[Openstack] [Swift] Help testing auth 2.0 enabled FTP service
Hello list, I'm the maintainer of (s)ftp-cloudfs, a FTP proxy to access Rackspace Cloud Files and OpenStack Object Storage (Swift). I've created a branch of the FTP server to support Auth 2.0 with python-keystoneclient: https://github.com/chmouel/ftp-cloudfs/tree/auth-2.0 I'm not using Swift with Keystone myself, so I'd appreciate some help testing the new code. There's an open issue, just add a comment if you give the new code a go: https://github.com/chmouel/ftp-cloudfs/issues/29 Thanks in advance! Regards, Juan -- Juan J. Martinez Development, MEMSET mail: j...@memset.com web: http://www.memset.com/ Memset Ltd., registration number 4504980. 25 Frederick Sanger Road, Guildford, Surrey, GU2 7YD, UK. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift account listing
On 18/07/12 23:52, Pete Zaitcev wrote: > Guys, a simple question hopefuly: Not that simple :( > How do I list all Swift accounts? Disclaimer: I don't know if I'm missing an easy way of doing this! I guess you can use the list of current accounts from Keystone and translate that into the account ring hash. For example: swift-get-nodes /etc/swift/account.ring.gz myKeyStoneAcct | grep Hash | cut -f2 5819de5a52d5813f5ce95c9121b97652 Then you can look for hashes that are not in that list of hashes. Per storage node you should check: /srv/node/$0/accounts/$1/*/$2/ (that's my cluster conf, being $0 the device, $1 a partition and $2 the hash you're looking for) And at the end you'll have the path to the .bd files without record in your Keystone database. You can get the account name opening the .db file with sqlite3 and querying something like "select account from account_stat;". Then use the API call to delete the account though the proxy. I hope this makes sense! Kind regards, Juan > Specifically, I have a test installation that I used to experiemnt > with various upgrades and migrations. I probably lost a few testing > accounts in it. Now it sits there and uses up space. How do I find > and eliminate orphan accounts? > > Once I have a list of accounts, I can match them up with the output > of "keystone user-list", and I can run swift-account-audit on them. > > I'm thinking "ls /srv/node/partitions/accounts/" on all storage nodes > and then building a union set. Seems kind of too ad-hoc though. > > Greetings, > -- Pete > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Unsubscribe
On 02/07/12 10:58, Alexey Eromenko wrote: > How-to unsubscribe ? > Go to https://launchpad.net/~openstack , login in your launchpad account and click on "Unsubscribe" button in Mailing list section (left bottom). There are links 4 links in at the end on any mail to the list with information about the list, including unsubscribe. Regards, Juan ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [keystone] Keystone on port 5000 - proposing change default port to 8770
On 21/06/12 09:27, Joseph Heck wrote: > Honestly the only reason is that I've heard some fairly direct feedback that > port 5000 is that MS uPnP port and hence blocked by many corporate entities, > so it's just a matter of a PITA and a slight bump in setup for those groups. > Thought to honestly register another port with IANA like 35357 and put it in > place - wanted to see if anyone screamed first. > Disclaimer: I've never used keystone with nova, only swift user here! Are you using keystone with SSL? It's recommended you use a SSL terminator and instead of Python SSL implementation, so you're using port 5000 in localhost only: keystone (127.0.0.1:5000) HTTP -> SSL terminator* (public-ip:443) -> HTTPS <- Client requests * ie. Pound http://www.apsis.ch/pound/ If you're not using SSL I guess it makes sense to use an HTTP proxy too because of security reasons. Running nginx/apache or something like that in front of keystone looks like a reasonable thing to do, because it will sanitise any malformed request. So I think using port 5000 is not a problem because it shouldn't be used directly in production; unless I'm missing something! Kind regards, Juan ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Swift] Where's Object's metadata located ?
On 18/06/12 11:57, Kuo Hugo wrote: > Hi Adrian , > > Thanks for your explanation ... > > About Q2 , manifest question > Is there any audit mechanism to delete segments of failure uploading object? > What if the uploading procedure is been interrupted by user . > As you said , I think the segments still available for accessing . > On the other hand , it means that those segmented objects will keep on > disk in object-server , even though the uploading failure is caused by > user him self. > Those segments are regular files. The big file support it's just uploading the big file split in parts smaller than 5GB + a manifest file that points to the place of the parts. The user can both access to the parts (that are regular files) and to the manifest, that basically re-assembles the parts automatically on the fly. Kind regards, Juan ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Swift] swift.common.client and swift CLI has moved to its own project python-swiftclient
On 13/06/12 15:42, Dan Prince wrote: > Okay. It looks like Swift also still depends on swiftclient. Long term it > would be nice if we could build and unit test swift without relying on the > swiftclient package. Could we: > I can't see the reason for that, swiftlclient is a dependency of swift (as webob, greenlet, pastedeploy, etc). Regards, Juan ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Swift] Question about cloudfiles API
On 29/05/12 18:07, Shawn Heisey wrote: > [...] >> Just as a note, the SSL capabilities for the Swift proxy server are >> truly for basic testing only. You might want to start with non-SSL and >> then lock it down after you get things working otherwise. > > It took a few tries to figure out everything, but I finally got it > working with SSL turned off. I will look at an SSL terminating load > balancer for production. We're using Pound [1] we're very happy with it! Kind regards, Juan 1: http://www.apsis.ch/pound ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift Object Storage
On 09/05/12 04:02, Sid Sudhi wrote: > > I am trying to write a script to upload large sized files. I am > encountering the following limitations - can some one shed some light if > they can help me over come the issue? > > When files are big and they uploaded with chunks these chunks do not > delete automatically. And the file composed from these chunks has no > size metadata. I reported a bug about container object listing: https://bugs.launchpad.net/swift/+bug/874119 You should get the right information if you run a GET or HEAD request over the object (check the bug report for an example). > Any suggestions? > AFAIK the chunks need to be there. There are two different things: - objects parts (chunks) - manifest file (that tells swift how to assemble the file) Regards, Juan ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] [siwft] Restarting services, FIN_WAIT1
Hello, I've noticed a problem restarting some of swift services, and I don't know if it's related to a local configuration or a more general problem. Basically when I try to restart swift-object-server and the service is busy (you can see the Send-Q has data according to netstat), it stops but the port can't be used because there are sockets with FIN_WAIT1 state. The process is gone, but the kernel is stuck after sending the notice to the remote machine, and doesn't seem to clean the states. I've found a couple of possible solutions: - Set net.ipv4.tcp_orphan_retries to 1 (default seems to be 0 in Squeeze, and seems that it's the reason the orphans are there for ever) - Use a tool like tcpkill Actually I was wondering if there's a "cleaner" way of stopping the process without leaving the send queue full. Regards, Juan -- Juan J. Martinez Development, MEMSET mail: j...@memset.com web: http://www.memset.com/ Memset Ltd., registration number 4504980. 25 Frederick Sanger Road, Guildford, Surrey, GU2 7YD, UK. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
