Thursday, 2016-07-28

« Wednesday, 2016-07-27 Index Friday, 2016-07-29 »
*** ppai has joined #openstack-swauth04:27
peterlisakhi ppai, I try to test your s3 patches using s3curl as you in http://paste.openstack.org/show/490421/ and get "500 An error occurred" ... Can you tell me what i'm doing wrong? I found06:31
peterlisakI think s3curl doesn't send token in headers06:31
ppaiCan you point me to error msg in log or something ?06:33
peterlisakError: An error occurred: #012Traceback (most recent call last):#012  File "/home/peter/swift/swift/common/middleware/catch_errors.py", line 41, in handle_request#012    resp = self._app_call(env)#012  File "/home/peter/swift/swift/common/wsgi.py", line 1046, in _app_call#012    resp = self.app(env, self._start_response)#012  File "/home/peter/swift/swift/common/middleware/gatekeeper.py", line 102, in __call__#012    return self.app(env06:39
peterlisak, gatekeeper_response)#012  File "/home/peter/swift/swift/common/middleware/healthcheck.py", line 57, in __call__#012    return self.app(env, start_response)#012  File "/home/peter/swift/swift/common/middleware/proxy_logging.py", line 346, in __call__#012    six.reraise(exc_type, exc_value, exc_traceback)#012  File "/home/peter/swift/swift/common/middleware/proxy_logging.py", line 338, in __call__#012    iterable = self.app(env, my_star06:39
peterlisakt_response)#012  File "/home/peter/swift/swift/common/middleware/memcache.py", line 109, in __call__#012    return self.app(env, start_response)#012  File "/home/peter/swauth/swauth/middleware.py", line 241, in __call__#012    groups = self.get_groups(env, token)#012  File "/home/peter/swauth/swauth/middleware.py", line 349, in get_groups#012    msg = base64.urlsafe_b64decode(unquote(token))#012  File "/usr/lib/python2.7/urllib.py", lin06:39
peterlisake 1229, in unquote#012    bits = s.split('%')#012AttributeError: 'NoneType' object has no attribute 'split' (txn: txa1e45cf25ae94c98a01fb-005799a892)06:39
peterlisakI don't have a token but don't know why ... to be honest I don't know how s3 works :)06:41
peterlisakppai, ^06:41
ppaido u have it properly set in the proxy pipeline ?06:42
peterlisakhm, I don't ... just swift3 in pipeline or something else?06:47
ppaiyou need both swift3 and swauth in pipeline06:49
ppaihere's example of tempauth: https://github.com/openstack/swift3 just replace it with swauth06:50
peterlisakok, thx06:55
*** ppai has quit IRC07:06
peterlisakppai, now getting 403 SignatureDoesNotMatch07:10
*** ppai has joined #openstack-swauth07:30
peterlisakppai, now I'm getting 403 SignatureDoesNotMatch, see: http://paste.openstack.org/show/543111/07:57
ppaipeterlisak, with the patch or without the patch ?08:37
ppaiI also notice that the id has account "test" and you have used "test2" suring user creation08:38
peterlisakppai, without patch, actually I created an account "test" (I copied wrong line into pastebin) ...08:44
*** ppai has quit IRC08:44
peterlisakppai, see line 4-6 in http://paste.openstack.org/show/543111/  ... I have a user test:tester08:46
*** ppai has joined #openstack-swauth08:58
ppaipeterlisak, around ?09:06
peterlisakppai, yes09:08
ppaipeterlisak, any luck with it ? Are you trying it with my patch or without ?09:08
peterlisakppai, without09:09
ppaipeterlisak, it could be the problem with random salt09:11
ppaibut that should work as you directly give hash from object file09:11
peterlisakI use a salt from config ... for now I found that computed signature by s3curl != computed signature by swauth ...09:13
ppaiwhich is weird, they should be the same09:14
peterlisakIt seems signed message is not the same ... s3curl: StringToSign='PUT\n\n\nThu, 28 Jul 2016 09:15:32 +0000\n/localhost/bucket1' and I logged msg from swath: PUT#012#012#012Thu, 28 Jul 2016 09:15:32 +0000#012/bucket109:18
peterlisakin swauth there is no "localhost"09:18
peterlisak*messages are not the same09:19
peterlisakI use this s3curl: https://github.com/glance-/s3curl/blob/master/s3curl.pl09:28
ppaipeterlisak, I use this one https://aws.amazon.com/code/288034384515191709:34
peterlisaklooks like same code ... still getting SignatureDoesNotMatch09:42
*** ppai has quit IRC09:43
peterlisakppai, do u have same issue? I use master version of swift3, ... for some reason it creates a token from path without "localhost"09:45
*** ppai has joined #openstack-swauth09:55
ppaipeterlisak, still around ?12:17
peterlisakhi ppai, yeah12:17
ppaipeterlisak, I tried it out on latest master. Seems like s3 support was disabled. http://paste.openstack.org/show/543254/ So you need to import both my patches12:17
ppaipeterlisak, I see the error you hit into now. Something has changed recently. Let me dig further and get back to you. Thanks12:25
peterlisakstill SignatureDoesNotMatch ...  imho swift3 gives me wrong token12:26
peterlisakok, thx12:26
ppaipeterlisak, still around ?12:48
peterlisaky12:49
ppaipeterlisak, I found what the problem was.12:49
ppaihttps://github.com/glance-/s3curl/blob/master/s3curl.pl#L30-L35 By default s3 curls uses amazon as host, you need to change it to localhost12:50
ppaimy @endpoints = ( 'localhost');12:50
ppaiso with both my patches and conf changes, it works: http://paste.openstack.org/show/543259/12:52
ppaithe string to sign will match: s3curl: StringToSign='PUT\n\n\nThu, 28 Jul 2016 12:47:24 +0000\n/bucket2'12:55
ppaipeterlisak, let me know if it works for you13:14
*** ppai has quit IRC13:21
peterlisakppai, cool, also works with master version of swauth, thanks!13:28
*** ppai has joined #openstack-swauth13:35
*** ppai has quit IRC14:10
*** openstackgerrit has quit IRC15:18
*** openstackgerrit has joined #openstack-swauth15:19
*** nadeem has joined #openstack-swauth16:16
*** nadeem has quit IRC16:25
*** nadeem has joined #openstack-swauth16:26
openstackgerritPrashanth Pai proposed openstack/swauth: s3: Make s3 support configurable  https://review.openstack.org/32633617:40
*** ppai has joined #openstack-swauth17:40
*** ppai has quit IRC17:42
*** nadeem has quit IRC22:41
« Wednesday, 2016-07-27 Index Friday, 2016-07-29 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!