search

ccollicutt / swiftacular

Deploy OpenStack Swift with Ansible and Vagrant
BSD 2-Clause "Simplified" License
47 stars 13 forks source link

account get forbidden on trusty #21

Closed ccollicutt closed 10 years ago

ccollicutt commented 10 years ago

Milkfish has an issue in his Swiftacular system. Running on Linux, using trusty 14.04 as the virtual machine os.

After sourcing testrc on the package cache server:

$OS_USERNAME
Account GET failed: https://192.168.100.30/v1/AUTH_\49736c51164e469697b41d00100d97af?format=json 403 Forbidden [first 60 chars of response] <html><h1>Forbidden</h1>

There is a gist here with more info: https://gist.github.com/4thAce/f394b9203ddf16be7df1

(Original comments here: http://serverascode.com/2014/05/24/swiftacultar-ubuntu-trusty-1404.html)

ccollicutt commented 10 years ago

Milkfish, if you are still working on this, would you be able to get me the logs from each server?

4thAce commented 10 years ago

Here are the /var/log contents from each of the servers and the debug output from Swift. Thanks! https://s3.amazonaws.com/milkfish08/swiftvm/logs270614.tar

ccollicutt commented 10 years ago

It seems like there is an extra "\" in the URL, just after AUTH_. 

curl -i https://192.168.100.30/v1/AUTH_\49736c51164e469697b41d00100d97af/test_container -X PUT -H "Content-Length: 0" -H "X-Auth-Token: e419a305336045a8b37d09d620d191a8"

If I add that in I get an error.

vagrant@swift-package-cache-01:~$ curl -k -i "https://192.168.100.30/v1/AUTH_a7391689c6994f1486bd0001e540a992?format=json&marker=test_container" -X GET -H "X-Auth-Token: bb3314fd9d0446f3926a66833dc194dd"
HTTP/1.1 200 OK
Content-Length: 2
Accept-Ranges: bytes
X-Timestamp: 1403800335.89881
X-Account-Bytes-Used: 14
X-Account-Container-Count: 1
Content-Type: application/json; charset=utf-8
X-Account-Object-Count: 1
X-Trans-Id: tx60274e4cf0904b6ab2270-0053add28c
Date: Fri, 27 Jun 2014 20:22:36 GMT

vagrant@swift-package-cache-01:~$ $ curl -k -i "https://192.168.100.30/v1/AUTH_\391689c6994f1486bd0001e540a992?format=json&marker=test_container" -X GET -H "X-Auth-Token: bb3314fd9d0446f3926a66833dc194dd"
HTTP/1.1 403 Forbidden
Content-Length: 73
Content-Type: text/html; charset=UTF-8
X-Trans-Id: tx20b62b5a66e9484f8f0f6-0053add295
Date: Fri, 27 Jun 2014 20:22:45 GMT

<html><h1>Forbidden</h1><p>Access was denied to this resource.</p></html>vagrant@swift-package-cache-01:~$

I wonder where that is coming from?

Can you try again with a swift debug command, then pull the curl example it gives out and remove the extra slash and run that? (will also need -k)

akumpera commented 10 years ago

I change this: https://{{ swift_proxy_ssl_proxyserver }}/v1/AUTH\$(tenant_id)s to https://{{ swift_proxy_ssl_proxyserver }}/v1/AUTH$(tenant_id)s' in common.yml and works! :dancers:

ccollicutt commented 10 years ago

Wow, that is crazy, because it works on OSX and Ansible. I'm going to have to look into that.

4thAce commented 10 years ago

This is for swift list (the debug log showed "AUTH_\e891...") vagrant@swift-package-cache-01:~$ curl -k -i https://192.168.100.30/v1/AUTH_e891ccf4430346d2aa6d36ae016f69bb?format=json -X GET -H "X-Auth-Token: 0cce119aff4d4304a68ca1d0bf7283b3" HTTP/1.1 200 OK Content-Length: 2 Content-Type: application/json; charset=utf-8 X-Account-Object-Count: 0 X-Timestamp: 1403982039.53327 X-Account-Bytes-Used: 0 X-Account-Container-Count: 0 X-Put-Timestamp: 1403982039.53327 X-Trans-Id: tx3e1b3bf3fb9a4e92bab7a-0053af10d7 Date: Sat, 28 Jun 2014 19:00:39 GMT

I'll try editing roles/authentication/tasks/common.yml to take out the offending backslash and rebuild. Thanks!

4thAce commented 10 years ago

Yes, that works for me now too.

ccollicutt commented 10 years ago

Ok tested this on libvirt seems ok, still have to test on vagrant osx but closing this particular entry. Thanks all for trying out swiftacular. Much appreciated. :)