not able to authorize with auth token

[nadgowdas]

Hi,

I am using token authorization for swift. And I am able to authenticate with python-swiftclient, ssbench from the same host, but with cosbench, it gives me "Unauthorized" error.

Python-swiftclient:

when i am using python swift-client, i am able to access my swift cluster as:

swift --os-auth-token f2d11ffd111841f3b88d5b7b3c1a2181 --os-storage-url http://x.x.x.x:8080/v1/AUTH_2685ea9ace184a17b0dcfa1798127e93 list test_container

cosbench:

I have tried following various formats for defining storage types for swift:

what is the right format to specify the auth token in workload profile.?

[ywang19]

Swift-config-sample.xml is a sample workload profile in conf/ folder, here is the snippet for section:

It supports 3 different approach for authentication:

•  Swauth (tempauth is the same as swauth)
  

•  Keystone
  

•  Direct (normally, swift authenticates with some auth server to get auth token and storage url, this approach allows to assign auth token and storage url directly. )
  

For the command you show for python-swiftclient, it seems you expect to directly assign auth token and storage url directly, so you’d follow

Here you don’t need create section, but assign auth token and storage url inside section directly.

-yaguang

From: nadgowdas [mailto:[email protected]]
Sent: Saturday, October 10, 2015 5:34 PM
To: intel-cloud/cosbench
Subject: [cosbench] not able to authorize with auth token (#282)

Hi,

I am using token authorization for swift. And I am able to authenticate with python-swiftclient, ssbench from the same host, but with cosbench, it gives me "Unauthorized" error.

Python-swiftclient:

when i am using python swift-client, i am able to access my swift cluster as:

swift --os-auth-token f2d11ffd111841f3b88d5b7b3c1a2181 --os-storage-url http://x.x.x.x:8080/v1/AUTH_2685ea9ace184a17b0dcfa1798127e93 list test_container

cosbench:

I have tried following various formats for defining storage types for swift:

what is the right format to specify the auth token in workload profile.?

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/282.

[nadgowdas]

thanks.
does it support keystone V3 api? if i need to add -V 3 as a parameter, how do i add that?

[ywang19]

Haven’t tried against keystone V3 yet. if you like to add version parameter, a quick way is to put it into “config” list like config=”version=3, …”, and then in KeystoneAuth, you could check the version to go to different branch.

Thanks for your upcoming contributions.
-yaguang

From: nadgowdas [mailto:[email protected]]
Sent: Tuesday, October 13, 2015 12:01 AM
To: intel-cloud/cosbench
Cc: Wang, Yaguang
Subject: Re: [cosbench] not able to authorize with auth token (#282)

thanks.
does it support keystone V3 api? if i need to add -V 3 as a parameter, how do i add that?

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/282#issuecomment-147446394.

[pietervanw]

Hi,

I'm having similar (although not identical) authentication issues. I'm trying to benchmark a small OpenStack (Kilo) Swift cluster, which is up & running. I use Keystone for authentication. Any help is greatly appreciated!

If I configure a workload and directly feed an authentication token (by manually obtaining a token), it works:

<storage type="swift" config="token=d6c1b07b2ab04b6684c4c1dbecd84923;storage_url=http://controller:8080/v1/AUTH_a2e1dbb439a94e889c7850d964ba946b"/>

However, I want to run multiple benchmarks in the coming period and I'd like to avoid manually updating the workload XML with a new token, so I prefer to use the keystone authentication. This is configured as follows:

<storage type="swift" />
<auth type="keystone" config="username=demo;password=XXXXXXXXX;tenant_name=demo;auth_url=http://dps-cloud01.dps.local:5000/v2.0;service=demo" />

This does not work for me. When I run the driver with DEBUG log level, everything looks OK (token is acquired, worker seems to be successfully authenticated, but the storage operations on Swift fail. There is one line in the logging (more below) that does not look right to me:

2015-10-28 13:36:04,657 [DEBUG] [cd] - using auth token: f374bea3edc248b8ada2a73a29635179, storage url: null, storage policy: null

It looks like it was able to get a token, but not parse the storage URL from the Keystone response. Any idea what I'm doing wrong?

Thanks in advance for your help & advice!

Kind regards,
Pieter van Wijngaarden
(P.S. I tried to attach the complete workload log file, but was not permitted..)

Error logging:
2015-10-28 13:36:04,521 [DEBUG] [SwiftStorage] - using storage config: {token=AUTH_xxx, policy=null, storage_url=http://127.0.0.1:8080/auth/v1.0, logging=true, timeout=30000} 2015-10-28 13:36:04,526 [DEBUG] [SwiftStorage] - swift client has been initialized 2015-10-28 13:36:04,535 [DEBUG] [AuthAgent] - begin to login, will attempt 1 times 2015-10-28 13:36:04,537 [DEBUG] [AuthAgent] - input auth context is {username=demo, service=demo, tenant_id=, tenant_name=demo, logging=false, usertoken=, auth_url=http://dps-cloud01.dps.local:5000/v2.0, password=XXXXXXXXX, timeout=10000, caching=false} with caching=false 2015-10-28 13:36:04,657 [DEBUG] [cd] - using auth token: f374bea3edc248b8ada2a73a29635179, storage url: null, storage policy: null 2015-10-28 13:36:04,658 [DEBUG] [AuthAgent] - worker 1 has been successfully authed 2015-10-28 13:36:04,665 [INFO] [NoneStorage] - performing PUT at /dps-bench1 2015-10-28 13:36:04,667 [ERROR] [AbstractOperator] - worker 1 fail to perform operation dps-bench1 com.intel.cosbench.api.storage.StorageException: java.lang.IllegalStateException: Target host must not be null, or set in parameters.

[ywang19]

The issue is the storage url is not correctly parsed from keystone response, one possible cause is you are using some region other than the default "RegionOne".
The "region" parameter is not showing up in current sample workloads. the form is as following:

[pietervanw]

Thanks for your help! I am pretty sure that I am using the standard Swift region configuration (i.e. RegionOne). However, let me try to configure it and see what happens. If it doesn't work, I'll post the auth response that I see if I use curl.

Also, I think you missed the sample form in your reponse.
(Edit 1: found the sample in your GitHub commit. I will download 0.4.2.c3 and will try it out!)
(Edit 2: yes, this fixed the issue! Thanks for your help :) )

My auth config is now as follows:

<auth type="keystone" config="username=swift;password=XXXXXXXXXXXXX;tenant_name=service;auth_url=http://dps-cloud01.dps.local:5000/v2.0;service=swift;region=RegionOne" />

[ywang19]

aha, you're right. another correction is the default region is "regionOne", the "r" is with lower case.

Here is the sample snippet:

<auth type="keystone"  config="username=tester;password=testing;tenant_name=test;auth_url=http://127.0.0.1:5000/v2.0;service=swift service;region=regionOne" /> 

[osmboy]

thanks. does it support keystone V3 api? if i need to add -V 3 as a parameter, how do i add that?

please refer to #330