[Cyberduck-trac] [Cyberduck] #5892: cyberduck with openstack-swift
Cyberduck
trac at trac.cyberduck.ch
Sun Apr 10 23:14:49 CEST 2011
#5892: cyberduck with openstack-swift
---------------------------+------------------------
Reporter: btorch | Owner: dkocher
Type: defect | Status: new
Priority: normal | Milestone:
Component: openstack | Version: 4.0.2
Severity: normal | Resolution:
Keywords: | Architecture: Intel
Platform: Mac OS X 10.5 |
---------------------------+------------------------
Description changed by dkocher:
Old description:
> First of, thank you very much for all the hard work you have put into
> this awesome app. I've had many people approach me asking for help with
> cyberduck and openstack-swift so I decided to try it out myself. It
> always worked in the past with our devauth authentication system.
>
> I've tried the following with openstack-swift 1.2.0 using swauth. When
> using devauth, the authentication step works fine but I believe devauth
> is getting deprecated on 1.3.0.
>
> What I have noticed from the cyberduck logs and my swift logs is that,
> When trying to swauth, cyberduck is passing only /v1.0 and not the whole
> "Path" value that is used in the connection configuration (Path =
> /auth/v1.0) therefore the swift precondition fails.
>
> GET /v1.0 HTTP/1.1
> x-auth-user: external:marcelo
> x-auth-key: XXXXXXXXX
> Host: auth.swift.domain.com:8443
> Connection: Keep-Alive
> User-Agent: Cyberduck/4.0.2 (Mac OS X/10.5.8) (i386)
> HTTP/1.1 412 Precondition Failed
> Content-Type: text/html; charset=UTF-8
> Content-Length: 7
> Date: Sun, 10 Apr 2011 14:02:03 GMT
> Connection: keep-alive
>
> swift logs:
> Apr 10 14:02:03 swtester1 proxy-server %3A%3Affff%3A71.11.14.124
> 127.0.0.1 10/Apr/2011/14/02/03 GET /v1.0 HTTP/1.0 412 -
> Cyberduck/4.0.2%20%28Mac%20OS%20X/10.5.8%29%20%28i386%29 - - - -
> tx5be478af-99b4-4df9-bf15-209b07e7daf6 - 0.0004
>
>
> When I change my swift system to use DevAuth, the authentication works
> but when trying to perform a GET on the StorageUrl that it receives back
> from auth, cyberduck seems to be using the same connection that it
> already has open on port 8443.
>
> On my environment I see that the GET request on the account is actually
> going to the DevAuth service when it should be going to
> https://swift.domain.com . I have also noticed that it also adds the
> /v1.0 at the end of the StorageUrl but on the second try it removes that
> which means it would have probably worked if the request had been sent to
> 443 and not 8443.
>
> GET /v1.0 HTTP/1.1
> x-auth-user: external:marcelo
> x-auth-key: XXXXXX
> Host: auth.swift.domain.com:8443
> Connection: Keep-Alive
> User-Agent: Cyberduck/4.0.2 (Mac OS X/10.5.8) (i386)
> HTTP/1.1 204 No Content
> X-Storage-Url:
> https://swift.domain.com/v1/AUTH_50a8dbc55fb14808a3770b2e19599997
> X-Storage-Token: AUTH_tk23d87b5332554a8792b5c3940ea8b7e3
> X-Auth-Token: AUTH_tk23d87b5332554a8792b5c3940ea8b7e3
> Content-Length: 0
> Date: Sun, 10 Apr 2011 14:22:01 GMT
> Connection: keep-alive
>
> GET
> /v1/AUTH_50a8dbc55fb14808a3770b2e19599997/v1.0?format=xml&prefix=auth%2F&delimiter=%2F
> HTTP/1.1
> X-Auth-Token: AUTH_tk23d87b5332554a8792b5c3940ea8b7e3
> Host: swift.domain.com
> Connection: Keep-Alive
> User-Agent: Cyberduck/4.0.2 (Mac OS X/10.5.8) (i386)
> HTTP/1.0 503 Service Unavailable
> Content-Type: text/html
> Content-Length: 53
> Expires: now
> Pragma: no-cache
> Cache-control: no-cache,no-store
>
> GET /v1/AUTH_50a8dbc55fb14808a3770b2e19599997?format=xml HTTP/1.1
> X-Auth-Token: AUTH_tk23d87b5332554a8792b5c3940ea8b7e3
> Host: swift.domain.com
> Connection: Keep-Alive
> User-Agent: Cyberduck/4.0.2 (Mac OS X/10.5.8) (i386)
> HTTP/1.0 503 Service Unavailable
> Content-Type: text/html
> Content-Length: 53
> Expires: now
> Pragma: no-cache
> Cache-control: no-cache,no-store
>
> Apr 10 15:03:05 swtester1 pound: 12.11.13.24 GET /v1.0 HTTP/1.1 -
> HTTP/1.1 204 No Content
>
> Apr 10 15:03:05 swtester1 pound: (7fa851125700) e503 no service "GET
> /v1/AUTH_50a8dbc55fb14808a3770b2e19599997/v1.0?format=xml&prefix=auth%2F&delimiter=%2F
> HTTP/1.1" from 12.11.13.24
>
> Apr 10 15:04:07 swtester1 pound: (7fa851125700) e503 no service "GET
> /v1/AUTH_50a8dbc55fb14808a3770b2e19599997/v1.0?format=xml&prefix=auth%2F&delimiter=%2F
> HTTP/1.1" from 12.11.13.24
>
> Apr 10 15:04:08 swtester1 pound: (7fa851125700) e503 no service "GET
> /v1/AUTH_50a8dbc55fb14808a3770b2e19599997?format=xml HTTP/1.1" from
> 12.11.13.24
>
>
> In order to make sure that the request was indeed going to the auth
> system on port 8443, I had pound listen on 8443 and nginx listen on 443.
> Just to be double sure. The requests work fine when using curl to
> authenticate and retrieve account data/information.
New description:
First of, thank you very much for all the hard work you have put into this
awesome app. I've had many people approach me asking for help with
cyberduck and openstack-swift so I decided to try it out myself. It always
worked in the past with our devauth authentication system.
I've tried the following with openstack-swift 1.2.0 using swauth. When
using devauth, the authentication step works fine but I believe devauth is
getting deprecated on 1.3.0.
What I have noticed from the cyberduck logs and my swift logs is that,
When trying to swauth, cyberduck is passing only /v1.0 and not the whole
"Path" value that is used in the connection configuration (Path =
/auth/v1.0) therefore the swift precondition fails.
{{{
GET /v1.0 HTTP/1.1
x-auth-user: external:marcelo
x-auth-key: XXXXXXXXX
Host: auth.swift.domain.com:8443
Connection: Keep-Alive
User-Agent: Cyberduck/4.0.2 (Mac OS X/10.5.8) (i386)
HTTP/1.1 412 Precondition Failed
Content-Type: text/html; charset=UTF-8
Content-Length: 7
Date: Sun, 10 Apr 2011 14:02:03 GMT
Connection: keep-alive
}}}
swift logs:
{{{
Apr 10 14:02:03 swtester1 proxy-server %3A%3Affff%3A71.11.14.124 127.0.0.1
10/Apr/2011/14/02/03 GET /v1.0 HTTP/1.0 412 -
Cyberduck/4.0.2%20%28Mac%20OS%20X/10.5.8%29%20%28i386%29 - - - -
tx5be478af-99b4-4df9-bf15-209b07e7daf6 - 0.0004
}}}
When I change my swift system to use DevAuth, the authentication works but
when trying to perform a GET on the StorageUrl that it receives back from
auth, cyberduck seems to be using the same connection that it already has
open on port 8443.
On my environment I see that the GET request on the account is actually
going to the DevAuth service when it should be going to
https://swift.domain.com . I have also noticed that it also adds the /v1.0
at the end of the StorageUrl but on the second try it removes that which
means it would have probably worked if the request had been sent to 443
and not 8443.
{{{
GET /v1.0 HTTP/1.1
x-auth-user: external:marcelo
x-auth-key: XXXXXX
Host: auth.swift.domain.com:8443
Connection: Keep-Alive
User-Agent: Cyberduck/4.0.2 (Mac OS X/10.5.8) (i386)
HTTP/1.1 204 No Content
X-Storage-Url:
https://swift.domain.com/v1/AUTH_50a8dbc55fb14808a3770b2e19599997
X-Storage-Token: AUTH_tk23d87b5332554a8792b5c3940ea8b7e3
X-Auth-Token: AUTH_tk23d87b5332554a8792b5c3940ea8b7e3
Content-Length: 0
Date: Sun, 10 Apr 2011 14:22:01 GMT
Connection: keep-alive
GET
/v1/AUTH_50a8dbc55fb14808a3770b2e19599997/v1.0?format=xml&prefix=auth%2F&delimiter=%2F
HTTP/1.1
X-Auth-Token: AUTH_tk23d87b5332554a8792b5c3940ea8b7e3
Host: swift.domain.com
Connection: Keep-Alive
User-Agent: Cyberduck/4.0.2 (Mac OS X/10.5.8) (i386)
HTTP/1.0 503 Service Unavailable
Content-Type: text/html
Content-Length: 53
Expires: now
Pragma: no-cache
Cache-control: no-cache,no-store
GET /v1/AUTH_50a8dbc55fb14808a3770b2e19599997?format=xml HTTP/1.1
X-Auth-Token: AUTH_tk23d87b5332554a8792b5c3940ea8b7e3
Host: swift.domain.com
Connection: Keep-Alive
User-Agent: Cyberduck/4.0.2 (Mac OS X/10.5.8) (i386)
HTTP/1.0 503 Service Unavailable
Content-Type: text/html
Content-Length: 53
Expires: now
Pragma: no-cache
Cache-control: no-cache,no-store
}}}
{{{
Apr 10 15:03:05 swtester1 pound: 12.11.13.24 GET /v1.0 HTTP/1.1 - HTTP/1.1
204 No Content
Apr 10 15:03:05 swtester1 pound: (7fa851125700) e503 no service "GET
/v1/AUTH_50a8dbc55fb14808a3770b2e19599997/v1.0?format=xml&prefix=auth%2F&delimiter=%2F
HTTP/1.1" from 12.11.13.24
Apr 10 15:04:07 swtester1 pound: (7fa851125700) e503 no service "GET
/v1/AUTH_50a8dbc55fb14808a3770b2e19599997/v1.0?format=xml&prefix=auth%2F&delimiter=%2F
HTTP/1.1" from 12.11.13.24
Apr 10 15:04:08 swtester1 pound: (7fa851125700) e503 no service "GET
/v1/AUTH_50a8dbc55fb14808a3770b2e19599997?format=xml HTTP/1.1" from
12.11.13.24
}}}
In order to make sure that the request was indeed going to the auth system
on port 8443, I had pound listen on 8443 and nginx listen on 443. Just to
be double sure. The requests work fine when using curl to authenticate and
retrieve account data/information.
--
--
Ticket URL: <http://trac.cyberduck.ch/ticket/5892#comment:1>
Cyberduck <http://cyberduck.ch>
Open source FTP, SFTP, WebDAV, Cloud Files, Google Docs & Amazon S3 Browser for Mac & Windows.
More information about the Cyberduck-trac
mailing list