401 Unauthorized when using s3 API for Swift Openstack
[英]401 Unauthorized when using s3 API for Swift Openstack
问题描述
运行此命令时出现以下错误:
命令:
[root@controller s3-curl]#./s3curl.pl --debug -id personal http://controller:8080/v1/AUTH_aa58420177714dc89e6f06bf96dee164/container1/s3-curl.zip
结果:
s3curl: Found the url: host=controller; port=8080; uri=/v1/AUTH_aa584 20177714dc89e6f06bf96dee164/container1/s3-curl.zip; query=;
s3curl: cname endpoint signing case
s3curl: StringToSign='HEAD\n\n\nFri, 09 Oct 2020 16:18:12 +0000\n/controller:8080/v1/AUTH_aa58420177714dc89e6f06bf96dee164/container1/s3-curl.zip'
s3curl: exec curl -H Date: Fri, 09 Oct 2020 16:18:12 +0000 -H Authorization: AWS 05fbbd16b6b2479394a2d0b921260499:G75HMR7jeuTJYQZkohVtLPFYyq8= -L -H content-typ e: -I http://controller:8080/v1/AUTH_aa58420177714dc89e6f06bf96dee16 4/container1/s3-curl.zip
HTTP/1.1 401 Unauthorized
Date: Fri, 09 Oct 2020 16:18:12 GMT
Server: Apache/2.4.37 (centos) mod_wsgi/4.6.4 Python/3.6
Www-Authenticate: Swift realm="AUTH_aa58420177714dc89e6f06bf96dee164"
WWW-Authenticate: Keystone uri="http://controller:5000/v3/"
X-Trans-Id: txc86fb2c114b845e9b4f1f-005f808d46
X-Openstack-Request-Id: txc86fb2c114b845e9b4f1f-005f808d46
Content-Type: text/html; charset=UTF-8
[root@controller s3-curl]# cat ../.s3curl
%awsSecretAccessKeys = (
# personal account
personal => {
id => '05fbbd16b6b2479394a2d0b921260499',
key => '7a129e96850a408b91eba0e4c4bad53d',
},
);
[root@controller ~]# openstack ec2 credentials list
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+
| Access | Secret | Project ID | User ID |
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+
| 0c55e069db00409cb5f6579ecb3be056 | 1f1b5bb52783449f829f338d61bc3746 | aa58420177714dc89e6f06bf96dee164 | e6bc765a255847e7aa50bb10ea961185 |
| 872926651be443e7ad28645742532972 | 539f6dd99c6e4d3ab38f691760854a05 | aa58420177714dc89e6f06bf96dee164 | e6bc765a255847e7aa50bb10ea961185 |
| 05fbbd16b6b2479394a2d0b921260499 | 7a129e96850a408b91eba0e4c4bad53d | aa58420177714dc89e6f06bf96dee164 | e6bc765a255847e7aa50bb10ea961185 |
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+
[root@controller ~]# openstack object list container1
+-------------+
| Name |
+-------------+
| s3-curl.zip |
+-------------+
[root@controller ~]# cat /etc/swift/proxy-server.conf
以下是 proxy-server.conf 的内容。 我不断触发垃圾邮件保护,所以我不得不删除大部分信息/评论。 对于知道他们在说什么的人来说应该不重要,但如果需要我可以制作一个 pastebin 或其他东西。
[pipeline:main]
#pipeline = catch_errors gatekeeper healthcheck proxy-logging cache listing_formats container_sync bulk tempurl ratelimit s3api tempauth copy container-quotas account-quotas slo dlo versioned_writes symlink proxy-logging proxy-server
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken s3api s3token keystoneauth copy container-quotas account-quotas slo dlo versioned_writes symlink proxy-logging proxy-server
[app:proxy-server]
use = egg:swift#proxy
# set log_name = proxy-server
# set log_facility = LOG_LOCAL0
# set log_level = INFO
# set log_address = /dev/log
# require_proxy_protocol = false
# log_handoffs = true
# recheck_account_existence = 60
# recheck_container_existence = 60
# recheck_updating_shard_ranges = 3600
# object_chunk_size = 65536
# client_chunk_size = 65536
# node_timeout = 10
# recoverable_node_timeout = node_timeout
# conn_timeout = 0.5
# post_quorum_timeout = 0.5
# error_suppression_interval = 60
# error_suppression_limit = 10
# allow_account_management = false
account_autocreate = true
# max_containers_per_account = 0
# max_containers_whitelist =
# deny_host_headers =
# sorting_method = shuffle
# timing_expiry = 300
# rebalance_missing_suppression_count = 1
# concurrent_gets = off
# concurrency_timeout = 0.5
# concurrent_ec_extra_requests = 0
# request_node_count = 2 * replicas
# read_affinity = r1z1=100, r1z2=200, r2=300
# read_affinity =
# write_affinity = r1, r2
# write_affinity =
# write_affinity_node_count = 2 * replicas
# write_affinity_handoff_delete_count = auto
# swift_owner_headers = x-container-read, x-container-write, x-container-sync-key, x-container-sync-to, x-account-meta-temp-url-key, x-account-meta-temp-url-key-2, x-container-meta-temp-url-key, x-container-meta-temp-url-key-2, x-account-access-control
# nice_priority =
# Work only with ionice_class.
# ionice_class =
# ionice_priority =
# [proxy-server:policy:<policy index>]
# sorting_method =
# read_affinity =
# write_affinity =
# write_affinity_node_count =
# write_affinity_handoff_delete_count =
# rebalance_missing_suppression_count = 1
# concurrent_gets = off
# concurrency_timeout = 0.5
# concurrent_ec_extra_requests = 0
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
www_authenticate_uri = http://controller:5000/v3/
auth_url = http://controller:5000/v3/
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = admin
username = admin
password = **********
delay_auth_decision = True
# cache = swift.cache
# include_service_catalog = False
[filter:keystoneauth]
use = egg:swift#keystoneauth
#reseller_prefix = AUTH
operator_roles = admin, user
# reseller_admin_role = ResellerAdmin
allow_overrides = true
# service_roles =
# default_domain_id = default
# allow_names_in_acls = true
[filter:s3api]
use = egg:swift#s3api
# auth_token
# allow_no_owner = false
location = us-east-1
# dns_compliant_bucket_names = True
# max_bucket_listing = 1000
# max_parts_listing = 1000
# max_multi_delete_objects = 1000
# multi_delete_concurrency = 2
#s3_acl = true
# storage_domain =
# auth_pipeline_check = True
# allow_multipart_uploads = True
# max_upload_part_num = 1000
# check_bucket_owner = false
# force_swift_request_proxy_log = false
# min_segment_size = 5242880
# log_name = s3api
[filter:s3token]
use = egg:swift#s3token
#reseller_prefix = AUTH_
delay_auth_decision = True
auth_uri = http://controller:5000/v3/
http_timeout = 10.0
# secret_cache_duration = 0
# insecure = False
# certfile =
# keyfile =
# log_name = s3token
# secret_cache_duration = 0
# auth_url = http://keystonehost:5000
# auth_type = password
# project_domain_id = default
# project_name = service
# user_domain_id = default
# username = swift
# password = password
我试过的:
- 通过彻底的 web 搜索找到的所有建议
-完全重建设置从开始到我现在的位置。 两次
-许多小的配置更改,调整,通常
-阅读许多在线文章
如果能帮助诊断我收到此 401 错误的原因,以及修复它的任何帮助,我将不胜感激。 谢谢!
1 个解决方案
解决方案1
0 已采纳 2020-10-12 14:02:46
显然是 apache 导致了这个问题。 我们切换到 nginx,现在可以用了。
使用OpenStack API时发生未经授权的错误,无法从Keystone获取身份验证令牌
[英]Unauthorized error when using OpenStack API, can't get authentication token from keystone
使用Lucene,Solr或elasticsearch索引Amazon S3,Rackspace云文件或OpenStack SWIFT
[英]Using Lucene, Solr or elasticsearch to index Amazon S3, Rackspace Cloud Files or OpenStack SWIFT
使用带有快速OpenStack的php云文件时的内部服务器错误
[英]Internal Server Error when using php cloud files with swift openstack
使用带有openstack的AWS S3 sdk获取所有存储桶/容器时出现异常
[英]Getting Exception on using AWS S3 sdk with openstack to get all buckets/containers
如何使用OpenStack的Swift将大型SQLite文件上传到对象存储(通过Python)
[英]How do I upload a large SQLite file to Object Storage using OpenStack's Swift (via Python)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Amazon S3 / OpenStack Swift API框架
使用OpenStack API时发生未经授权的错误,无法从Keystone获取身份验证令牌
使用Lucene,Solr或elasticsearch索引Amazon S3,Rackspace云文件或OpenStack SWIFT
使用适用于OpenStack Swift的Python API的自动化脚本
使用带有快速OpenStack的php云文件时的内部服务器错误
使用带有openstack的AWS S3 sdk获取所有存储桶/容器时出现异常
无法使用api openstack进行连接
OpenStack Swift性能指标收集API
如何运行Openstack-Swift java api?
如何使用OpenStack的Swift将大型SQLite文件上传到对象存储(通过Python)
相关标签