Re: [Openstack] Swift Object Storage authentication
Hi CHABANI , Would you please show me the proxy-server.conf ? You can paste on http://paste.openstack.org/ or gist. Cheers +Hugo Kuo+ h...@swiftstack.com tonyt...@gmail.com +886 935004793 2013/6/19 CHABANI Mohamed El Hadi chabani.mohamed.h...@gmail.com Hi all, I'm trying to install Swift Object Storage according http://docs.openstack.org/grizzly/openstack-compute/install/apt/content/ch_installing-openstack-object-storage.html when i try to validate my installation with : *swift -V 2.0 -A http://127.0.0.1:5000/v2.0 -U swift:swift -K swift stat* i get : *Unauthorised. Check username, password and tenant name/id* i tried to use differents possibilities for user name and password (admin, demo...) but nothing is working, the username and password should be the same as in the proxy server no ? i don't know if i missed others things i'm new in Swift. i attached here my proxy-server.conf for more details. Thanks for your help. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift Object Storage authentication
Hi Hugo, Here is my proxy-sever.conf http://paste.openstack.org/show/38944/ (i've already attached a pic in the first mail :) ) Thanks 2013/6/19 Kuo Hugo tonyt...@gmail.com Hi CHABANI , Would you please show me the proxy-server.conf ? You can paste on http://paste.openstack.org/ or gist. Cheers +Hugo Kuo+ h...@swiftstack.com tonyt...@gmail.com +886 935004793 2013/6/19 CHABANI Mohamed El Hadi chabani.mohamed.h...@gmail.com Hi all, I'm trying to install Swift Object Storage according http://docs.openstack.org/grizzly/openstack-compute/install/apt/content/ch_installing-openstack-object-storage.html when i try to validate my installation with : *swift -V 2.0 -A http://127.0.0.1:5000/v2.0 -U swift:swift -K swift stat* i get : *Unauthorised. Check username, password and tenant name/id* i tried to use differents possibilities for user name and password (admin, demo...) but nothing is working, the username and password should be the same as in the proxy server no ? i don't know if i missed others things i'm new in Swift. i attached here my proxy-server.conf for more details. Thanks for your help. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift Object Storage authentication
During the installation of Swift, i didn't touch any Keystone configuration, so do you think that i should install Keystone separately according to : http://docs.openstack.org/grizzly/openstack-compute/install/apt/content/install-keystone.html? and configure Swift to work with it ? 2013/6/19 Kuo Hugo tonyt...@gmail.com Hi CHABANI, Currently the problem is on Keystone instead of Swift. (Sorry for missing your proxy conf) Depends on the returned msg, it's unauthorized by keystone. Please make sure there's correct username/password/role/tenant setup. I'd suggestion that you can use keystone API to retrieve the authentication information before test with swift client. Cheers Hugo +Hugo Kuo+ h...@swiftstack.com tonyt...@gmail.com +886 935004793 2013/6/19 CHABANI Mohamed El Hadi chabani.mohamed.h...@gmail.com Hi Hugo, Here is my proxy-sever.conf http://paste.openstack.org/show/38944/ (i've already attached a pic in the first mail :) ) Thanks 2013/6/19 Kuo Hugo tonyt...@gmail.com Hi CHABANI , Would you please show me the proxy-server.conf ? You can paste on http://paste.openstack.org/ or gist. Cheers +Hugo Kuo+ h...@swiftstack.com tonyt...@gmail.com +886 935004793 2013/6/19 CHABANI Mohamed El Hadi chabani.mohamed.h...@gmail.com Hi all, I'm trying to install Swift Object Storage according http://docs.openstack.org/grizzly/openstack-compute/install/apt/content/ch_installing-openstack-object-storage.html when i try to validate my installation with : *swift -V 2.0 -A http://127.0.0.1:5000/v2.0 -U swift:swift -K swift stat* i get : *Unauthorised. Check username, password and tenant name/id* i tried to use differents possibilities for user name and password (admin, demo...) but nothing is working, the username and password should be the same as in the proxy server no ? i don't know if i missed others things i'm new in Swift. i attached here my proxy-server.conf for more details. Thanks for your help. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift Object Storage ACLs with KeyStone
Hi, In swift+keystone you are not allowed to have ACL between different account/tenant/project, you can only allow ACL between different users in a tenant. This is probably something not too difficult to implement but it may needs some tinkering to get it right. Please feel free to log a bug in keystone and we'll try to address that. Chmouel. On Sat, May 12, 2012 at 4:02 AM, 张家龙 zhan...@awcloud.com wrote: Vish , Thank you for answering. While ,sorry,I don`t understand your said. Do you mean I have to do like follows when I setting up acls: curl -X PUT -i \ -H X-Auth-Token: token of demo:demo \ -H X-Container-Read: tenant_id:user_id \ http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc Or,other operations and settings? -- Best Regards ZhangJialong -- Original -- From: Vishvananda Ishayavishvana...@gmail.com; Date: Sat, May 12, 2012 03:03 AM To: 张家龙zhan...@awcloud.com; Cc: openstackopenstack@lists.launchpad.net; Subject: Re: [Openstack] Swift Object Storage ACLs with KeyStone I'm not totally sure about this, but you might have to use the project_id from keystone instead of the project_name when setting up acls. The same may be true of user_id. Vish On Fri, May 11, 2012 at 12:51 AM, 张家龙 zhan...@awcloud.com wrote: Hello, everyone. I encountered some problems when i set permissions (ACLs) on Openstack Swift containers. I installed swift-1.4.8(essex) and use keystone-2012.1 as authentication system on CentOS 6.2 . My swift proxy-server.conf and keystone.conf are here: http://pastebin.com/dUnHjKSj Then,I use the script named opensatck_essex_data.sh( http://pastebin.com/LWGVZrK0 ) to initialize keystone. After these operations,I got the token of demo:demo and newuser:newuser curl -s -H 'Content-type: application/json' \ -d '{auth: {tenantName: demo, passwordCredentials: {username: demo, password: admin}}}' \ http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool curl -s -H 'Content-type: application/json' \ -d '{auth: {tenantName: newuser, passwordCredentials: {username: newuser, password: admin}}}' \ http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool Then,enable read access to newuser:newuser curl -X PUT -i \ -H X-Auth-Token: token of demo:demo \ -H X-Container-Read: newuser:newuser \ http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc Check the permission of the container: curl -k -v -H 'X-Auth-Token:token of demo:demo' \ http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc This is the reply of the operation: HTTP/1.1 200 OK X-Container-Object-Count: 1 X-Container-Read: newuser:newuser X-Container-Bytes-Used: 2735 Accept-Ranges: bytes Content-Length: 24 Content-Type: text/plain; charset=utf-8 Date: Fri, 11 May 2012 07:30:23 GMT opensatck_essex_data.sh Now,the user newuser:newuser visit the container of demo:demo curl -k -v -H 'X-Auth-Token:token of newuser:newuser' \ http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc While,I got 403 error.Can someone help me? -- Best Regards ZhangJialong ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift Object Storage ACLs with KeyStone
There is a nice write-up of Keystone RBAC here: https://blueprints.launchpad.net/keystone/+spec/rbac-keystone AFAIK, Keystone will provide CRUD API around policy.json, but policy enforcement is done at the service level… Joe or Dolph may be able to provide more insights… Liem From: Chmouel Boudjnah [mailto:chmo...@chmouel.com] Sent: Tuesday, May 15, 2012 9:41 AM To: Nguyen, Liem Manh Cc: 张家龙; openstack Subject: Re: [Openstack] Swift Object Storage ACLs with KeyStone This has been filled already zhangjialong : https://bugs.launchpad.net/keystone/+bug/999615 I am not very familiar with how Keystone RBAC u work, AFAIK the current way to do that with policy.json is going to go away in the future, right? Chmouel. On Tue, May 15, 2012 at 6:37 PM, Nguyen, Liem Manh liem_m_ngu...@hp.commailto:liem_m_ngu...@hp.com wrote: Yeah, that is because the swift/keystone middleware checks for the tenantId to match the accountId in the URL path... Perhaps, we should rely strictly on Swift ACL for granting access to a given Swift container, and rely on Keystone RBAC for what you can do with a given Swift account. BTW, we also ran into this issue before... Has a bug/feature request been filed for this yet? If not, I can file one. Thanks, Liem -Original Message- From: openstack-bounces+liem_m_nguyen=hp@lists.launchpad.netmailto:hp@lists.launchpad.net [mailto:openstack-bounces+liem_m_nguyenmailto:openstack-bounces%2Bliem_m_nguyen=hp@lists.launchpad.netmailto:hp@lists.launchpad.net] On Behalf Of Chmouel Boudjnah Sent: Tuesday, May 15, 2012 2:55 AM To: 张家龙 Cc: openstack Subject: Re: [Openstack] Swift Object Storage ACLs with KeyStone Hi, In swift+keystone you are not allowed to have ACL between different account/tenant/project, you can only allow ACL between different users in a tenant. This is probably something not too difficult to implement but it may needs some tinkering to get it right. Please feel free to log a bug in keystone and we'll try to address that. Chmouel. On Sat, May 12, 2012 at 4:02 AM, 张家龙 zhan...@awcloud.commailto:zhan...@awcloud.com wrote: Vish , Thank you for answering. While ,sorry,I don`t understand your said. Do you mean I have to do like follows when I setting up acls: curl -X PUT -i \ -H X-Auth-Token: token of demo:demo \ -H X-Container-Read: tenant_id:user_id \ http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc Or,other operations and settings? -- Best Regards ZhangJialong -- Original -- From: Vishvananda Ishayavishvana...@gmail.commailto:vishvana...@gmail.com; Date: Sat, May 12, 2012 03:03 AM To: 张家龙zhan...@awcloud.commailto:zhan...@awcloud.com; Cc: openstackopenstack@lists.launchpad.netmailto:openstack@lists.launchpad.net; Subject: Re: [Openstack] Swift Object Storage ACLs with KeyStone I'm not totally sure about this, but you might have to use the project_id from keystone instead of the project_name when setting up acls. The same may be true of user_id. Vish On Fri, May 11, 2012 at 12:51 AM, 张家龙 zhan...@awcloud.commailto:zhan...@awcloud.com wrote: Hello, everyone. I encountered some problems when i set permissions (ACLs) on Openstack Swift containers. I installed swift-1.4.8(essex) and use keystone-2012.1 as authentication system on CentOS 6.2 . My swift proxy-server.conf and keystone.conf are here: http://pastebin.com/dUnHjKSj Then,I use the script named opensatck_essex_data.sh( http://pastebin.com/LWGVZrK0 ) to initialize keystone. After these operations,I got the token of demo:demo and newuser:newuser curl -s -H 'Content-type: application/json' \ -d '{auth: {tenantName: demo, passwordCredentials: {username: demo, password: admin}}}' \ http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool curl -s -H 'Content-type: application/json' \ -d '{auth: {tenantName: newuser, passwordCredentials: {username: newuser, password: admin}}}' \ http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool Then,enable read access to newuser:newuser curl -X PUT -i \ -H X-Auth-Token: token of demo:demo \ -H X-Container-Read: newuser:newuser \ http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc Check the permission of the container: curl -k -v -H 'X-Auth-Token:token of demo:demo' \ http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc This is the reply of the operation: HTTP/1.1 200 OK X-Container-Object-Count: 1 X-Container-Read: newuser:newuser X-Container-Bytes-Used: 2735 Accept-Ranges: bytes Content-Length: 24 Content-Type: text/plain; charset=utf-8 Date: Fri, 11 May 2012 07:30:23 GMT opensatck_essex_data.sh Now,the user newuser:newuser visit the container of demo:demo curl -k -v -H 'X-Auth-Token:token
[Openstack] Swift Object Storage ACLs with KeyStone
Hello, everyone. I encountered some problems when i set permissions (ACLs) on Openstack Swift containers. I installed swift-1.4.8(essex) and use keystone-2012.1 as authentication system on CentOS 6.2 . My swift proxy-server.conf and keystone.conf are here: http://pastebin.com/dUnHjKSj Then,I use the script named opensatck_essex_data.sh(http://pastebin.com/LWGVZrK0) to initialize keystone. After these operations,I got the token of demo:demo and newuser:newuser curl -s -H 'Content-type: application/json' \ -d '{auth: {tenantName: demo, passwordCredentials: {username: demo, password: admin}}}' \ http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool curl -s -H 'Content-type: application/json' \ -d '{auth: {tenantName: newuser, passwordCredentials: {username: newuser, password: admin}}}' \ http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool Then,enable read access to newuser:newuser curl ?CX PUT -i \ -H X-Auth-Token: token of demo:demo \ -H X-Container-Read: newuser:newuser \ http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc Check the permission of the container: curl -k -v -H 'X-Auth-Token:token of demo:demo' \ http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc This is the reply of the operation: HTTP/1.1 200 OK X-Container-Object-Count: 1 X-Container-Read: newuser:newuser X-Container-Bytes-Used: 2735 Accept-Ranges: bytes Content-Length: 24 Content-Type: text/plain; charset=utf-8 Date: Fri, 11 May 2012 07:30:23 GMT opensatck_essex_data.sh Now,the user newuser:newuser visit the container of demo:demo curl -k -v -H 'X-Auth-Token:token of newuser:newuser' \ http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc While,I got 403 error.Can someone help me? -- Best Regards ZhangJialong___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift Object Storage ACLs with KeyStone
I'm not totally sure about this, but you might have to use the project_id from keystone instead of the project_name when setting up acls. The same may be true of user_id. Vish On Fri, May 11, 2012 at 12:51 AM, 张家龙 zhan...@awcloud.com wrote: Hello, everyone. I encountered some problems when i set permissions (ACLs) on Openstack Swift containers. I installed swift-1.4.8(essex) and use keystone-2012.1 as authentication system on CentOS 6.2 . My swift proxy-server.conf and keystone.conf are here: http://pastebin.com/dUnHjKSj Then,I use the script named opensatck_essex_data.sh( http://pastebin.com/LWGVZrK0) to initialize keystone. After these operations,I got the token of demo:demo and newuser:newuser curl -s -H 'Content-type: application/json' \ -d '{auth: {tenantName: demo, passwordCredentials: {username: demo, password: admin}}}' \ http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool curl -s -H 'Content-type: application/json' \ -d '{auth: {tenantName: newuser, passwordCredentials: {username: newuser, password: admin}}}' \ http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool Then,enable read access to newuser:newuser curl –X PUT -i \ -H X-Auth-Token: token of demo:demo \ -H X-Container-Read: newuser:newuser \ http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc Check the permission of the container: curl -k -v -H 'X-Auth-Token:token of demo:demo' \ http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc This is the reply of the operation: HTTP/1.1 200 OK X-Container-Object-Count: 1 X-Container-Read: newuser:newuser X-Container-Bytes-Used: 2735 Accept-Ranges: bytes Content-Length: 24 Content-Type: text/plain; charset=utf-8 Date: Fri, 11 May 2012 07:30:23 GMT opensatck_essex_data.sh Now,the user newuser:newuser visit the container of demo:demo curl -k -v -H 'X-Auth-Token:token of newuser:newuser' \ http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc While,I got 403 error.Can someone help me? ** -- Best Regards ZhangJialong ** ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift Object Storage
On 09/05/12 04:02, Sid Sudhi wrote: I am trying to write a script to upload large sized files. I am encountering the following limitations - can some one shed some light if they can help me over come the issue? When files are big and they uploaded with chunks these chunks do not delete automatically. And the file composed from these chunks has no size metadata. I reported a bug about container object listing: https://bugs.launchpad.net/swift/+bug/874119 You should get the right information if you run a GET or HEAD request over the object (check the bug report for an example). Any suggestions? AFAIK the chunks need to be there. There are two different things: - objects parts (chunks) - manifest file (that tells swift how to assemble the file) Regards, Juan ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Swift Object Storage
I am trying to write a script to upload large sized files. I am encountering the following limitations - can some one shed some light if they can help me over come the issue? When files are big and they uploaded with chunks these chunks do not delete automatically. And the file composed from these chunks has no size metadata. Any suggestions? thanks Sudhi ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp