Container Sync and Keystone
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Low
|
Maru Newby | ||
keystone (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Keystone do not work with Swift Container Sync. Container server does sync to remote proxy server without X-Auth-Token header. So keystone middleware rejects this request.
Log message from Container Sync service
...
container-sync Unauth 'AUTH_1/cont' => 'http://
...
Proxy1 config
...
[pipeline:main]
pipeline = healthcheck cache swift3 keystone swiftauth proxy-server
...
[filter:keystone]
use = egg:keystone#
auth_protocol = http
auth_host = 192.168.10.15
auth_port = 35357
admin_token = 999888777666
delay_auth_decision = 0
service_protocol = http
service_host = 192.168.10.15
service_port = 5000
cache = swift.cache
[filter:swiftauth]
use = egg:keystone#
keystone_
keystone_
allowed_sync_hosts = 127.0.0.1, 192.168.10.16
...
Proxy2 config
...
[pipeline:main]
pipeline = healthcheck cache swift3 keystone swiftauth proxy-server
...
[filter:keystone]
use = egg:keystone#
auth_protocol = http
auth_host = 192.168.10.15
auth_port = 35357
admin_token = 999888777666
delay_auth_decision = 0
service_protocol = http
service_host = 192.168.10.15
service_port = 5000
cache = swift.cache
[filter:swiftauth]
use = egg:keystone#
keystone_
keystone_
allowed_sync_hosts = 127.0.0.1, 192.168.10.15
...
Container Server configs contains
..
allowed_sync_hosts = 127.0.0.1, 192.168.10.15, 192.168.10.16
...
affects: | swift → keystone |
Changed in keystone: | |
status: | New → Confirmed |
importance: | Undecided → Low |
tags: | added: essex-rc-potential |
Changed in keystone: | |
assignee: | Chmouel Boudjnah (chmouel) → Maru Newby (maru) |
status: | Confirmed → In Progress |
Changed in keystone: | |
milestone: | none → essex-rc2 |
tags: | removed: essex-rc-potential |
Changed in keystone: | |
milestone: | essex-rc2 → 2012.1 |
Changed in keystone (Ubuntu Precise): | |
status: | New → Fix Released |
Changed in keystone (Ubuntu): | |
status: | New → Fix Released |
I was planned to do that as part of this blueprint :
https:/ /blueprints. launchpad. net/keystone/ +spec/swift- middleware- allow-anonymous -via-acl
This is still a WIP.