1

I'm trying to set up a 'Swift All In One' system on a Ubuntu 12.04 VM by the link:http://docs.openstack.org/developer/swift/development_saio.html.
When I run the command on the VM:

curl -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' http://127.0.0.1:8080/auth/v1.0

It works well,but if I change the address "127.0.0.1" into "192.168.254.129"(the VM ip address) and still run the command on the VM,like:

curl -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' http://192.168.254.129:8080/auth/v1.0

it fails and hints "Connection refused".
I have tried to close the firewall on the VM and it doesn't work either.
In my opinion, the two commands should both succeed or fail, because both "127.0.0.1" and "192.168.254.129" refer to the same VM machine.

user5440753
  • 23
  • 10
  • Which firewall(s)? `192.168.*.*` implies you're behind a router or something similar. Does your router have a firewall? Did you forward the necessary ports on your router? – Jonny Henly Mar 24 '16 at 06:58
  • The VM's firewall.I use VMware workstation 12 pro on Window 7 and make a Ubuntu VM. – user5440753 Mar 24 '16 at 07:16
  • seems like you are using bridged network to spawn your vm, try connecting your vm with host-only network. – Hamza Zafar Mar 24 '16 at 11:13

1 Answers1

0

There are a few potential issues with the examples you have posted:

  1. The port is not default. Changing the port can be tricky and lead to unexpected results depending on what middleware you use. So this is discouraged.

  2. You should configure the VM to use a dedicated "internal-only" interface with static IP configuration. Instead of changing the interface that the virtualization host creates, I prefer to add a VIP to the interface created for the host-only network (e.g. eth1:0).

  3. If it still doesn't connect, make (double) sure that a firewall is not blocking connections on that interface. Ubuntu 12.04 uses iptables as the default firewall. So either ensure that the service is not running or flush the input rules ( sudo iptables -F INPUT ). If that works, then don't forget to save the iptables configuration ( sudo service iptables save ) so that it doesn't revert on reboot.

  4. It appears that you are trying to specify a tenant with v1.0 authentication. This is not supported. If you need to specify a tenant separate from the user, you must use v2.0 authentication. Also, I see that you are using the deprecated "Storage" headers. If you want to use v1.0 authentication, then it is strongly recommended to use X-Auth-User and X-Auth-Key headers instead.

It is also a good idea to use the swift command-line client to verify that the server is setup correctly. Once you know that, then using curl can be useful to get a lower-level understanding of how the protocol works.

Adam Takvam
  • 116
  • 5
  • I have updated the question description above, I run the two commands on the same VM, "127.0.0.1:8080" VS "192.168.254.129:8080". But the result turns different. By the way, I use VMware workstation 12 pro and use 'Host-only' network mode. I have tried to run "sudo ufw disable" and "sudo iptables -F INPUT". – user5440753 Mar 25 '16 at 04:18
  • What is the result if you install nmap and then run `nmap 192.168.254.129` on the VM? – Adam Takvam Mar 25 '16 at 07:51
  • `Host is up (0.00030s latency). Not shown: 999 closed ports PORT STATE SERVICE 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds` – user5440753 Mar 26 '16 at 00:19
  • Is that means the 8080 port is not opened on the ip "192.168.254.129"? But if I run `nmap 127.0.0.1` on the VM, the 8080 port is opened. – user5440753 Mar 26 '16 at 00:26
  • I have tried to edit the '/etc/swift/proxy-sever.conf' to bind the proxy-service to "192.168.254.129:8080".Then I can use the IP address "192.168.254.129:8080" to access proxy-service. Of course, the "127.0.0.1:8080" turns into a failure.However,new problem comes out:http://stackoverflow.com/questions/36215014/curl-6-could-not-resolve-host-401-unauthorized-on-openstack-swift-saio – user5440753 Mar 26 '16 at 00:42
  • Well, If I use X-Auth-User and X-Auth-Key headers. It works well on the host machine. – user5440753 Mar 26 '16 at 01:00
  • Excellent. I'm happy to see you got it working... or at least further along. Just for the record, my comment about 8080 not being the default was incorrect. However, I still recommend using 80, if possible. As for the bind address, I checked on mine and it's set to 127.0.0.1 and definitely works for clients coming from other machines. My understanding is that the proxy actually binds to all interfaces and that setting is largely ignored. However, that could be a result of some SwiftStack magic on my cluster that isn't present on the OpenStack Swift version. – Adam Takvam Mar 26 '16 at 08:09
  • Thanks for your help :) – user5440753 Mar 30 '16 at 00:41