The information on this page is outdated and no longer correct.
First you need to get a token that is valid for 24 hours that can be used instead of user name and password. Authentication is done through keystone. Only V3 authentication is supported.
The script below should give you the right information:
#!/bin/sh
export OS_PROJECT_DOMAIN_NAME=<project domain>
export OS_USER_DOMAIN_NAME=<user domain>
export OS_PROJECT_NAME=<project name>
export OS_USERNAME=<username>
export OS_PASSWORD=<password>
export OS_AUTH_URL=https://objectstore.surf.nl:5000/v3
TMPFILE=`mktemp`
chmod 600 ${TMPFILE}
JSONFILE=`mktemp`
chmod 600 ${JSONFILE}
cat >${JSONFILE} <<EOF
{
"auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"domain": {"name": "${OS_USER_DOMAIN_NAME}"},
"name": "${OS_USERNAME}",
"password": "${OS_PASSWORD}"
}
}
},
"scope": {
"project": {
"domain": {"name": "${OS_PROJECT_DOMAIN_NAME}"},
"name": "${OS_PROJECT_NAME}"
}
}
}
}
EOF
curl -si \
-H "Content-Type: application/json" \
-o ${TMPFILE} \
-d @${JSONFILE} \
${OS_AUTH_URL}/auth/tokens 2>/dev/null
echo
cat ${TMPFILE} | grep 'X-Subject-Token:'
echo
tail -1 ${TMPFILE} | json_pp
rm -f ${TMPFILE} ${JSONFILE}
It can be downloaded from get_token_and_json.sh
An example of the output this script generates is below:
{
"token" : {
"audit_ids" : [
"ZH4oi0cAQnCvk4De-IqmIw"
],
"catalog" : [
{
"endpoints" : [
{
"id" : "02a84a77a5534c0899ddb923eff58fd4",
"interface" : "admin",
"region" : "RegionOne",
"region_id" : "RegionOne",
"url" : "https://objectstore.surf.nl:5000/v3/"
},
{
"id" : "b6c4d54a4e7a455f800cabfa68ebb941",
"interface" : "public",
"region" : "RegionOne",
"region_id" : "RegionOne",
"url" : "https://objectstore.surf.nl:5000/v3/"
},
{
"id" : "f386325000a0458badb40c81f92f33ca",
"interface" : "internal",
"region" : "RegionOne",
"region_id" : "RegionOne",
"url" : "https://objectstore.surf.nl:5000/v3/"
}
],
"id" : "9c3fe3a4a5f5409abf48513c72c5fa48",
"name" : "keystone",
"type" : "identity"
},
{
"endpoints" : [
{
"id" : "2e0acde93b2d4989a7a08a5b15f2e7f7",
"interface" : "admin",
"region" : "RegionOne",
"region_id" : "RegionOne",
"url" : "https://objectstore.surf.nl/swift/v1/AUTH_45d98b7704ad4bcabefeda0ae3dc2547"
},
{
"id" : "c91a92ab40f7456894ecdce931fd655f",
"interface" : "internal",
"region" : "RegionOne",
"region_id" : "RegionOne",
"url" : "https://objectstore.surf.nl/swift/v1/AUTH_45d98b7704ad4bcabefeda0ae3dc2547"
},
{
"id" : "d1dfdf1eaf2e4092afe271afcfd2d998",
"interface" : "public",
"region" : "RegionOne",
"region_id" : "RegionOne",
"url" : "https://objectstore.surf.nl/swift/v1/AUTH_45d98b7704ad4bcabefeda0ae3dc2547"
}
],
"id" : "fd2cc7f02b6a4d389ef61ed2dc5a3362",
"name" : "swift",
"type" : "object-store"
}
],
"expires_at" : "2024-07-17T06:57:02.000000Z",
"is_domain" : false,
"issued_at" : "2024-07-16T06:57:02.000000Z",
"methods" : [
"password"
],
"project" : {
"domain" : {
"id" : "default",
"name" : "Default"
},
"id" : "45d98b7704ad4bcabefeda0ae3dc2547",
"name" : "johndoe"
},
"roles" : [
{
"id" : "4b41796e39444486a9a060c2ad0dccc4",
"name" : "swiftoperator"
}
],
"user" : {
"domain" : {
"id" : "default",
"name" : "Default"
},
"id" : "4118ca9c8c544928a73042fd7be0e3b0",
"name" : "johndoe",
"password_expires_at" : null
}
}
}
The line with “X-Subject-Token:” gives you the token. In the JSON output you will find the token expiration time,”expires at”. In the “catalog” section at the “endpoints” of “type” : “object-store” and “name” : “swift”, you have to look for the “interface” : “public” and there you find the <storage url> “url” : “https://proxy.swift.surfsara.nl/v1/KEY_05b2aafab5a745eab2726d88649d95fe”.
For users using keystone with a local acount should set:
export OS_USER_DOMAIN_NAME="Default" export OS_PROJECT_DOMAIN_NAME="Default"
Users using keystone in combination with the SURF Central User Administration (CUA) account should set:
export OS_USER_DOMAIN_NAME="CuaUsers" export OS_PROJECT_DOMAIN_NAME="CuaUsers"
The script below gives you just the token and the storage url using V3 authentication:
#!/bin/sh export OS_PROJECT_DOMAIN_NAME=<project domain> export OS_USER_DOMAIN_NAME=<user domain> export OS_PROJECT_NAME=<project name> export OS_USERNAME=<user name> export OS_PASSWORD=<password> export OS_AUTH_URL=https://objectstore.surf.nl:5000/v3 TMPFILE=`mktemp` chmod 600 ${TMPFILE} JSONFILE=`mktemp` chmod 600 ${JSONFILE} cat >${JSONFILE} <<EOF { "auth": { "identity": { "methods": ["password"], "password": { "user": { "domain": {"name": "${OS_USER_DOMAIN_NAME}"}, "name": "${OS_USERNAME}", "password": "${OS_PASSWORD}" } } }, "scope": { "project": { "domain": {"name": "${OS_PROJECT_DOMAIN_NAME}"}, "name": "${OS_PROJECT_NAME}" } } } } EOF PYTHONSCRIPT=`mktemp` chmod 755 ${PYTHONSCRIPT} cat > ${PYTHONSCRIPT} << EOF #!/usr/bin/env python import sys, json, re list=json.load(sys.stdin)["token"]["catalog"] for i in list: if i["type"]=="object-store" and re.search('swift',i["name"])!=None: for j in i["endpoints"]: if j["interface"]=="public": print "export OS_STORAGE_URL="+j["url"] EOF curl -si \ -H "Content-Type: application/json" \ -o ${TMPFILE} \ -d @${JSONFILE} \ ${OS_AUTH_URL}/auth/tokens 2>/dev/null | grep 'X-Subject-Token:' | awk '{print $2}' echo token=`cat ${TMPFILE} | grep 'X-Subject-Token:' | awk '{print $2}'` echo "export OS_AUTH_TOKEN="${token} echo tail -1 ${TMPFILE} | ${PYTHONSCRIPT} rm -f ${TMPFILE} ${PYTHONSCRIPT} ${JSONFILE}
It can be downloaded from: get_token_and_storage_url.sh. Now you can run curl commands using:
curl -i -H "X-Auth-Token: <token>" ...