search

intel-cloud / cosbench

a benchmark tool for cloud object storage service
Other
574 stars 242 forks source link

not able to authorize with auth token #282

Open nadgowdas opened 8 years ago

nadgowdas commented 8 years ago

Hi,

I am using token authorization for swift. And I am able to authenticate with python-swiftclient, ssbench from the same host, but with cosbench, it gives me "Unauthorized" error.

Python-swiftclient:

when i am using python swift-client, i am able to access my swift cluster as:

swift --os-auth-token f2d11ffd111841f3b88d5b7b3c1a2181 --os-storage-url http://x.x.x.x:8080/v1/AUTH_2685ea9ace184a17b0dcfa1798127e93 list test_container

cosbench:

I have tried following various formats for defining storage types for swift:

what is the right format to specify the auth token in workload profile.?

ywang19 commented 8 years ago

Swift-config-sample.xml is a sample workload profile in conf/ folder, here is the snippet for section:

It supports 3 different approach for authentication:

  • Swauth (tempauth is the same as swauth)
  • Keystone
  • Direct (normally, swift authenticates with some auth server to get auth token and storage url, this approach allows to assign auth token and storage url directly. )

For the command you show for python-swiftclient, it seems you expect to directly assign auth token and storage url directly, so you’d follow

Here you don’t need create section, but assign auth token and storage url inside section directly.

-yaguang

From: nadgowdas [mailto:notifications@github.com] Sent: Saturday, October 10, 2015 5:34 PM To: intel-cloud/cosbench Subject: [cosbench] not able to authorize with auth token (#282)

Hi,

I am using token authorization for swift. And I am able to authenticate with python-swiftclient, ssbench from the same host, but with cosbench, it gives me "Unauthorized" error.

Python-swiftclient:

when i am using python swift-client, i am able to access my swift cluster as:

swift --os-auth-token f2d11ffd111841f3b88d5b7b3c1a2181 --os-storage-url http://x.x.x.x:8080/v1/AUTH_2685ea9ace184a17b0dcfa1798127e93 list test_container

cosbench:

I have tried following various formats for defining storage types for swift:

what is the right format to specify the auth token in workload profile.?

— Reply to this email directly or view it on GitHubhttps://github.com/intel-cloud/cosbench/issues/282.

nadgowdas commented 8 years ago

thanks. does it support keystone V3 api? if i need to add -V 3 as a parameter, how do i add that?

ywang19 commented 8 years ago

Haven’t tried against keystone V3 yet. if you like to add version parameter, a quick way is to put it into “config” list like config=”version=3, …”, and then in KeystoneAuth, you could check the version to go to different branch.

Thanks for your upcoming contributions. -yaguang

From: nadgowdas [mailto:notifications@github.com] Sent: Tuesday, October 13, 2015 12:01 AM To: intel-cloud/cosbench Cc: Wang, Yaguang Subject: Re: [cosbench] not able to authorize with auth token (#282)

thanks. does it support keystone V3 api? if i need to add -V 3 as a parameter, how do i add that?

— Reply to this email directly or view it on GitHubhttps://github.com/intel-cloud/cosbench/issues/282#issuecomment-147446394.

pietervanw commented 8 years ago

Hi,

I'm having similar (although not identical) authentication issues. I'm trying to benchmark a small OpenStack (Kilo) Swift cluster, which is up & running. I use Keystone for authentication. Any help is greatly appreciated!

If I configure a workload and directly feed an authentication token (by manually obtaining a token), it works:

<storage type="swift" config="token=d6c1b07b2ab04b6684c4c1dbecd84923;storage_url=http://controller:8080/v1/AUTH_a2e1dbb439a94e889c7850d964ba946b"/>

However, I want to run multiple benchmarks in the coming period and I'd like to avoid manually updating the workload XML with a new token, so I prefer to use the keystone authentication. This is configured as follows:

<storage type="swift" /> <auth type="keystone" config="username=demo;password=XXXXXXXXX;tenant_name=demo;auth_url=http://dps-cloud01.dps.local:5000/v2.0;service=demo" />

This does not work for me. When I run the driver with DEBUG log level, everything looks OK (token is acquired, worker seems to be successfully authenticated, but the storage operations on Swift fail. There is one line in the logging (more below) that does not look right to me:

2015-10-28 13:36:04,657 [DEBUG] [cd] - using auth token: f374bea3edc248b8ada2a73a29635179, storage url: null, storage policy: null

It looks like it was able to get a token, but not parse the storage URL from the Keystone response. Any idea what I'm doing wrong?

Thanks in advance for your help & advice!

Kind regards, Pieter van Wijngaarden (P.S. I tried to attach the complete workload log file, but was not permitted..)

Error logging: 2015-10-28 13:36:04,521 [DEBUG] [SwiftStorage] - using storage config: {token=AUTH_xxx, policy=null, storage_url=http://127.0.0.1:8080/auth/v1.0, logging=true, timeout=30000} 2015-10-28 13:36:04,526 [DEBUG] [SwiftStorage] - swift client has been initialized 2015-10-28 13:36:04,535 [DEBUG] [AuthAgent] - begin to login, will attempt 1 times 2015-10-28 13:36:04,537 [DEBUG] [AuthAgent] - input auth context is {username=demo, service=demo, tenant_id=, tenant_name=demo, logging=false, usertoken=, auth_url=http://dps-cloud01.dps.local:5000/v2.0, password=XXXXXXXXX, timeout=10000, caching=false} with caching=false 2015-10-28 13:36:04,657 [DEBUG] [cd] - using auth token: f374bea3edc248b8ada2a73a29635179, storage url: null, storage policy: null 2015-10-28 13:36:04,658 [DEBUG] [AuthAgent] - worker 1 has been successfully authed 2015-10-28 13:36:04,665 [INFO] [NoneStorage] - performing PUT at /dps-bench1 2015-10-28 13:36:04,667 [ERROR] [AbstractOperator] - worker 1 fail to perform operation dps-bench1 com.intel.cosbench.api.storage.StorageException: java.lang.IllegalStateException: Target host must not be null, or set in parameters.

ywang19 commented 8 years ago

The issue is the storage url is not correctly parsed from keystone response, one possible cause is you are using some region other than the default "RegionOne". The "region" parameter is not showing up in current sample workloads. the form is as following:

pietervanw commented 8 years ago

Thanks for your help! I am pretty sure that I am using the standard Swift region configuration (i.e. RegionOne). However, let me try to configure it and see what happens. If it doesn't work, I'll post the auth response that I see if I use curl.

Also, I think you missed the sample form in your reponse. (Edit 1: found the sample in your GitHub commit. I will download 0.4.2.c3 and will try it out!) (Edit 2: yes, this fixed the issue! Thanks for your help :) )

My auth config is now as follows:

<auth type="keystone" config="username=swift;password=XXXXXXXXXXXXX;tenant_name=service;auth_url=http://dps-cloud01.dps.local:5000/v2.0;service=swift;region=RegionOne" />

ywang19 commented 8 years ago

aha, you're right. another correction is the default region is "regionOne", the "r" is with lower case.

Here is the sample snippet:

<auth type="keystone"  config="username=tester;password=testing;tenant_name=test;auth_url=http://127.0.0.1:5000/v2.0;service=swift service;region=regionOne" />
osmboy commented 2 years ago

thanks. does it support keystone V3 api? if i need to add -V 3 as a parameter, how do i add that?

please refer to #330