集成Swift和Keystone

时间:2012-09-15 20:58:59

标签: authentication token openstack openstack-swift keystone

我在多节点环境中安装了swift-proxy和keystone。

当我尝试卷曲令牌时,keystone会成功返回令牌

curl -d '{"auth":{"passwordCredentials":{"username": "swift", "password": "swift"}}}' -H "Content-type: application/json" http://host_ip:35357/v2.0/tokens

使用

成功返回
{"access": {"token": {"expires": "2012-09-16T20:50:45Z", "id": "43ffcfed72a441e69c12c53b82cd4017"}, "serviceCatalog": {}, "user": {"username": "swift", "roles_links": [], "id": "090faedcf3e641ec9ad39babbc68bc8f", "roles": [], "name": "swift"}}}

当我尝试运行一些swift命令时,该命令只会挂起而不会返回。

swift -V 2 -A http://host_ip:5000/v2.0 -U service:swift -K swift stat

我在keystone日志中看到以下日志

2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] ******************** REQUEST ENVIRON ********************
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] SCRIPT_NAME = /v2.0
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] webob.adhoc_attrs = {'response': <Response at 0x20a66d0 200 OK>}
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] REQUEST_METHOD = POST
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] PATH_INFO = /tokens
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] SERVER_PROTOCOL = HTTP/1.0
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] CONTENT_LENGTH = 102
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] eventlet.posthooks = []
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] RAW_PATH_INFO = /v2.0/tokens
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] REMOTE_ADDR = swift_proxy_ip
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] eventlet.input = <eventlet.wsgi.Input object at 0x207ee10>
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] wsgi.url_scheme = http
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] SERVER_PORT = 5000
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] wsgi.input = <cStringIO.StringI object at 0x22349f0>
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] openstack.context = {'token_id': None, 'is_admin': False}
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] HTTP_HOST = keystone_host_ip:5000
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] wsgi.multithread = True
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] openstack.params = {u'auth': {u'tenantName': u'service', u'passwordCredentials': {u'username': u'swift', u'password': u'swift'}}}
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] wsgi.version = (1, 0)
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] SERVER_NAME = swift_proxy_ip
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] GATEWAY_INTERFACE = CGI/1.1
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] wsgi.run_once = False
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] wsgi.errors = <open file '<stderr>', mode 'w' at 0x7f2a86a3e1e0>
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] wsgi.multiprocess = False
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] webob.is_body_seekable = True
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] CONTENT_TYPE = application/json
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] HTTP_ACCEPT_ENCODING = identity
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] 
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] ******************** REQUEST BODY ********************
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] {"auth": {"tenantName": "service", "passwordCredentials": {"username": "swift", "password": "swift"}}}
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] 
2012-09-15 23:54:09    DEBUG [routes.middleware] Matched POST /tokens
2012-09-15 23:54:09    DEBUG [routes.middleware] Route path: '{path_info:.*}', defaults: {'controller': <keystone.service.PublicRouter object at 0x1d29a10>}
2012-09-15 23:54:09    DEBUG [routes.middleware] Match dict: {'controller': <keystone.service.PublicRouter object at 0x1d29a10>, 'path_info': '/tokens'}
2012-09-15 23:54:09    DEBUG [routes.middleware] Matched POST /tokens
2012-09-15 23:54:09    DEBUG [routes.middleware] Route path: '/tokens', defaults: {'action': u'authenticate', 'controller': <keystone.service.TokenController object at 0x1d29b50>}
2012-09-15 23:54:09    DEBUG [routes.middleware] Match dict: {'action': u'authenticate', 'controller': <keystone.service.TokenController object at 0x1d29b50>}
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] arg_dict: {}
2012-09-15 23:54:09    DEBUG [root] TOKEN_REF {'id': 'e7846e13518f46f192d89216f4c1a79f', 'expires': datetime.datetime(2012, 9, 16, 20, 54, 9, 786881), 'user': {u'tenantId': u'dfb8e05385a6481892f259c7ea72df02', u'enabled': True, u'email': u'test@email.com', 'name': u'swift', 'id': u'090faedcf3e641ec9ad39babbc68bc8f'}, 'tenant': {u'description': None, u'enabled': True, 'id': u'dfb8e05385a6481892f259c7ea72df02', 'name': u'service'}, 'metadata': {u'roles': [u'b54e958ad08f4585885a325fcaa773e5', u'4f3ae4562e424dcfa9542b1794637f4a']}}
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] ******************** RESPONSE HEADERS ********************
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] Content-Type = application/json
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] Vary = X-Auth-Token
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] Content-Length = 789
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] 
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] ******************** RESPONSE BODY ********************
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] {"access": {"token": {"expires": "2012-09-16T20:54:09Z", "id": "e7846e13518f46f192d89216f4c1a79f", "tenant": {"description": null, "enabled": true, "id": "dfb8e05385a6481892f259c7ea72df02", "name": "service"}}, "serviceCatalog": [{"endpoints": [{"adminURL": "http://swift_proxy_ip:8080", "region": "RegionOne", "internalURL": "http://swift_proxy_ip:8080/v1/AUTH_dfb8e05385a6481892f259c7ea72df02", "publicURL": "http://swift_proxy_ip:8080/v1/AUTH_dfb8e05385a6481892f259c7ea72df02"}], "endpoints_links": [], "type": "object-store", "name": "swift"}], "user": {"username": "swift", "roles_links": [], "id": "090faedcf3e641ec9ad39babbc68bc8f", "roles": [{"id": "b54e958ad08f4585885a325fcaa773e5", "name": "Member"}, {"id": "4f3ae4562e424dcfa9542b1794637f4a", "name": "admin"}], "name": "swift"}}}
2012-09-15 23:54:09    DEBUG [eventlet.wsgi.server] host_ip - - [15/Sep/2012 23:54:09] "POST /v2.0/tokens HTTP/1.1" 200 918 0.059865

命令中是否有我遗漏的东西?我也注意到以下命令的类似行为 - 当我尝试将文件上传到容器并列出它们时

swift -V 2 -A http://keystone_host_ip:5000/v2.0 -U service:swift -K swift upload myfiles test.txt

swift -V 2 -A http://keystone_host_ip:5000/v2.0 -U service:swift -K swift list myfiles

1 个答案:

答案 0 :(得分:2)

根据您的请求,我猜您正在尝试连接租户名称服务。但是,对于响应卷曲的令牌,必须有关于租户信息和端点的信息。您必须使用以下命令为服务租户添加端点。

keystone --token {admin_token} --endpoint http://keystone_host:35357/v2.0 endpoint-create --region RegionOne --service_id={id of storage service}  --publicurl=http://proxy_host:8080/v1/AUTH_{tenant-id} --internalurl=http://proxy_host:8080/v1/AUTH_{tenant-id} --adminurl=http://proxy_host:8080

在此之前,您必须在swift的keystone上定义一个服务。您可以查看文档以获取与先前版本相比已经对其进行了大量改进的更多信息。

http://docs.openstack.org/essex/openstack-compute/install/apt/content/