Re: [Openstack] Swift Object Storage authentication
Hi CHABANI , Would you please show me the proxy-server.conf ? You can paste on http://paste.openstack.org/ or gist. Cheers +Hugo Kuo+ h...@swiftstack.com tonyt...@gmail.com +886 935004793 2013/6/19 CHABANI Mohamed El Hadi chabani.mohamed.h...@gmail.com Hi all, I'm trying to install Swift Object Storage according http://docs.openstack.org/grizzly/openstack-compute/install/apt/content/ch_installing-openstack-object-storage.html when i try to validate my installation with : *swift -V 2.0 -A http://127.0.0.1:5000/v2.0 -U swift:swift -K swift stat* i get : *Unauthorised. Check username, password and tenant name/id* i tried to use differents possibilities for user name and password (admin, demo...) but nothing is working, the username and password should be the same as in the proxy server no ? i don't know if i missed others things i'm new in Swift. i attached here my proxy-server.conf for more details. Thanks for your help. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift Object Storage authentication
Hi Hugo, Here is my proxy-sever.conf http://paste.openstack.org/show/38944/ (i've already attached a pic in the first mail :) ) Thanks 2013/6/19 Kuo Hugo tonyt...@gmail.com Hi CHABANI , Would you please show me the proxy-server.conf ? You can paste on http://paste.openstack.org/ or gist. Cheers +Hugo Kuo+ h...@swiftstack.com tonyt...@gmail.com +886 935004793 2013/6/19 CHABANI Mohamed El Hadi chabani.mohamed.h...@gmail.com Hi all, I'm trying to install Swift Object Storage according http://docs.openstack.org/grizzly/openstack-compute/install/apt/content/ch_installing-openstack-object-storage.html when i try to validate my installation with : *swift -V 2.0 -A http://127.0.0.1:5000/v2.0 -U swift:swift -K swift stat* i get : *Unauthorised. Check username, password and tenant name/id* i tried to use differents possibilities for user name and password (admin, demo...) but nothing is working, the username and password should be the same as in the proxy server no ? i don't know if i missed others things i'm new in Swift. i attached here my proxy-server.conf for more details. Thanks for your help. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift Object Storage authentication
During the installation of Swift, i didn't touch any Keystone configuration, so do you think that i should install Keystone separately according to : http://docs.openstack.org/grizzly/openstack-compute/install/apt/content/install-keystone.html? and configure Swift to work with it ? 2013/6/19 Kuo Hugo tonyt...@gmail.com Hi CHABANI, Currently the problem is on Keystone instead of Swift. (Sorry for missing your proxy conf) Depends on the returned msg, it's unauthorized by keystone. Please make sure there's correct username/password/role/tenant setup. I'd suggestion that you can use keystone API to retrieve the authentication information before test with swift client. Cheers Hugo +Hugo Kuo+ h...@swiftstack.com tonyt...@gmail.com +886 935004793 2013/6/19 CHABANI Mohamed El Hadi chabani.mohamed.h...@gmail.com Hi Hugo, Here is my proxy-sever.conf http://paste.openstack.org/show/38944/ (i've already attached a pic in the first mail :) ) Thanks 2013/6/19 Kuo Hugo tonyt...@gmail.com Hi CHABANI , Would you please show me the proxy-server.conf ? You can paste on http://paste.openstack.org/ or gist. Cheers +Hugo Kuo+ h...@swiftstack.com tonyt...@gmail.com +886 935004793 2013/6/19 CHABANI Mohamed El Hadi chabani.mohamed.h...@gmail.com Hi all, I'm trying to install Swift Object Storage according http://docs.openstack.org/grizzly/openstack-compute/install/apt/content/ch_installing-openstack-object-storage.html when i try to validate my installation with : *swift -V 2.0 -A http://127.0.0.1:5000/v2.0 -U swift:swift -K swift stat* i get : *Unauthorised. Check username, password and tenant name/id* i tried to use differents possibilities for user name and password (admin, demo...) but nothing is working, the username and password should be the same as in the proxy server no ? i don't know if i missed others things i'm new in Swift. i attached here my proxy-server.conf for more details. Thanks for your help. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift Object Storage ACLs with KeyStone
Hi,
In swift+keystone you are not allowed to have ACL between different
account/tenant/project, you can only allow ACL between different
users in a tenant.
This is probably something not too difficult to implement but it may
needs some tinkering to get it right. Please feel free to log a bug in
keystone and we'll try to address that.
Chmouel.
On Sat, May 12, 2012 at 4:02 AM, 张家龙 zhan...@awcloud.com wrote:
Vish ,
Thank you for answering.
While ,sorry,I don`t understand your said.
Do you mean I have to do like follows when I setting up acls:
curl -X PUT -i \
-H X-Auth-Token: token of demo:demo \
-H X-Container-Read: tenant_id:user_id \
http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
Or,other operations and settings?
--
Best Regards
ZhangJialong
-- Original --
From: Vishvananda Ishayavishvana...@gmail.com;
Date: Sat, May 12, 2012 03:03 AM
To: 张家龙zhan...@awcloud.com;
Cc: openstackopenstack@lists.launchpad.net;
Subject: Re: [Openstack] Swift Object Storage ACLs with KeyStone
I'm not totally sure about this, but you might have to use the project_id
from keystone instead of the project_name when setting up acls. The same
may be true of user_id.
Vish
On Fri, May 11, 2012 at 12:51 AM, 张家龙 zhan...@awcloud.com wrote:
Hello, everyone.
I encountered some problems when i set permissions (ACLs) on Openstack
Swift containers.
I installed swift-1.4.8(essex) and use keystone-2012.1 as
authentication system on CentOS 6.2 .
My swift proxy-server.conf and keystone.conf are here:
http://pastebin.com/dUnHjKSj
Then,I use the script named opensatck_essex_data.sh(
http://pastebin.com/LWGVZrK0 ) to
initialize keystone.
After these operations,I got the token of demo:demo and
newuser:newuser
curl -s -H 'Content-type: application/json' \
-d '{auth: {tenantName: demo, passwordCredentials:
{username: demo, password: admin}}}' \
http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool
curl -s -H 'Content-type: application/json' \
-d '{auth: {tenantName: newuser, passwordCredentials:
{username: newuser, password: admin}}}' \
http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool
Then,enable read access to newuser:newuser
curl -X PUT -i \
-H X-Auth-Token: token of demo:demo \
-H X-Container-Read: newuser:newuser \
http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
Check the permission of the container:
curl -k -v -H 'X-Auth-Token:token of demo:demo' \
http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
This is the reply of the operation:
HTTP/1.1 200 OK
X-Container-Object-Count: 1
X-Container-Read: newuser:newuser
X-Container-Bytes-Used: 2735
Accept-Ranges: bytes
Content-Length: 24
Content-Type: text/plain; charset=utf-8
Date: Fri, 11 May 2012 07:30:23 GMT
opensatck_essex_data.sh
Now,the user newuser:newuser visit the container of demo:demo
curl -k -v -H 'X-Auth-Token:token of newuser:newuser' \
http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
While,I got 403 error.Can someone help me?
--
Best Regards
ZhangJialong
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift Object Storage ACLs with KeyStone
There is a nice write-up of Keystone RBAC here:
https://blueprints.launchpad.net/keystone/+spec/rbac-keystone
AFAIK, Keystone will provide CRUD API around policy.json, but policy
enforcement is done at the service level… Joe or Dolph may be able to provide
more insights…
Liem
From: Chmouel Boudjnah [mailto:chmo...@chmouel.com]
Sent: Tuesday, May 15, 2012 9:41 AM
To: Nguyen, Liem Manh
Cc: 张家龙; openstack
Subject: Re: [Openstack] Swift Object Storage ACLs with KeyStone
This has been filled already zhangjialong :
https://bugs.launchpad.net/keystone/+bug/999615
I am not very familiar with how Keystone RBAC u work, AFAIK the current way to
do that with policy.json is going to go away in the future, right?
Chmouel.
On Tue, May 15, 2012 at 6:37 PM, Nguyen, Liem Manh
liem_m_ngu...@hp.commailto:liem_m_ngu...@hp.com wrote:
Yeah, that is because the swift/keystone middleware checks for the tenantId to
match the accountId in the URL path... Perhaps, we should rely strictly on
Swift ACL for granting access to a given Swift container, and rely on Keystone
RBAC for what you can do with a given Swift account.
BTW, we also ran into this issue before... Has a bug/feature request been
filed for this yet? If not, I can file one.
Thanks,
Liem
-Original Message-
From:
openstack-bounces+liem_m_nguyen=hp@lists.launchpad.netmailto:hp@lists.launchpad.net
[mailto:openstack-bounces+liem_m_nguyenmailto:openstack-bounces%2Bliem_m_nguyen=hp@lists.launchpad.netmailto:hp@lists.launchpad.net]
On Behalf Of Chmouel Boudjnah
Sent: Tuesday, May 15, 2012 2:55 AM
To: 张家龙
Cc: openstack
Subject: Re: [Openstack] Swift Object Storage ACLs with KeyStone
Hi,
In swift+keystone you are not allowed to have ACL between different
account/tenant/project, you can only allow ACL between different
users in a tenant.
This is probably something not too difficult to implement but it may
needs some tinkering to get it right. Please feel free to log a bug in
keystone and we'll try to address that.
Chmouel.
On Sat, May 12, 2012 at 4:02 AM, 张家龙
zhan...@awcloud.commailto:zhan...@awcloud.com wrote:
Vish ,
Thank you for answering.
While ,sorry,I don`t understand your said.
Do you mean I have to do like follows when I setting up acls:
curl -X PUT -i \
-H X-Auth-Token: token of demo:demo \
-H X-Container-Read: tenant_id:user_id \
http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
Or,other operations and settings?
--
Best Regards
ZhangJialong
-- Original --
From: Vishvananda
Ishayavishvana...@gmail.commailto:vishvana...@gmail.com;
Date: Sat, May 12, 2012 03:03 AM
To: 张家龙zhan...@awcloud.commailto:zhan...@awcloud.com;
Cc:
openstackopenstack@lists.launchpad.netmailto:openstack@lists.launchpad.net;
Subject: Re: [Openstack] Swift Object Storage ACLs with KeyStone
I'm not totally sure about this, but you might have to use the project_id
from keystone instead of the project_name when setting up acls. The same
may be true of user_id.
Vish
On Fri, May 11, 2012 at 12:51 AM, 张家龙
zhan...@awcloud.commailto:zhan...@awcloud.com wrote:
Hello, everyone.
I encountered some problems when i set permissions (ACLs) on Openstack
Swift containers.
I installed swift-1.4.8(essex) and use keystone-2012.1 as
authentication system on CentOS 6.2 .
My swift proxy-server.conf and keystone.conf are here:
http://pastebin.com/dUnHjKSj
Then,I use the script named opensatck_essex_data.sh(
http://pastebin.com/LWGVZrK0 ) to
initialize keystone.
After these operations,I got the token of demo:demo and
newuser:newuser
curl -s -H 'Content-type: application/json' \
-d '{auth: {tenantName: demo, passwordCredentials:
{username: demo, password: admin}}}' \
http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool
curl -s -H 'Content-type: application/json' \
-d '{auth: {tenantName: newuser, passwordCredentials:
{username: newuser, password: admin}}}' \
http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool
Then,enable read access to newuser:newuser
curl -X PUT -i \
-H X-Auth-Token: token of demo:demo \
-H X-Container-Read: newuser:newuser \
http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
Check the permission of the container:
curl -k -v -H 'X-Auth-Token:token of demo:demo' \
http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
This is the reply of the operation:
HTTP/1.1 200 OK
X-Container-Object-Count: 1
X-Container-Read: newuser:newuser
X-Container-Bytes-Used: 2735
Accept-Ranges: bytes
Content-Length: 24
Content-Type: text/plain; charset=utf-8
Date: Fri, 11 May 2012 07:30:23 GMT
opensatck_essex_data.sh
Now,the user newuser:newuser visit the container of demo:demo
curl -k -v -H 'X-Auth-Token:token
[Openstack] Swift Object Storage ACLs with KeyStone
Hello, everyone.
I encountered some problems when i set permissions (ACLs) on Openstack
Swift containers.
I installed swift-1.4.8(essex) and use keystone-2012.1 as authentication
system on CentOS 6.2 .
My swift proxy-server.conf and keystone.conf are here:
http://pastebin.com/dUnHjKSj
Then,I use the script named
opensatck_essex_data.sh(http://pastebin.com/LWGVZrK0) to
initialize keystone.
After these operations,I got the token of demo:demo and newuser:newuser
curl -s -H 'Content-type: application/json' \
-d '{auth: {tenantName: demo, passwordCredentials: {username:
demo, password: admin}}}' \
http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool
curl -s -H 'Content-type: application/json' \
-d '{auth: {tenantName: newuser, passwordCredentials: {username:
newuser, password: admin}}}' \
http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool
Then,enable read access to newuser:newuser
curl ?CX PUT -i \
-H X-Auth-Token: token of demo:demo \
-H X-Container-Read: newuser:newuser \
http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
Check the permission of the container:
curl -k -v -H 'X-Auth-Token:token of demo:demo' \
http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
This is the reply of the operation:
HTTP/1.1 200 OK
X-Container-Object-Count: 1
X-Container-Read: newuser:newuser
X-Container-Bytes-Used: 2735
Accept-Ranges: bytes
Content-Length: 24
Content-Type: text/plain; charset=utf-8
Date: Fri, 11 May 2012 07:30:23 GMT
opensatck_essex_data.sh
Now,the user newuser:newuser visit the container of demo:demo
curl -k -v -H 'X-Auth-Token:token of newuser:newuser' \
http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
While,I got 403 error.Can someone help me?
--
Best Regards
ZhangJialong___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift Object Storage ACLs with KeyStone
I'm not totally sure about this, but you might have to use the project_id
from keystone instead of the project_name when setting up acls. The same
may be true of user_id.
Vish
On Fri, May 11, 2012 at 12:51 AM, 张家龙 zhan...@awcloud.com wrote:
Hello, everyone.
I encountered some problems when i set permissions (ACLs) on Openstack
Swift containers.
I installed swift-1.4.8(essex) and use keystone-2012.1 as
authentication system on CentOS 6.2 .
My swift proxy-server.conf and keystone.conf are here:
http://pastebin.com/dUnHjKSj
Then,I use the script named opensatck_essex_data.sh(
http://pastebin.com/LWGVZrK0) to
initialize keystone.
After these operations,I got the token of demo:demo and newuser:newuser
curl -s -H 'Content-type: application/json' \
-d '{auth: {tenantName: demo, passwordCredentials:
{username: demo, password: admin}}}' \
http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool
curl -s -H 'Content-type: application/json' \
-d '{auth: {tenantName: newuser, passwordCredentials:
{username: newuser, password: admin}}}' \
http://127.0.0.1:5000/v2.0/tokens | python -mjson.tool
Then,enable read access to newuser:newuser
curl –X PUT -i \
-H X-Auth-Token: token of demo:demo \
-H X-Container-Read: newuser:newuser \
http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
Check the permission of the container:
curl -k -v -H 'X-Auth-Token:token of demo:demo' \
http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
This is the reply of the operation:
HTTP/1.1 200 OK
X-Container-Object-Count: 1
X-Container-Read: newuser:newuser
X-Container-Bytes-Used: 2735
Accept-Ranges: bytes
Content-Length: 24
Content-Type: text/plain; charset=utf-8
Date: Fri, 11 May 2012 07:30:23 GMT
opensatck_essex_data.sh
Now,the user newuser:newuser visit the container of demo:demo
curl -k -v -H 'X-Auth-Token:token of newuser:newuser' \
http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc
While,I got 403 error.Can someone help me?
**
--
Best Regards
ZhangJialong
**
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Swift Object Storage
On 09/05/12 04:02, Sid Sudhi wrote: I am trying to write a script to upload large sized files. I am encountering the following limitations - can some one shed some light if they can help me over come the issue? When files are big and they uploaded with chunks these chunks do not delete automatically. And the file composed from these chunks has no size metadata. I reported a bug about container object listing: https://bugs.launchpad.net/swift/+bug/874119 You should get the right information if you run a GET or HEAD request over the object (check the bug report for an example). Any suggestions? AFAIK the chunks need to be there. There are two different things: - objects parts (chunks) - manifest file (that tells swift how to assemble the file) Regards, Juan ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] Swift Object Storage
I am trying to write a script to upload large sized files. I am encountering the following limitations - can some one shed some light if they can help me over come the issue? When files are big and they uploaded with chunks these chunks do not delete automatically. And the file composed from these chunks has no size metadata. Any suggestions? thanks Sudhi ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
