Authentication 集成Swift和Keystone_Authentication_Token_Openstack_Openstack Swift_Keystone

Authentication 集成Swift和Keystone

authentication openstack

Authentication 集成Swift和Keystone,authentication,token,openstack,openstack-swift,keystone,Authentication,Token,Openstack,Openstack Swift,Keystone,我在多节点环境中安装了swift proxy和keystone 当我尝试对令牌进行卷曲时，keystone成功返回令牌 curl -d '{"auth":{"passwordCredentials":{"username": "swift", "password": "swift"}}}' -H "Content-type: application/json" http://host_ip:35357/v2.0/tokens 成功返回 {"access": {"token": {"expire

我在多节点环境中安装了swift proxy和keystone

当我尝试对令牌进行卷曲时，keystone成功返回令牌

curl -d '{"auth":{"passwordCredentials":{"username": "swift", "password": "swift"}}}' -H "Content-type: application/json" http://host_ip:35357/v2.0/tokens

成功返回

{"access": {"token": {"expires": "2012-09-16T20:50:45Z", "id": "43ffcfed72a441e69c12c53b82cd4017"}, "serviceCatalog": {}, "user": {"username": "swift", "roles_links": [], "id": "090faedcf3e641ec9ad39babbc68bc8f", "roles": [], "name": "swift"}}}

当我尝试运行一些swift命令时，该命令只是挂起而不返回

swift -V 2 -A http://host_ip:5000/v2.0 -U service:swift -K swift stat

我在keystone日志中看到以下日志

2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] ******************** REQUEST ENVIRON ********************
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] SCRIPT_NAME = /v2.0
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] webob.adhoc_attrs = {'response': <Response at 0x20a66d0 200 OK>}
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] REQUEST_METHOD = POST
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] PATH_INFO = /tokens
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] SERVER_PROTOCOL = HTTP/1.0
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] CONTENT_LENGTH = 102
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] eventlet.posthooks = []
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] RAW_PATH_INFO = /v2.0/tokens
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] REMOTE_ADDR = swift_proxy_ip
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] eventlet.input = <eventlet.wsgi.Input object at 0x207ee10>
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] wsgi.url_scheme = http
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] SERVER_PORT = 5000
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] wsgi.input = <cStringIO.StringI object at 0x22349f0>
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] openstack.context = {'token_id': None, 'is_admin': False}
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] HTTP_HOST = keystone_host_ip:5000
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] wsgi.multithread = True
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] openstack.params = {u'auth': {u'tenantName': u'service', u'passwordCredentials': {u'username': u'swift', u'password': u'swift'}}}
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] wsgi.version = (1, 0)
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] SERVER_NAME = swift_proxy_ip
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] GATEWAY_INTERFACE = CGI/1.1
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] wsgi.run_once = False
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] wsgi.errors = <open file '<stderr>', mode 'w' at 0x7f2a86a3e1e0>
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] wsgi.multiprocess = False
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] webob.is_body_seekable = True
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] CONTENT_TYPE = application/json
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] HTTP_ACCEPT_ENCODING = identity
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] 
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] ******************** REQUEST BODY ********************
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] {"auth": {"tenantName": "service", "passwordCredentials": {"username": "swift", "password": "swift"}}}
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] 
2012-09-15 23:54:09    DEBUG [routes.middleware] Matched POST /tokens
2012-09-15 23:54:09    DEBUG [routes.middleware] Route path: '{path_info:.*}', defaults: {'controller': <keystone.service.PublicRouter object at 0x1d29a10>}
2012-09-15 23:54:09    DEBUG [routes.middleware] Match dict: {'controller': <keystone.service.PublicRouter object at 0x1d29a10>, 'path_info': '/tokens'}
2012-09-15 23:54:09    DEBUG [routes.middleware] Matched POST /tokens
2012-09-15 23:54:09    DEBUG [routes.middleware] Route path: '/tokens', defaults: {'action': u'authenticate', 'controller': <keystone.service.TokenController object at 0x1d29b50>}
2012-09-15 23:54:09    DEBUG [routes.middleware] Match dict: {'action': u'authenticate', 'controller': <keystone.service.TokenController object at 0x1d29b50>}
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] arg_dict: {}
2012-09-15 23:54:09    DEBUG [root] TOKEN_REF {'id': 'e7846e13518f46f192d89216f4c1a79f', 'expires': datetime.datetime(2012, 9, 16, 20, 54, 9, 786881), 'user': {u'tenantId': u'dfb8e05385a6481892f259c7ea72df02', u'enabled': True, u'email': u'test@email.com', 'name': u'swift', 'id': u'090faedcf3e641ec9ad39babbc68bc8f'}, 'tenant': {u'description': None, u'enabled': True, 'id': u'dfb8e05385a6481892f259c7ea72df02', 'name': u'service'}, 'metadata': {u'roles': [u'b54e958ad08f4585885a325fcaa773e5', u'4f3ae4562e424dcfa9542b1794637f4a']}}
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] ******************** RESPONSE HEADERS ********************
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] Content-Type = application/json
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] Vary = X-Auth-Token
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] Content-Length = 789
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] 
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] ******************** RESPONSE BODY ********************
2012-09-15 23:54:09    DEBUG [keystone.common.wsgi] {"access": {"token": {"expires": "2012-09-16T20:54:09Z", "id": "e7846e13518f46f192d89216f4c1a79f", "tenant": {"description": null, "enabled": true, "id": "dfb8e05385a6481892f259c7ea72df02", "name": "service"}}, "serviceCatalog": [{"endpoints": [{"adminURL": "http://swift_proxy_ip:8080", "region": "RegionOne", "internalURL": "http://swift_proxy_ip:8080/v1/AUTH_dfb8e05385a6481892f259c7ea72df02", "publicURL": "http://swift_proxy_ip:8080/v1/AUTH_dfb8e05385a6481892f259c7ea72df02"}], "endpoints_links": [], "type": "object-store", "name": "swift"}], "user": {"username": "swift", "roles_links": [], "id": "090faedcf3e641ec9ad39babbc68bc8f", "roles": [{"id": "b54e958ad08f4585885a325fcaa773e5", "name": "Member"}, {"id": "4f3ae4562e424dcfa9542b1794637f4a", "name": "admin"}], "name": "swift"}}}
2012-09-15 23:54:09    DEBUG [eventlet.wsgi.server] host_ip - - [15/Sep/2012 23:54:09] "POST /v2.0/tokens HTTP/1.1" 200 918 0.059865

根据您的请求，我猜您正在尝试连接到租户名称服务。但是，从响应上带有curl的令牌中，必须有关于租户信息和端点的信息。必须使用以下命令为服务租户添加端点

keystone --token {admin_token} --endpoint http://keystone_host:35357/v2.0 endpoint-create --region RegionOne --service_id={id of storage service}  --publicurl=http://proxy_host:8080/v1/AUTH_{tenant-id} --internalurl=http://proxy_host:8080/v1/AUTH_{tenant-id} --adminurl=http://proxy_host:8080

在此之前，您必须在keystone for swift上定义一个服务。您可以查看文档以了解更多信息，与以前的版本相比，他们对该服务有了很大的改进

keystone --token {admin_token} --endpoint http://keystone_host:35357/v2.0 endpoint-create --region RegionOne --service_id={id of storage service}  --publicurl=http://proxy_host:8080/v1/AUTH_{tenant-id} --internalurl=http://proxy_host:8080/v1/AUTH_{tenant-id} --adminurl=http://proxy_host:8080