howto Cyberduck work with keystone+swift

1,264 views
Skip to first unread message

由清 林

unread,
Oct 13, 2011, 11:30:37 PM10/13/11
to Cyberduck
New question #174028 on OpenStack Object Storage (swift):
https://answers.launchpad.net/swift/+question/174028

keystone + dashboard + swift are work perfect,
but I have a question howto Cyberduck work with keystone+swift ???

I think it's may like want Cyberduck work with swauth +swift
so I decide to config Cyberduck'user.conf ,Swift's proxy-server.conf
and Keystone's keystone.conf

first I add <setting name="cf.authentication.context "value="v1.0" />
to user.conf,

second cyberduck use https , but keystone use http , as follow

...
service_protocol = http
service_host = 127.0.0.1
service_port = 5000
...

service_host = 0.0.0.0
service_port = 5000

I think if make https and http compatible , then Cyberduck will work
normally .

I will appreciate that anyone could tell me howto set cyberduck up .

David Kocher

unread,
Oct 14, 2011, 12:01:28 PM10/14/11
to cybe...@googlegroups.com
OpenStack Swift connections without TLS are not currently supported. I will add support with an optional connection profile.

-
David

> --
> You received this message because you are subscribed to the Google Groups "Cyberduck" group. To post to this group, send email to cybe...@googlegroups.com
> To unsubscribe from this group, send email to cyberduck+...@googlegroups.com
> For more options, visit this group at http://groups.google.com/group/cyberduck
> --
> Post bug reports and feature requests
> http://trac.cyberduck.ch/newticket
> --
> Support development
> http://cyberduck.ch/donate/
>

David Kocher

unread,
Oct 17, 2011, 11:42:59 AM10/17/11
to cybe...@googlegroups.com
A new snapshot build is availble which allows HTTP connections without SSL for Swift OpenStack connections with a connection profile [1]. Let me know if that works for you.

[1] http://trac.cyberduck.ch/wiki/help/en/howto/openstack#ConnectwithoutSSL

-
David

On 14.10.2011, at 05:30, 由清 林 wrote:

Eugene Lin

unread,
Oct 17, 2011, 9:50:28 PM10/17/11
to cybe...@googlegroups.com
Sorry ,it's seem didn't work , Cyberduck still use TLS when I choose Swift(http)
and use a default port 443 I can't change,
and start keystone from 5000 to 433 ,and command line swift work well

root@swift-proxy:~# swift -A http://127.0.0.1:443/v1.0 -U joeuser -K
secrete stat -v
StorageURL: http://127.0.0.1:8888/v1/AUTH_1
Auth Token: 887665443383838
Account: AUTH_1
Containers: 3
Objects: 1
Bytes: 162763
Accept-Ranges: bytes
X-Trans-Id: tx4bfcb45e3e6342e69481f89bdb966b97

but Cyberduck can't work at win7 and report
"Unrecognized SSL message,plaintext connection?"

2011/10/17 David Kocher <dko...@cyberduck.ch>:

David Kocher

unread,
Oct 18, 2011, 8:41:49 AM10/18/11
to cybe...@googlegroups.com
A new snapshot build is available and the connection profile attached to the wiki page has been updated which should allow a custom port and fix the use of the HTTP scheme.

Again, let me know if you are more successful this time.

-
David

Eugene Lin

unread,
Oct 18, 2011, 11:54:24 AM10/18/11
to cybe...@googlegroups.com
Sorry again
This time defalut port is 80(can't change), and still use https
same error as last time.

2011/10/18 David Kocher <dko...@cyberduck.ch>:

Christian Broussard

unread,
May 22, 2012, 11:35:58 AM5/22/12
to cybe...@googlegroups.com
David, is Keystone + Swift supported with Cyberduck?

> To unsubscribe from this group, send email to cyberduck+unsubscribe@googlegroups.com

David Kocher

unread,
May 22, 2012, 11:56:29 AM5/22/12
to cybe...@googlegroups.com
I don't think we support it. There is a ticket [1] to track this.

[1] http://trac.cyberduck.ch/ticket/6330

-- David


[1] http://trac.cyberduck.ch/ticket/6330
>> cyberduck+...@googlegroups.com
>>> For more options, visit this group at
>> http://groups.google.com/group/cyberduck
>>> --
>>> Post bug reports and feature requests
>>> http://trac.cyberduck.ch/newticket
>>> --
>>> Support development
>>> http://cyberduck.ch/donate/
>>>
>>
>>
>
> --
> You received this message because you are subscribed to the Google Groups "Cyberduck" group. To post to this group, send email to cybe...@googlegroups.com
> To unsubscribe from this group, send email to cyberduck+...@googlegroups.com

Ning Zhang

unread,
Aug 29, 2012, 2:07:00 PM8/29/12
to cybe...@googlegroups.com
Hello Christian,

We have a solution to make this work. Please check out: http://www.zmanda.com/blogs/?p=916

Ning

> To unsubscribe from this group, send email to cyberduck+...@googlegroups.com

Tim Spriggs

unread,
Jul 19, 2013, 5:07:06 PM7/19/13
to cybe...@googlegroups.com
According to that ticket Keystone+Swift has been implemented in SVN so I compiled the latest SVN trunk sources under OSX (10.6) and it won't authenticate to my local swift proxy using keystone. I'm unsure of how to enable Keystone auth here. Do I still some secret incantation in a config file or is there a way to do this in the GUI? The error message I get back references GET /v1.0 which tells me that it's not automatic. Also, do I put the keystone server name or the swift-proxy name into the server field? Since keystone contains information on the location of swift it seems like keystone would be the correct answer but historically the swift-proxy has been the correct name for obvious reasons.

TIA,
-Tim

David Kocher

unread,
Jul 21, 2013, 5:49:58 PM7/21/13
to cybe...@googlegroups.com
We have just updated the wiki documentation at https://trac.cyberduck.ch/wiki/help/en/howto/openstack#Authenticationwithkeystoneforcontextv2.0tokens for using Keystone+Swift (with OpenStack identity service to get a login token). You will ned to enter the Keystone server in the host field of the connection prompt and we will determine the available storage regions from the authentication response.

You need to install an optional connection profile linked from the wiki page, as we still default the /v1.0 context for OpenStack Swift connections.

You can use the latest snapshot build (Mac). The Windows build will be updated later this week.

-- David
>>>> cybe...@googlegroups.com <javascript:>
>>>>> To unsubscribe from this group, send email to
>>>> cyberduck+...@googlegroups.com <javascript:>
>>>>> For more options, visit this group at
>>>> http://groups.google.com/group/cyberduck
>>>>> --
>>>>> Post bug reports and feature requests
>>>>> http://trac.cyberduck.ch/newticket
>>>>> --
>>>>> Support development
>>>>> http://cyberduck.ch/donate/
>>>>>
>>>>
>>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>> Groups "Cyberduck" group. To post to this group, send email to
>> cybe...@googlegroups.com <javascript:>
>>> To unsubscribe from this group, send email to
>> cyberduck+...@googlegroups.com <javascript:>
>>> For more options, visit this group at
>> http://groups.google.com/group/cyberduck
>>> --
>>> Post bug reports and feature requests
>>> http://trac.cyberduck.ch/newticket
>>> --
>>> Support development
>>> http://cyberduck.ch/donate/
>>
>>
>
> --
> --
> You received this message because you are subscribed to the Google Groups "Cyberduck" group. To post to this group, send email to cybe...@googlegroups.com
> To unsubscribe from this group, send email to cyberduck+...@googlegroups.com
> For more options, visit this group at http://groups.google.com/group/cyberduck
> --
> Post bug reports and feature requests
> http://trac.cyberduck.ch/newticket
> --
> Support development
> http://cyberduck.ch/donate/
>
> ---
> You received this message because you are subscribed to the Google Groups "Cyberduck" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cyberduck+...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

Tim Spriggs

unread,
Jul 23, 2013, 4:37:53 PM7/23/13
to cybe...@googlegroups.com
Hi David,

  Thanks for responding.

  I tried the snapshot version with the version of Keystone in Debian Wheezy and that produced an HTTP 500 error from the server. After upgrading to the latest keystone from sid (2013.1.2-5) I receive an HTTP 400 error. I produced a dump of a good vs bad session for the initial connect and found differences in the password handling.

Here is a good HTTP request session (produced from "swift list")

Request:
POST /v2.0/tokens HTTP/1.0
Connection: close
Content-Length: 109
Content-Type: application/json
Accept-Encoding: gzip, deflate, compress
Accept: */*
User-Agent: python-keystoneclient

{"auth": {"tenantName": "test", "passwordCredentials": {"username": "test", "password": "***EDITED***"}}}

Response:
HTTP/1.1 200 OK
Vary: X-Auth-Token
Content-Type: application/json
Date: Tue, 23 Jul 2013 19:35:00 GMT
Connection: close

... the response hash ...


Here is the request from Cyberduck Version 4.4 (12233):

POST /v2.0/tokens HTTP/1.0
Connection: close
Content-Length: 106
Accept: application/json
Content-Type: application/json
User-Agent: Cyberduck/4.4 (Mac OS X/10.8.4) (x86_64)
Accept-Encoding: gzip,deflate

{"auth":{"tenantId":"test","apiAccessKeyCredentials":{"accessKey":"test","secretKey":"***EDITED***"}}}

Response:
HTTP/1.1 400 Bad Request
Vary: X-Auth-Token
Content-Type: application/json
Date: Tue, 23 Jul 2013 19:34:54 GMT
Connection: close

{"error": {"message": "Expecting to find passwordCredentials in auth. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.", "code": 400, "title": "Bad Request"}}

Any chance of changing apiAccessKeyCredentials to passwordCredentials?

Thanks,
-Tim

David Kocher

unread,
Jul 24, 2013, 5:24:39 AM7/24/13
to cybe...@googlegroups.com
Thanks for testing with your configuration. Can you open a ticket at https://trac.cyberduck.ch/newticket and paste below into the description so we can track progress on this.

-- David
>> https://trac.cyberduck.ch/wiki/help/en/howto/openstack#Authenticationwithkeystoneforcontextv2.0tokensfor using Keystone+Swift (with OpenStack identity service to get a login
>> token). You will ned to enter the Keystone server in the host field of the
>> connection prompt and we will determine the available storage regions from
>> the authentication response.
>>
>> You need to install an optional connection profile linked from the wiki
>> page, as we still default the /v1.0 context for OpenStack Swift connections.
>>
>> You can use the latest snapshot build (Mac). The Windows build will be
>> updated later this week.
>>
>> -- David
>

David Kocher

unread,
Jul 24, 2013, 9:48:05 AM7/24/13
to cybe...@googlegroups.com
The latest snapshot build now defaults to use password credentials. Please open a ticket for any remaining interoperability issues.


-- David


On 23.07.2013, at 22:37, Tim Spriggs <ti...@uahirise.org> wrote:

>> https://trac.cyberduck.ch/wiki/help/en/howto/openstack#Authenticationwithkeystoneforcontextv2.0tokensfor using Keystone+Swift (with OpenStack identity service to get a login
>> token). You will ned to enter the Keystone server in the host field of the
>> connection prompt and we will determine the available storage regions from
>> the authentication response.
>>
>> You need to install an optional connection profile linked from the wiki
>> page, as we still default the /v1.0 context for OpenStack Swift connections.
>>
>> You can use the latest snapshot build (Mac). The Windows build will be
>> updated later this week.
>>
>> -- David
>
Reply all
Reply to author
Forward
0 new messages