. If the memcache module being used caches sockets, then concurrency in eventlet (different greenthreads) will cause problems. Eventlet detects and prevents concurrent access to the same socket (for good reason--data from the socket may be delivered to the wrong listener). What about of doing like pre-keystonelight auth_token to use swift.cache if available for token caching instead of reusing a connection, a quick patch here : http://pastie.org/private/ezd5iqf7g6lz0nfpercz8a can do the cleanup and propose for reviews if nobody has objections about it. Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OpenStack][Swift] How about move auth_toke and swift_auth middlewares into Swift?
Hi, The keystone middleware has been moved to swift already, it just wasn't removed from keystone, I haven't send a removal request from keystone since there is a massive works of documentation that needed to be done and it's a bit too late for this release timeline since distributors/operators may be not ready for it yet. Chmouel. On Thu, Aug 30, 2012 at 5:45 AM, Alex Yang alex890...@gmail.com wrote: Hi Swifters, I use keystone for the authentication and authorization of swift. During the benchmark test, I also encountered this kind of problems https://bugs.launchpad.net/keystone/+bug/1020127. I do some changes that moved the auth_toke and swift_auth middlewares into swift and replace the python-memecache client with swift.common.memcaced.MemcacheRing. It's works well for my business environment and easy to setup. I am willing to contribute this changes to swift or keystone. What's your advices? __ 杨雨 Email: alex890...@gmail.com GitHub: https://github.com/AlexYangYu Blog:http://alexyang.sinaapp.com Weibo: http://www.weibo.com/alexyangyu ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OpenStack][Swift] How about move auth_toke and swift_auth middlewares into Swift?
Hello Alex, On Thu, Aug 30, 2012 at 11:52 AM, Alex Yang alex890...@gmail.com wrote: How to deal with the auth_token middleware? Move it into swift or move it into openstack/common? there was a whole discussion last week about it, not sure what was the decision if that was to go to openstack/common or to its own project but that's definitively a post folsom works. Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Common openstack client library
On Mon, Aug 13, 2012 at 9:39 AM, Alessio Ababilov aababi...@griddynamics.com wrote: from openstackclient_base.client import HttpClient http_client = HttpClient(username=..., password=..., tenant_name=..., auth_uri=...) Shouldn't be the role of python-keystoneclient? Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Ceilometer] Project Technical Leader election result
On Fri, Aug 3, 2012 at 10:22 AM, Julien Danjou jul...@danjou.info wrote: The PTL election for Ceilometer¹ is over. The winner is Nick Barcet. congratulation Nick, well deserved. Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Bugs for Client libraries back to their own projects
On Wed, Jul 4, 2012 at 12:46 PM, Thierry Carrez thie...@openstack.org wrote: Thierry Carrez wrote: So unless someone explains why we shouldn't do it, next week I'll start the process of migrating back all bugs tagged python-*client from their parent project to their own project. Bugs for client libraries are now available at: Any chances to move the blueprints as well? Chmoue. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [CI] Retriggering Jenkins from Gerrit
On Wed, Jul 4, 2012 at 1:48 AM, James E. Blair cor...@inaugust.com wrote: To retrigger the Jenkins merge gate job, leave a comment with only the text reverify, or if you are a core reviewer, just leave another Approved vote. (Don't leave a reverify comment if the change hasn't been approved yet, it still won't be merged and will slow Jenkins down.) Really cool thanks, would it be possible to have those things documented in the wiki or even better in the ? keyboard shortcuts help. Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Bugs for Client libraries back to their own projects
On Wed, Jul 4, 2012 at 2:46 PM, Thierry Carrez thie...@openstack.orgwrote: Blueprints can (and should) be moved as well.. but there is no way to do automatically identify the blueprints that are pure client stuff, so it will be manual: When you're on a blueprint you want to move, click Re-target blueprint on the top right and select the python-PROJECTclient project. That's only a PTL job right? any chances people from Core are able to do it as well? There is much cleanup needed in Swift blueprint. Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] PyPI uploads for client libs live
On Tue, Jul 3, 2012 at 12:50 AM, Monty Taylor mord...@inaugust.com wrote: At the moment, the only people with permission to upload tags is the openstack-release team. However, since we're letting client libs manage their own versions, I kinda think we should give PTLs the right on their own project - so Vish would get tag access to python-novaclient, Brian to python-glanceclient, etc. +1 Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Adding docs gating jobs?
Just to make sure this gating test will just run python setup.py build_sphinx, right? (if it was a gating spellcheck I'll be in big trouble :)) On Tue, Jun 26, 2012 at 4:02 PM, Monty Taylor mord...@inaugust.com wrote: Hey guys! We have all of the projects properly and consistently building and uploading sphinx docs from in tree. This is pretty exciting, because it means one more resource we can expect to work. So related to that, we were talking about putting in a gating job for each project to prevent changes from breaking the docs. I don't really expect these jobs to fail builds very often, as the jobs themselves are pretty stable - but obviously it's the kind of thing people might have an opinion on. Thoughts? Monty ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] need help on swift and python
Yogesh, a couple of years ago I wrote some simple cloudfiles functions that uses python-cloudfiles to do some common task which you may want to look at to see how it's done, available here : https://github.com/chmouel/cloud-files-helper Chmouel On Tue, Jun 26, 2012 at 8:31 AM, Christophe Le Guern c35...@gmail.com wrote: Hi Yogesh, Here is an example using swauth middleware and swift: ** from cloudfiles.connection import Connection conn = Connection(account:user, password, authurl=https://SWIFT-URL/auth/v1.0;) container = conn.create_container(mycontainer) obj = container.create_object(myobject.txt) obj.content_type = text/plain obj.write(Hello World) ** Christophe On Tue, Jun 26, 2012 at 7:14 AM, Yogesh Bansal yogeshbansa...@gmail.com wrote: Hi, I want to upload a file or image on swift object storage server. I can do it using curl command. But I am not able to do it using python apis. I am using Django and python to make web based application, which required to store file from client to swift object storage server. Is there any swift and python experts, who can guide me in this regard. I am able to create and list containers using python. An example will be very helpful. Thanks Yogesh Bansal ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Swift] Problem with merging
This has been fixed and merged now, thanks CI team for the great work. Chmouel. On Wed, Jun 27, 2012 at 7:10 PM, John Postlethwait john.postlethw...@nebula.com wrote: Jenkins has been broken since yesterday. The infrastructure team is trying to address that now, it will merge when it is back up. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [keystone] proposing adding Adam Young (ayoung) to keystone-core
+1! On Wed, Jun 27, 2012 at 9:47 PM, Devin Carlen de...@openstack.org wrote: +1! On Jun 27, 2012, at 12:44 AM, Syed Armani wrote: Adam is a great guy, He is always there if you need any help or guidance. His work is incredible. Best! Syed On Wed, Jun 27, 2012 at 12:57 PM, Razique Mahroua razique.mahr...@gmail.com wrote: Not part of that group, but Adam's work is indeed fantastic Nuage Co - Razique Mahroua razique.mahr...@gmail.com NUAGECO-LOGO-Fblan_petit.jpg Le 26 juin 2012 à 23:06, Joseph Heck a écrit : Given his work in Keystone since the redux, I would like propose Adam Young (ayoung) be added to the group keystone-core. For a process in doing this, I thought we'd generally follow Nova's core-promotion process = lazy consensus over a week, and assuming no -1's and at least two +1's from current core members, it's good to go. -joe ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift API Documentation Reviews
On Tue, Jun 12, 2012 at 9:16 AM, adrian_f_sm...@dell.com wrote: For anyone interested in documentation I've posted two changes in relation to the Swift API docs, Describe the end_marker parameter (https://review.openstack.org/#/c/8375/) Added section on metadata at account level (https://review.openstack.org/#/c/8374/) Nice, thanks you, I have done some review. How does it work for docs does it need to have two core doing a +2 or one is enough? Since the API documents are versioned (currently 1.0) is it right to retrospectively update them now? Is the documentation a spec and Swift an implementation of that spec or are the two running in parallel? I'd say the two running in parallel. There are a few other gaps in the API docs but I wanted to get clarification before proceeding. Thanks, Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Comparing roles - case (in)sensitivity
On Tue, Jun 12, 2012 at 3:09 AM, Brian Waldon brian.wal...@rackspace.com wrote: So it sounds like we're going with case-insensitive string comparison for role names. There's already a patch in review for Glance, but it sounds like we'll need to get something up for Swift. Thanks for the input, guys! I have logged the bug here : https://bugs.launchpad.net/keystone/+bug/1013120 we'll address that when the middleware will be moved from keystone to core swift (soon hopefully). Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] storage for virtual machines
On Tue, Jun 12, 2012 at 6:03 PM, Matt Joyce matt.jo...@cloudscaling.com wrote: I believe swift CAN be used as a block device via FUSE, and I believe it has been done before. I wouldn't recommend it though. well anything is possible with FUSE ;-) I would not recommend it as well but FWIW here is the URL of the projects : https://github.com/redbo/cloudfuse/ https://github.com/memset/pycloudfuse Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OpenStack][Horizon] Can't list swift containers
On Tue, Jun 12, 2012 at 2:04 PM, John Giannelos johngianne...@gmail.com wrote: I am having exactly the same problem in my OpenStack installation. While managing swift through cli works fine, dashboard doesn't seem to communicate with swift. I don't know how horizon works but what the outptut when using : http://p.chmouel.com/ks (usage is: bash -x ks hostname tenant:username password). Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] [Swift] swift.common.client and swift CLI has moved to its own project python-swiftclient
Hi everyone, We have moved the swift.common.client library and bin/swift CLI to its own dedicated project called python-swiftclient available in github here : https://github.com/openstack/python-swiftclient it should be totally compatible with the previous swift and the only change needed if you were using it before in scripts, tools or others will be to change the import from : import swift.common.client to import swiftclient the swift CLI has also moved there now. Glance and devstack should be updated now to use swiftclient[1]. Documentation (i.e: manuals) has not been updated yet and we are hoping packagers will pick this up pretty soon. Regards, Chmouel. [1] horizon is still using python-cloudfiles and didn't use swift.common.client before. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] new version of gerrit - with new features!
On Fri, Jun 8, 2012 at 12:46 AM, Monty Taylor mord...@inaugust.com wrote: Hey guys! We just upgraded to a new version of gerrit. This is based on the new upstream version 2.4, but in addition we've landed two additional features on top of that - so there's tons of new toys to play with. Really cool, Thanks. David Shrewsbury wrote a long-requested feature: a Work In Progress state. Changes will now have a Work In Progress button on them that can So the difference between WIP and Draft is one is public and the other is not, right? Also - we have an open question - which is, if the pre-approval check jobs fail in Jenkins, should the patch be automatically marked Work In Progress. We're not going to do that right out of the gate, but would love feedback on what people think. I think that a reasonable assumption to say that if the commit didn't pass the tests there is still work to do in there and be marked as such. Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Comparing roles - case (in)sensitivity
I vote for case-sensitive too. PS: The keystone middleware to swift is case sensitive to roles as well. On Fri, Jun 8, 2012 at 11:57 PM, Joseph Suh j...@isi.edu wrote: I'd vote case-sensitive. Joseph (w) 703-248-6160 (c) 571-340-2434 (f) 703-812-3712 3811 N. Fairfax Drive Suite 200 Arlington, VA, 22203, USA http://www.east.isi.edu/~jsuh - Original Message - From: Brian Waldon brian.wal...@rackspace.com To: openstack@lists.launchpad.net (openstack@lists.launchpad.net) openstack@lists.launchpad.net Sent: Friday, June 8, 2012 5:50:45 PM Subject: [Openstack] Comparing roles - case (in)sensitivity tl;dr - Should we compare roles as case-sensitive or case-insensitive? I vote case-sensitive. This bug was recently filed in Glance: https://bugs.launchpad.net/glance/+bug/1010519 . It points out that Nova and Keystone are both case-insensitive when it comes to role comparison, yet Glance *is* case sensitive. I'm in favor of moving other projects to a case-sensitive approach for two main reasons: 1) If a role is a string, and comparing strings is inherently case-sensitive, then role comparison would logically be case-sensitive 2) I get to do less work Thoughts? Brian Waldon ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OpenStack][Keystone]Does legacy_auth v1.0 exist in Keystone Essex ?
On Wed, May 23, 2012 at 2:45 AM, Kuo Hugo tonyt...@gmail.com wrote: For several client tools , still using v1.0 authentication method for auth. Such as cyberduck or Gladinet. These applications look for X-AUTH-TOKEN and X-Storage-Url headers for accessing swift. maru was telling me the other time that internap have a middleware that does exactly and are looking to OpenSource it in the future. Cheers, Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OpenStack][Keystone]Does legacy_auth v1.0 exist in Keystone Essex ?
On Wed, May 23, 2012 at 3:53 PM, Christian Broussard christian.brouss...@gmail.com wrote: I'm interested in this topic as well. Chmouel, are you indicated that without a 3rd party middleware implementation, there is no way to handle v1.0 auth with keystone/swift? Not that I know. Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Middleware packaging (was: swift3 middleware split)
On Tue, May 22, 2012 at 10:53 AM, Thierry Carrez thie...@openstack.org wrote: I expect the packaging teams in each distro to consider which plugins make the most sense and package them. +1, this is totally up to the distro to takes care of those things. Talking about packaging and middlewares, it would be nice if the packagers could do a split of the middlewares from a main project. For example in keystone the auth_token middleware is located in the python-keystone package for Ubuntu[1] it would be much nicer if this is splitted to its own package like python-keystone-auth-token and avoid end-user confusion like why do I need to install the full keystone[2] to get Nova/Swift/Glance+KeystoneAuth working I am not sure what's the process to get this forward, should I just report a bug against Fedora/Ubuntu package and attach a patch for the .spec, debian/control in there ? Thanks, Chmouel. [1] and seems to be the case as well for RedHat according to http://is.gd/MGMAZ1 [2] on the same server. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] python-swiftclient in gerrit
On Tue, May 22, 2012 at 3:38 AM, Lorin Hochstein lo...@nimbisservices.comwrote: Are you planning on making it available through PyPi once it's broken out? Yes, I just asked monty if he can do that and when this is done i'll send[1] the removal request from swift so other projects can use it straight away. Chmouel. [1]https://review.openstack.org/#/c/7659/ ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Swift] Swift3 Github pages
On Tue, May 22, 2012 at 12:55 AM, FUJITA Tomonori fujita.tomon...@lab.ntt.co.jp wrote: Thanks, before pulling the request, I would like to discuss the usage of github pages and wiki. Which do we want? Or both? I think we should favour as much possible RST documentation to follow what we have in core swift. The github pages feature is just a nice landing page for users that list most of the information about the project (i.e: latest release, documentation, tarball download etc..) Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Swift] Swift3 Github pages
On Mon, May 21, 2012 at 10:33 PM, Oleg Gelbukh ogelb...@mirantis.com wrote: We have a feature for swift3 middleware that we'd like to propose for merge. How we can do this now, when it is split into associated project? How has the procedure changed? I would expect this is going to be a typical Github (i.e: pull requests with multiple commits) workflow instead of a OpenStack gerrit workflow. This is maintained by fujita who's deciding what should go in or not. Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Middleware packaging (was: swift3 middleware split)
On Tue, May 22, 2012 at 2:10 PM, Thierry Carrez thie...@openstack.org wrote: That said, in that particular case, we should probably first address the wider question of where the keystone/swift middleware should actually live. Looks like for the other projects this is shipped as part of the core project code, and having some consistency there would probably be good. At the last swift meeting[1] it was decided to be moved to swift, but I was talking about auth_token middleware which is shipped by keystone and used by most of OpenStack projects. Chmouel. [1] http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-16-20.31.html ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] python-swiftclient in gerrit
Hi, As mentioned a couple of times we are splitting python-swiftclient out of swift, this is mostly ready to cut in its own gerrit project here : https://github.com/chmouel/python-swiftclient monty any chance to get that repo into gerrit with the swift-core being the approvers. I haven't add much more than make it works, I am waiting to get it into gerrit to before starting to do a bit of refactoring and additions. The other steps needed to be done to make python-swiftclient a world-class library for other OpenStack components will be : - remove the swift.common.client and bin/swift and unittests from swift. - Update the bin/swift-dispersion-(report|populate) tools, utils swift.container.sync feature and functional tests to use the new library. - Update documentation. - Let people know about the namespace change (ie: blog post). - Work on migrating horizon from python-cloudfiles. - Work on Glance integration. As suggested, we probably can move swift.common.direct_client[1] to swiftclient, if nobody has any objection I'll move it under the namespace swiftclient.admin after we have moved to gerrit. Let me know if I have missed something. Chmouel. [1] For people wondering : Internal client library for making calls directly to the servers rather than through the proxy. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] python-swiftclient in gerrit
On Mon, May 21, 2012 at 12:25 PM, Chmouel Boudjnah chmo...@chmouel.com wrote: The other steps needed to be done to make python-swiftclient a world-class library for other OpenStack components will be : [...] Let me know if I have missed something. Obviously there is devstack as well. Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] swift3 middleware split.
Hi Fujita, I have sent you a pull request for your swift3 repository : https://github.com/fujita/swift3/pull/1 I have added a few files to match a bit more what gholt did in the other middlewares and copied the swift3 unittests as well. I am going to work on a branch for devstack that use this middleware for testing since we have a an excercise there that functionally test much of this feature (via euca-upload-bundle). When this is done we can probably remove it from swift main repository and let know people by updating documentation (ie: s3_token in swift) and others (ie: blog post) about the change. Let me know what do you think, Regards, Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] [Swift] Swift3 Github pages
Hello Fujita, I sent you a documentation pull req that should generate the sphinx doc, It would be nice to generate some static html page of the documentation as what Greg has done for his projects for example : http://gholt.github.com/swauth/ This is something done by the github project owner see http://pages.github.com or http://help.github.com/pages/ for how to do that. I have sent already the gerrit review to remove swift3 from swift : https://review.openstack.org/#/c/7628/ and reference your repository http://github.com/fujita/swift3 in associated project. Thanks, Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift Object Storage ACLs with KeyStone
Hi, In swift+keystone you are not allowed to have ACL between different account/tenant/project, you can only allow ACL between different users in a tenant. This is probably something not too difficult to implement but it may needs some tinkering to get it right. Please feel free to log a bug in keystone and we'll try to address that. Chmouel. On Sat, May 12, 2012 at 4:02 AM, 张家龙 zhan...@awcloud.com wrote: Vish , Thank you for answering. While ,sorry,I don`t understand your said. Do you mean I have to do like follows when I setting up acls: curl -X PUT -i \ -H X-Auth-Token: token of demo:demo \ -H X-Container-Read: tenant_id:user_id \ http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc Or,other operations and settings? -- Best Regards ZhangJialong -- Original -- From: Vishvananda Ishayavishvana...@gmail.com; Date: Sat, May 12, 2012 03:03 AM To: 张家龙zhan...@awcloud.com; Cc: openstackopenstack@lists.launchpad.net; Subject: Re: [Openstack] Swift Object Storage ACLs with KeyStone I'm not totally sure about this, but you might have to use the project_id from keystone instead of the project_name when setting up acls. The same may be true of user_id. Vish On Fri, May 11, 2012 at 12:51 AM, 张家龙 zhan...@awcloud.com wrote: Hello, everyone. I encountered some problems when i set permissions (ACLs) on Openstack Swift containers. I installed swift-1.4.8(essex) and use keystone-2012.1 as authentication system on CentOS 6.2 . My swift proxy-server.conf and keystone.conf are here: http://pastebin.com/dUnHjKSj Then,I use the script named opensatck_essex_data.sh( http://pastebin.com/LWGVZrK0 ) to initialize keystone. After these operations,I got the token of demo:demo and newuser:newuser curl -s -H 'Content-type: application/json' \ -d '{auth: {tenantName: demo, passwordCredentials: {username: demo, password: admin}}}' \ http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool curl -s -H 'Content-type: application/json' \ -d '{auth: {tenantName: newuser, passwordCredentials: {username: newuser, password: admin}}}' \ http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool Then,enable read access to newuser:newuser curl -X PUT -i \ -H X-Auth-Token: token of demo:demo \ -H X-Container-Read: newuser:newuser \ http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc Check the permission of the container: curl -k -v -H 'X-Auth-Token:token of demo:demo' \ http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc This is the reply of the operation: HTTP/1.1 200 OK X-Container-Object-Count: 1 X-Container-Read: newuser:newuser X-Container-Bytes-Used: 2735 Accept-Ranges: bytes Content-Length: 24 Content-Type: text/plain; charset=utf-8 Date: Fri, 11 May 2012 07:30:23 GMT opensatck_essex_data.sh Now,the user newuser:newuser visit the container of demo:demo curl -k -v -H 'X-Auth-Token:token of newuser:newuser' \ http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc While,I got 403 error.Can someone help me? -- Best Regards ZhangJialong ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Default swift replicas in devstack
Hello, devstack install swift if you are adding the service to your localrc (as specified in devstack README.rst). By default if swift is installed it will configure three different replicas and due of the nature of replication makes a lot of IO which lead to people saying /devstack with swift kill my VM/. Since most people are not going to install swift on devstack for debugging/deving object replication and don't need obviously availability I was wondering if anyone have any objection if I set swift default replicas to 1 in devstack. This is obviously a setting that people can adjust if they want. Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Swift] swift news and plans
Hi Suchi, I am not sure I understand your email, is your question says if temp_url work with the keystone middleware? the answer would be no as the middleware does not implement the allow_overrides feature to allow such thing. Please feel free to log a bug in launchpad. Cheers, Chmouel. On Mon, May 14, 2012 at 8:19 PM, Suchi Sinha (susinha) susi...@cisco.com wrote: Does it work with keystone? I am trying to test this feature. Follow all your steps.. Always getting No such file or directory Here how I am accessing https://IP:8080/v1/AUTH_74a6a2e705e74158bda736f5c8c6c89d/android/droidfi le.jpg?temp_url_sig=97fbcdba9be019c6d76dcf4d8079e66436c9d557temp_url_ex pires=1337025081 getting this error https://IP:8080/v1/AUTH_74a6a2e705e74158bda736f5c8c6c89d/android/droidfi le.jpg?temp_url_sig=97fbcdba9be019c6d76dcf4d8079e66436c9d557: No such file or directory Do I need to setup anything to support this feature? Thanks ~Suchi -Original Message- From: openstack-bounces+susinha=cisco@lists.launchpad.net [mailto:openstack-bounces+susinha=cisco@lists.launchpad.net] On Behalf Of John Dickinson Sent: Friday, May 04, 2012 11:57 AM To: openstack (openstack@lists.launchpad.net) Subject: [Openstack] [Swift] swift news and plans TL;DR: removing code from swift, associated projects doc, swift 1.5.0 I want to let the openstack community know of some recent changes within swift and how those changes will affect the next version of swift. Swift has a growing developer community and a rapidly expanding deployed base. While this growth is fantastic, it does come with new challenges, especially for the swift core developers. As more and varied use cases are presented to swift, patches are submitted that enhance swift's functionality either by offering optional features or alternative APIs. The challenge with this growth is that the core developers become responsible for understanding and maintaining an ever-increasing codebase. This responsibility becomes a timesink, both for reviews and for fixing regression bugs as new core features are added. For non-core developers, the review process for new code becomes slower, and changes that don't affect swift's core functionality often fall to the bottom of the pile--sometimes even to the point of expiring due to inactivity. Our solution for these problems is to limit the scope of swift. Swift's core functionality is to provide cheap, durable, and scalable object storage exposed through its own API. Other functionality and alternative APIs should be maintained separately from the swift codebase. As a result of this focus in scope, we have begun removing some of the optional parts of swift. Initially, this will include the tempurl, formpost, staticweb, rate limiting, swift3, domain remap, and cname lookup middleware modules. Proposed patches that offer alternative APIs (like CDMI) or include optional functionality that can be implemented external to swift will be encouraged to be developed separately from swift. We have already begun the process of removing many of these pieces of middleware from swift and moving them into their own respective repos. However, all of this functionality is quite valuable and beneficial to swift. There is a real need for most of these modules. Separating them from swift introduces the problem of discoverability. As a result, we have added a new page to our swift docs that lists associated projects and added links to that page on swift.openstack.org. http://swift.openstack.org/associated_projects.html This page is fairly limited right now, but the basic structure is there. As things are removed from swift and as new associated projects are created, they will be added to the list. This doc page is maintained in the swift codebase, so updating it is subject to the same requirements of any other patch to swift. An important note is that this list offers no distinction or references to official or approved associated projects. This list is independent of any openstack CI integration that may or may not happen in the future. Once we finish the process of migrating the optional pieces of swift away from the swift codebase, we will cut our next release: swift 1.5.0. There is no date set for this yet, but I hope the migration process can be finished in the next several weeks. Swift 1.5.0, therefore, will be somewhat larger than most of our other swift releases. Existing deployers will need to be careful about upgrading to ensure that new dependencies are met. If you have any questions, please feel free to email me. This whole effort is a work-in-progress. I know that there are several similar discussions going on within the openstack community, and swift's solution is not necessarily intended to replace any more general solution that may eventually arise. If there is a better solution at some point, we will do what we can to integrate with it.
Re: [Openstack] Swift on Webob-1.2 anyone?
Hi Pete, On Wed, May 9, 2012 at 4:45 AM, Pete Zaitcev zait...@redhat.com wrote: on adapting Swift for WebOb 1.2 and if a patch is available somewhere. I see Ionut fixed lp:984042, but clearly it wasn't enough. If nobody's done it yet, I suppose I could take a swing at it. New webob I started doing that sometime ago (~6 month) and abandoned working on it since some of the changes were pretty intrusive[1] with the way swift works and webob 1.2 was in beta at that time (and still is). The challenge if you are taking a stab at it would probably be to support webob 1.1* and 1.2 at the same time in the code. Cheers, Chmouel. [1] I can't remember the details. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Listing roles for a user
Hi, On Fri, May 4, 2012 at 4:36 PM, Kevin Jackson ke...@linuxservices.co.uk wrote: Hello everyone, Quick Q: As an administrator how can I list the roles for a given user with the keystone client? This should show up in the reply from the rest query after you auth, not sure about keystoneclient Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift authentication using keystone (Essex deploy manual)
Hi Lucio, This should be all documented here: http://keystone.openstack.org/configuringservices.html#configuring-swift-to-use-keystone Chmouel On Mon, Apr 30, 2012 at 3:26 PM, Lucio Cossio lucio.cos...@gmail.com wrote: I'm still having problems to configure Swift with Keystone, someone can show me a proxy-server.conf file that works? ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Where does Keystone middleware for Swift belong?
On Thu, Apr 12, 2012 at 5:03 AM, John Dickinson m...@not.mn wrote: 4) We have previously removed auth systems from swift's core code in order to simplify the codebase and allow separate dev cycles. All that is included now is the most basic auth system required for dev work, stand-alone tests, and POC deployments. If swift doesn't want to be opinionated about a auth server I think this is a good reason to have it outside Swift and probably like you suggest in the contrib area if that something we can make happen. I like the idea of having the middleware in the *client as effectively those middleware are clients but that may not what a end-user expect. It may be another discussion but it would be nice to abstract the auth code in Swift as currently this is not so easy to implement all Swift features in Auth middleware. The best way currently to do so is to follow the commits in tempauth/swauth and each middleware maintainers implement the features on his own. Maru has been thinking about it and started to do an implementation in the swift_auth middleware in this review : https://review.openstack.org/#patch,sidebyside,5661,4,keystone/middleware/swift_auth.py I can't remember what was the outcome of the initial work done by Greg on authz in Swift but is Maru review can be something we can look forward to have in Swift so all the other middleware would only have to do the strict minimal of authentication/validation ? Cheers, Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Where does Keystone middleware for Swift belong?
On Thu, Apr 12, 2012 at 12:01 AM, Joshua Harlow harlo...@yahoo-inc.comwrote: This also seems to make sense for other items in that directory /middleware? Should the EC2/S3 stuff be in nova? I'd say the s3 middle-ware if it has to be moved would probably be a better fit in swift than nova since it has been designed to be used with swift's swift3 middleware. Chnmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [OpenStack]Swift + Keystone + Cyberduck
On Tue, Apr 10, 2012 at 3:32 AM, William Herry william.herry.ch...@gmail.com wrote: I am try to use Cyberduck as the client of Swift storage, my swift use keystone as the auth system, any one has successful experience can share with me, or is there any other client software for swift Unfortunately Cyberduck currently only support auth 1.0 and not the auth 2.0 provided by Keystone. In fact I can't make Cyberduck work when I use tempauth as the auth, which can work with cloudberry and cloudfuse, but as I know, in windows only Cyberduck can support Keystone You should see a Swift connection type in Cyberduck I think which should make it easy to setup. Cyberduck works on MacOSX as well. Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift and keystone: asking for an auth token.
On Tue, Apr 3, 2012 at 4:53 PM, Pierre Amadio pierre.ama...@canonical.com wrote: I am trying to use swift and keystone together (on ubuntu precise), and fail to do so. roles: [{id: 60a1783c2f05437d91f2e1f369320c49, name: Admin}, [...] [filter:keystone] paste.filter_factory = keystone.middleware.swift_auth:filter_factory operator_roles = admin You are in the group Admin and your operator_roles is admin (lowercase). Cheers, Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Keystone] keystone filter and server
Hi, On Mon, Apr 2, 2012 at 4:17 AM, Deepak Garg deepakgarg.i...@gmail.com wrote: a. All the projects are using middleware.auth_token.py from the keystone repo for basic token auth, but if we now say that the filter_factory needs to be set to keystone.middleware.auth_token, does that mean that keystone should to be installed on the same machine as that service ? b. If yes, does this also mean that keystone server should be running on all nodes ? It needs only the file auth_token.py and nothing else from keystone. For dependencies on the server you'll need to have python-webob installed and python-memcache/python-iso8601 if you use memcache caching. Hopefully packagers would create a sub-package from keystone source with only auth_token in there easy to install on the hosts that need it. Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift tools with Keystone: swift-bench and swift-dispersion-*
There is a review on the go here: https://review.openstack.org/#change,6088 which should address swift-dispertion to be able to connect to auth version 2.0 servers. Feel free to log a bug if there is other tools missing. Chmouel. On Mon, Apr 2, 2012 at 10:57 PM, Kevin Jackson ke...@linuxservices.co.uk wrote: Hello All, Is it possible to use Swift tools such as swift-bench and swift-dispersion-populate/report with Keystone? If so, how? The examples refer to the SAIO configuration of authentication using tempauth on port 11000 but I can't find reference to what should run on port 11000 (I'm presuming this is the default for proxy-server or have I misread something?)... Cheers, Kev -- Kevin Jackson @itarchitectkev ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] what's the default usernamepassword for the instance in devstack?
On Wed, Mar 28, 2012 at 10:56 AM, Felix f...@tnsoft.com.cn wrote: I tried to install openstack by devstack and succeeded, but where can i find the default username and password for the launched instance? This should be mentioned (on your screen) when stack.sh is finished or it should be stored in the value ADMIN_PASSWORD in the localrc file. Chmouel. PS: default username is admin ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift backend with Keystone v1 auth
Hi Nicolas, On Tue, Mar 27, 2012 at 2:45 PM, Nicolas de BONFILS ndebonf...@gmail.com wrote: I can authenticate in keystone and swift with v2, but I don't know how to configured Glance API to do the v1 auth. The conf files (glance/keystone/swift) : https://gist.github.com/2215460 We are adding v2 support in this review https://review.openstack.org/#change,5856, glance and keystone+swift support should be available soon. AFAIK: there is no way to configure v1 for keystone. Cheers, Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] keystone-all with argument (or where to find config files)
Hello, Posting here, as I am wondering if I do something wrong or should I report this as a bug : http://pastie.org/private/mgjncwqlwtezvl3awucwxg Seems like if you don't specify a config file to keystone-all it will crash. What do you think about a strategy to find config file like this : - if --config-file= is specified use that. - elif file exists ./keystone/keystone.conf use that (for dev). - elif file exist /etc/keystone/keystone.conf use that (for prod). Cheers, Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift, Keystone, and S3 pipeline configuration
Hi Ross, On Tue, Mar 27, 2012 at 9:14 PM, Lillie Ross-CDSR11 ross.lil...@motorolasolutions.com wrote: I'm trying to get the S3 api working with Swift using Keystone authentication. My setup is based on the patched Diablo release using the This wouldn't work on Diablo, you would need keystone from essex to get this working. Cheers, Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Keystone auth issues with Swift
On Mon, Mar 26, 2012 at 10:30 AM, Haefliger, Juerg juerg.haefli...@hp.com wrote: I'm struggling a bit with the unit test. I added a test_swift_store.add_auth_v2 unit test but it's not doing much since the swift.common.client get_auth call is stubbed out and always succeeds. What exactly should I be testing for? I was thinking of modifying fake_auth_get to check that auth_version is as expected when using auth 2. I think that should be good for a start. Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Keystone's Swift Integration
Hi Maru, Sorry I have been taking long to come to you on this, I have revived review 4529[1] which add the swift tests. I was talking to termie about it sometime ago and the way we decided to do is to skip the tests if Swift is not installed[2]. Feel free to add stubs as this is not ideal. I was working as well on container-sync and anonymous requests but was not sure if this should go in for Folsom or for this release. Cheers, Chmouel. [1] https://review.openstack.org/#change,4529 [2] Ideally I would love to have swift.common.*/swiftclient go to another package but that's probably a discussion for Folsom summit. On Tue, Mar 20, 2012 at 3:33 AM, Maru Newby mne...@internap.com wrote: I'd like to write unit tests for keystone.middleware.swift_auth in advance of some functional changes (adding support for unauthenticated container sync and referrer access). It appears that swift_auth lacks unit tests, though. Is this due to its dependency on swift, or is there another reason? Given that untested code is difficult to maintain, what would the best option be to add tests for swift_auth? Ideally the module would just move to the swift repo, but if for some reason that's not an option, I'm prepared to use stubs. Thanks, Maru ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Keystone auth issues with Swift
Hi Juerg, On Tue, Mar 20, 2012 at 10:56 AM, Haefliger, Juerg juerg.haefli...@hp.com wrote: Did you start on it already? I made the modifications that you suggested this morning and it seems to work now. I can successfully add and delete images through Glance now. Let me know if you want me to create a patch/review. If so, do I need to file a bug first or is it covered under an existing one? I haven't start on it as Jay was telling me you were working on this, feel free to work against this bug https://bugs.launchpad.net/glance/+bug/944946 (Please don't forget to add the unittest for it). Thanks, Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Keystone auth_token confusion in Swift vs Glance; Persistent tokens or not ?
On Tue, Mar 20, 2012 at 4:15 PM, Florian Daniel Otel florian.o...@gmail.com wrote: 1) Naming inconsistencies -- token_auth , tokenauth (Keystone resp Swift) vs authtoken (Glance) [...] While this may be only pedantic IMHO it would help if things would be called That's correct, I started to address it in devstack[1] and have one on the way for updating the keystone docs[2] and the manuals. Now, the question is: Since we are now to stop using long-lived tokens hardcoded as admin_token in keystone.conf, resp in the auth_token middleware sections of swift resp, glance, how is a user/pass config supposed to look like ? examples ? This should be as simple as : https://github.com/openstack-dev/devstack/blob/master/files/swift/proxy-server.conf#L34 Cheers, Chmouel. [1] https://github.com/openstack-dev/devstack/commit/bd07d61c4545c52d39b9c957ff9e4423525ca452 [2] https://review.openstack.org/5573 ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Please stop the devstack non-sense!
Hi Thomas, On Tue, Mar 20, 2012 at 4:40 PM, Thomas Goirand tho...@goirand.fr wrote: The same mess applies in the devstack not-for-XenServer. In some cases, some tools are apt-get installed. I can see for example 'apt-get install sudo'. But stack.sh assumes (god knows why) that screen is already screen is installed via packages and devstack don't assume it's already installed : https://github.com/openstack-dev/devstack/blob/master/files/apts/general Frankly, this devstack stuff is just a big hack. Nothing is really structured with functions. It's not really possible to run the scripts twice either (it's not idempotent, AFAIC). I haven't tested the xen support but for the default install, I have quickly spawned a VM on my laptop, downloaded devstack and ran it twice and except having to kill screen[1] between the two run it was actually the right thing (ie: redone the configuration). I don't think anyway that if you are a developer, you will be working on absolutely all packages (nova, glance, keystone, swift, quantum...) that we have available in Openstack. In most cases, you'd be working on *one* of the Git checkout, and the rest of could well be downloaded and installed, either through the PPA, or from Ubuntu directly. So why using devstack which will checkout absolutely all components from Github? This doesn't make sense either. Also, if this continues, none of the developers will be testing the final result (eg: the packages). we have the ENABLED_SERVICES= variable for that and we have lately fixed a lot of those bugs. (albeit it does indeed check-in nova currently for all services which is a bug that need to be fixed). Chmouel. [1] Which devstack had kindly advised me to do. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Keystone's Swift Integration
Hi Maru, I probably can land something by tomorrow or thursday and we can see what the keystone peoples would want to do with it. since this part of the code don't affect much keystone core, I have hope this could land before essex release. The main problem was that it needed a bit of shuffling around so I wanted to implement that only for Folsom. IMO the swift_auth middleware is still usable as it is, having public container is a use-case but not the most important one. Cheers, Chmouel. On Tue, Mar 20, 2012 at 10:18 PM, Maru Newby mne...@internap.com wrote: Hi Chmouel, Skipping for now is pragmatic, but I'd definitely want to implement stubs after your change lands to ensure that unit tests always run. I vote for implementing support for unauthenticated access asap. Anonymous access to Swift is a very important use case, and not having it means that Keystone's swift middleware is not usable as-is. Deployers will have to implement and maintain that functionality themselves until this is resolved. What will it take to have it go in for this release? Thanks, Maru On 2012-03-20, at 2:43 AM, Chmouel Boudjnah wrote: Hi Maru, Sorry I have been taking long to come to you on this, I have revived review 4529[1] which add the swift tests. I was talking to termie about it sometime ago and the way we decided to do is to skip the tests if Swift is not installed[2]. Feel free to add stubs as this is not ideal. I was working as well on container-sync and anonymous requests but was not sure if this should go in for Folsom or for this release. Cheers, Chmouel. [1] https://review.openstack.org/#change,4529 [2] Ideally I would love to have swift.common.*/swiftclient go to another package but that's probably a discussion for Folsom summit. On Tue, Mar 20, 2012 at 3:33 AM, Maru Newby mne...@internap.com wrote: I'd like to write unit tests for keystone.middleware.swift_auth in advance of some functional changes (adding support for unauthenticated container sync and referrer access). It appears that swift_auth lacks unit tests, though. Is this due to its dependency on swift, or is there another reason? Given that untested code is difficult to maintain, what would the best option be to add tests for swift_auth? Ideally the module would just move to the swift repo, but if for some reason that's not an option, I'm prepared to use stubs. Thanks, Maru ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Fwd: RE: Keystone auth issues with Swift
Hello, I was actually going to start working on that today as we have review 4893 merged as of last night, basically when you connect with glance to swift : https://github.com/openstack/glance/blob/master/glance/store/swift.py#L306 You need to have an option in glance to connect to a auth 2.0 server like : swift_auth_version = 2 and pass auth_version=2 to swift_client.Connection : https://github.com/openstack/swift/blob/master/swift/common/client.py#L796 Which should be able to get the images for that username/key stored in keystone. If you would like to have a go on it please feel free as I don't know very glance code-base (but there is always a start :)) Chmouel. PS: Ccing the public mailing-list as I think it would be more useful to have those discussions in public. From: Haefliger, Juerg [juerg.haefli...@hp.com] Sent: 16 March 2012 12:11 To: Pipes, Jay; Chmouel Boudjnah Subject: RE: Re: Fwd: RE: Keystone auth issues with Swift Hi guys, Thanks for the info. I still have some questions though. I applied https://review.openstack.org/#change,4893 to my local branch. When you say 'Glance doesn't speak 2.0' which part of Glance are you referring to? The CLI or some other component? Where do I have to make modifications to get this working? Glance only or some middleware in keystone as well? Thanks ...Juerg -Original Message- From: Pipes, Jay Sent: Thursday, March 15, 2012 8:54 PM To: Haefliger, Juerg Subject: Fwd: Re: Fwd: RE: Keystone auth issues with Swift Hey again! See below an explanation from Chmouel as to what may be happening... All the best, jay Original Message Subject: Re: Fwd: RE: Keystone auth issues with Swift Date: Tue, 13 Mar 2012 14:09:32 - From: Chmouel Boudjnah chmo...@chmouel.com To: Pipes, Jay jay.pi...@hp.com Hello Jay, This is because Glance doesn't 'speak' Auth 2.0 when using swift.client, see this bug : https://bugs.launchpad.net/glance/+bug/944946 Would love to make this works but this review has been sitting : https://review.openstack.org/#change,4893 The way it should work, should be[1] : Glance = swift.client (2.0 ''mode'') = Keystone (get us a token) = Swift = SwiftAuth = Validate token = Access There is probably going to have some caching around this to avoid some round trip. Cheers, Chmouel. [1] It may look confusing let me know if you want some kind of diagram. On 03/13/2012 01:58 PM, Pipes, Jay wrote: Hi Chmouel, hoping you might be able to help me out. I've got an HPer who is trying to get Diablo Glance + Swift working properly with Keystone. Basically, it looks like the Glance auth_token middleware is correctly handling Keystone authentication and using the swift CLI tool works fine with Keystone auth. However, adding an image through the glance client using a Swift backend is failing (see below in original email). I'm wondering if there's something obvious that I'm missing? AFAIK, the Glance Swift backend driver simply calls the swift client, passing in the user/key that is stored in the Glance config store_swift_auth_user/key values. The token *should* be created by the swift_auth middleware when it sees an HTTP request with X-Auth-User and X-Auth-Key headers (that the Glance Swift backend driver supplies), right? Thanks in advance for any insight you might have! -jay Original Message Subject: RE: Keystone auth issues with Swift Date: Tue, 13 Mar 2012 09:09:37 - From: Haefliger, Juergjuerg.haefli...@hp.com mailto:juerg.haefli...@hp.com To: Pipes, Jayjay.pi...@hp.com mailto:jay.pi...@hp.com Hi Jay, Thanks for the suggestion but it didn't help :-( Doing some tracing, I can see the following sequence (which is identical with or without the -A option) when trying to add an image through glance: glance-api: auth_token: env contains'HTTP_X_AUTH_TOKEN' glance-api: glance_auth_token: req.headers contains'X-Auth-Token' glance-registry: auth_token: env contains'HTTP_X_AUTH_TOKEN' glance-registry: glance_auth_token: req.headers contains'X-Auth- Token' swift-proxy-server: swift_auth: env does not contain'HTTP_X_AUTH_TOKEN' glance_token_auth pulls the X-Auth-Token from the request header and creates a context that contains it. Somehow that context doesn't make it over to swift_auth. Am I missing a context filter in one of the config files or something? I don't really understand paste.deploy and the filters so how is the env for swift_auth created? Thanks ...Juerg -Original Message- From: Pipes, Jay Sent: Monday, March 12, 2012 7:00 PM To: Haefliger, Juerg Subject: Re: Keystone auth issues with Swift Hi! Yeah, Keystone middleware is a mess IMHO (for all projects, not just Glance and Swift). If you try adding a -ASERVICE_TOKEN option to your glance add
[Openstack] Swift acting as nova-objectstore
Hi Vish, I have done some more testing on those two reviews on a clean devstack install with this nova review : https://review.openstack.org/5338 this keystone review : https://review.openstack.org/5340 and a small modification to devstack to have S3_URL pointing to Swift if we have it installed : http://pastie.org/private/mwqxhkbcs8yvxnqjbluja [should be merged in https://review.openstack.org/#change,4696] When launching excercises/bundle.sh everything seem to work ok : http://pastie.org/private/dif4hc9jxj2owfs9dq7lvg Uploading and Registring seems to have been done currently, and I can see it from Swift : stack@devstack:~/devstack$ swift list testbucket [swtoken-swift3-tests] bundle.img.manifest.xml bundle.img.part.00 There is one place where it looks like it's erroring out : http://pastie.org/private/10pta1v5txfzwjjzfehukg which seems to be somewhere along glance connection, I am not entirely how everything get passed from nova- objectstore to glance and where does it fails, any ideas ? Thanks, Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] swift and two data-centres - hierarchical zones?
Hi John, On Sat, Mar 10, 2012 at 2:58 PM, John Leach j...@brightbox.co.uk wrote: Any thoughts on this? Can the existing Ring implementation be extended to do this kind of thing? Is the code modular enough to be able to make the Ring implementation pluggable? There was talk about this at the latest OpenStack conference in Boston, I think HP was interested to implement this kind of thing but I haven't seen anything since then. Cheers, Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] question
You probably would want to ask this question on orchestra mailing list. Chmouel. 2012/3/8 khabou imen imenkh...@gmail.com: J'utilise un ubuntu-server 11.10 alloué de OVH sur lequel j'ai installer orchestra server . Ma question est la suivante :Comment pourrais-je m'assurer que les serveur DNS et DHCP sont automatiquement installer lors de l'installation d'orchestra? ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] devstack: excercises script other than shell scripts
On Sat, Feb 25, 2012 at 6:50 PM, Debo Dutta (dedutta) dedu...@cisco.comwrote: +1 IMO devstack scripts should be simple and test the system from a user's perspective. Hence it would be nice to stick to the external APIs. I was thinking that we could actually use euca-upload-bundle to demo this functionality which work now to a swift+swift3 cluster and should not need new dependences or other python script. Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Object Storage Swift on rhel6.0
On Thu, Feb 23, 2012 at 9:53 AM, Sudhakar Maiya sma...@gmail.com wrote: attached the log file. packages/swauth/middleware.py, line 510, in handle_prep#012(path, resp.status))#012Exception: Could not create the main auth account: /v1/AUTH_.auth 503 Internal Server Error#012: Have you checked file permissions on the disk? Cheers, Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift container ACLs and container visibility question
On Thu, Feb 23, 2012 at 10:25 PM, John Dickinson m...@not.mn wrote: It all depends on the auth system you are using. This is about the same for keystone but to be a .admin like in tempauth or swauth for keystone middleware you need to have one of the role specified in the configuration variable operator_roles[1] which is by default admin and SwiftOperator. Below is for swauth and tempauth: Chmouel. [1] https://github.com/openstack/keystone/blob/master/keystone/middleware/swift_auth.py#L80 ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] swift keystone help
On Thu, Feb 23, 2012 at 10:57 PM, Alan Pevec ape...@gmail.com wrote: On Thu, Feb 23, 2012 at 11:23 PM, Paras pradhan pradhanpa...@gmail.com wrote: Now I have keystone configured at http://192.168.122.14:5000/v2.0 how to use curl in this case to get a token? Example from devstack: By the way for my dev and testing I use this (quickly and hacky written) script : http://p.chmouel.com/ks usage is : ks host user password #account == user here or ks host account:user password (host can be a full URL if you start it with http or it will use as a host and convert it to http://host:5000/v2.0/tokens) it wil auth to keystone print the formatted json (or show the error if there is a problem) and at the end will print the curl command to validate the token on object-storage. hopefully this should be useful for someone else. Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Object Storage Swift on rhel6.0
Hi, On Tue, Feb 21, 2012 at 12:48 PM, Sudhakar Maiya sma...@gmail.com wrote: LookupError: Entry point 'swauth' not found in egg 'swift' (dir: /usr/lib/python2.6/site-packages; protocols: paste.filter_factory, paste.filter_app_factory; entry_points: ) did you install Pete's swauth rpm? http://people.redhat.com/zaitcev/tmp/ Cheers, Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift S3 with Keystone anyone?
On 17 Feb 2012, at 06:12, Pete Zaitcev wrote: - A S3Token middleware which is based on Akira version with some fixes. Yeah, that looks beautiful... Unfortunately the back-end inherits the old problem: it authorizes against EC2 credentials instead of Swift credentials. The result is, if two applications A and B use different access methods, CF and S3, to the same account, they do not see each other's objects. It happens because the storage URL returned by Keystone differs for them, as far as I can discern. This is actually supported as mentioned in my temporary doc[1] see the transcript here : http://pastie.org/3401911 this made of from a fresh devstack with a few tweaks to the configurations. I plan to add this to devstack but I am waiting first for some of my other review to get approved to push those changes and be able to get rid of swift-keystone2 for good. S3token middleware: https://review.openstack.org/#change,3910 Swift token middleware: https://review.openstack.org/#change,3911 Do you still want reviews on these, after the merge of redux? This has been merged to keystone master, feel free to review the one the add reseller admin support : https://review.openstack.org/#change,4234 and the doc update : https://review.openstack.org/#change,4233 The reseller admin will allow us ultimately to have swift acting as a nova-objectstore for nova. I have more plans for the middleware, I'd like to get the compressive tempauth testsuite running on swiftauth with almost no modifications and add along the way anonymous user object access via ACL. Let me know if you have questions. Cheers, Chmouel. PS: readding openstack@ as this may be useful for everyone. [1] http://p.chmouel.com/swift-keystonelight-s3.txt ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Keystone authentication
On Fri, Feb 17, 2012 at 9:58 PM, Mahdi Njim njimma...@gmail.com wrote: In the recent versions of NOVA, SWIFT and Glance we can only do authentication by Keystone This should works nicely with the latest version (and probably earlier) of keystone (ie: master). Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Glance with Swift backend auth failure using Keystone
Alan Pevec ape...@gmail.com writes: https://github.com/cloudbuilders/swift-keystone2 Is this official part of openstack? If yes, shouldn't this middleware be included in the keystone project? This is not official of the OpenStack project, most of the update has been done in keystone redux which should be merged soon. Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Devstack (sh) and tmux
On Wed, Feb 8, 2012 at 8:05 PM, Jay Pipes jaypi...@gmail.com wrote: Option is best. I find both scenarios useful depending on what I'm working on. It seems that for everybody tmux and other shell support is not as important, I'll send a patch removing that support. Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] mailing list etiquette
Mark McLoughlin mar...@redhat.com writes: I wrote this some time ago: https://fedorahosted.org/rhevm-api/wiki/Email_Guidelines If it's helpful, I'm happy to move it across to the OpenStack wiki +1 to that! Chmouel. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Devstack (sh) and tmux
Hi, As mentioned in bug #928967[1] tmux support in devstack is not working and I was wondering if there was much people using it and if I should fix it. The advantage of tmux support is aside of being arguably a better terminal wm it allows support for different shells than bash (ie: zsh) for devstack as reported in bug #928883[2]. What do you think? Is anyone using much tmux or other shells than bash with devstack. Chmouel. [1] https://bugs.launchpad.net/devstack/+bug/928967 [1] https://bugs.launchpad.net/devstack/+bug/928883 ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Swift and devstack.
Hello, I was meaning to do add the feature of launching the swift services in the foreground in a screen/tmux window' instead of in foreground but would like to gather ideas before implementing it. Currently for the Swift All in One we launch 4 (3 replicas and one hand-off) different services: account, container and object server, On each service there is other daemons like container-sync *-updater *-auditor etc... which make a grand total of 68 I guess that's not very manageable to have it on a screen, I think to only bring on foreground the object servers proxy server since IMO they are the most useful ones for devs. Another thing I want to implement is to add Swift as a back-end to Glance. And one last thing, which make the thing a bit annoying when you want a devstack only to test swift is that currently it's very nova dependent, since these lines : https://github.com/cloudbuilders/devstack/blob/master/stack.sh#L1100 would always get parsed no matter if you don't have any n-* services in there, which is not a big deal as add_nova_services is only creating file but it fails miserably on : https://github.com/cloudbuilders/devstack/blob/master/stack.sh#L1404 (Swift need keystone and keystone need MySQL) What do you think if I add a meta n-svc feature which get enabled only if one of the n- services has been activated ? There is as well python-MySQLDB and python-migrate packages need to don't be just in nova but as well in keystone or when nova is not installed keystone would fail. Thoughts? Thanks, Chmouel.___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp