ctennis/openstack_swift_cyberduck.txt

## openstack_swift_cyberduck.txt
Talking to Openstack's Swift with Cyberduck:


1.  Install swift.  Download cyberduck sources (3.5.1 as of this writing)

2. Both the proxy and auth servers will ultimately need to be running with SSL.  You will need a key and certificate to do this, self signed is ok (but a little more work).  Put these in /etc/swift/mycert.pem and /etc/swift/mykey.pem.

3. For swift-auth-create-account to work, the auth server must NOT be running as SSL.  So if you want to use it to create an account, you'll have to make the auth-server non-SSL, run it to create the account, then change the auth-server back to SSL.

4. my proxy-server config:

[proxy-server]
bind_port = 8080
user = swift
cert_file = /etc/swift/mycert.pem
key_file = /etc/swift/mykey.pem

5. my auth-server config:


[auth-server]
default_cluster_url = https://ec2-184-72-156-130.compute-1.amazonaws.com:8080/v1
user = swift
cert_file = /etc/swift/mycert.pem
key_file = /etc/swift/mykey.pem

(to turn off ssl on either of them, just comment out the cert_file and key_file lines, then restart the server).

6. Turn off ssl on auth-server, and use swift-auth-create-account to create a new account:

ubuntu@domU-12-31-39-03-CD-06:/home/swift/swift/bin$ sudo swift-auth-create-account a3 b3 c3
https://ec2-184-72-156-130.compute-1.amazonaws.com:8080/v1/06228ccf-6d0a-4395-889e-e971e8de8781


It's important that the URL that if given back to you be accessible publicly.  This URL is tied to this account, and will be served back to cyberduck after authorization.  If this url gives back something like: http://127.0.0.1/v1/... this won't work, because Cyberduck will attempt to connect to 127.0.0.1.

This URL is specified in the auth-server config's default_cluster_url.  However, once you have created an account/user, this URL is fixed and won't change even if you change that configuration item.  You will have to use sqlite to manually edit the auth.db in order to change it.


7. Turn back on SSL for auth-server, restart, then verify it works:


ubuntu@domU-12-31-39-03-CD-06:/home/swift/swift/bin$ st -A https://127.0.0.1:11000/v1.0 -U a3:b3 -K c3 stat
   Account: 06228ccf-6d0a-4395-889e-e971e8de8781
Containers: 0
   Objects: 0
     Bytes: 0

More importantly, make sure it works from your "public" URL (yes I know this resolves privately inside EC2):

ubuntu@domU-12-31-39-03-CD-06:/home/swift/swift/bin$ st -A https://ec2-184-72-156-130.compute-1.amazonaws.com:11000/v1.0 -U a3:b3 -K c3 stat
   Account: 06228ccf-6d0a-4395-889e-e971e8de8781
Containers: 0
   Objects: 0
     Bytes: 0


8. Edit the cyberduck source.  Look for lib/cloudfiles.properties, and edit this file.  Change auth_url to your public auth url (note the https):

auth_url=https://ec2-184-72-156-130.compute-1.amazonaws.com:11000/v1.0

9. Edit source/ch/cyberduck/core/Protocol.java.  Look for the line saying "storage.clouddrive.com".  Just below that, change:

        public boolean isWebUrlConfigurable() {
            return true;   <---- change this to true
        }

10. In the root directory, run "make" to rebuild Cyberduck.  When done, type:   open build/Release/Cyberduck.app/

to start the program.

11. Go to "Open Connection", select Rackspace Cloud Files, (http://imgur.com/aqXZb.png) and connect.

12. If you get SSL errors, make sure your auth and proxy server are both setup for SSL.  If you get certificate errors (specifically, 'unable to find valid certification path to requested target'), you are using a self signed certificate, you need to perform a few more steps:

13. As outlined here: http://blogs.sun.com/andreas/entry/no_more_unable_to_find, download http://blogs.sun.com/andreas/resource/InstallCert.java, run "javac InstallCert.java" to compile it, then run "java InstallCert https://your-auth-server-url:8080".  This script will pull down that certificate and put it into a Java cert store, in your local directory.  The file is jssecacerts.

14. You need to move that file to $JAVA_HOME/jre/lib/security, so your java run time picks it up.

15. Restart cyberduck, and it should now allow you to use that certificate without an error.


Please let me know if you find any changes that need to be made: caleb.tennis@gmail.com
	Talking to Openstack's Swift with Cyberduck:


	1. Install swift. Download cyberduck sources (3.5.1 as of this writing)

	2. Both the proxy and auth servers will ultimately need to be running with SSL. You will need a key and certificate to do this, self signed is ok (but a little more work). Put these in /etc/swift/mycert.pem and /etc/swift/mykey.pem.

	3. For swift-auth-create-account to work, the auth server must NOT be running as SSL. So if you want to use it to create an account, you'll have to make the auth-server non-SSL, run it to create the account, then change the auth-server back to SSL.

	4. my proxy-server config:

	[proxy-server]
	bind_port = 8080
	user = swift
	cert_file = /etc/swift/mycert.pem
	key_file = /etc/swift/mykey.pem

	5. my auth-server config:


	[auth-server]
	default_cluster_url = https://ec2-184-72-156-130.compute-1.amazonaws.com:8080/v1
	user = swift
	cert_file = /etc/swift/mycert.pem
	key_file = /etc/swift/mykey.pem

	(to turn off ssl on either of them, just comment out the cert_file and key_file lines, then restart the server).

	6. Turn off ssl on auth-server, and use swift-auth-create-account to create a new account:

	ubuntu@domU-12-31-39-03-CD-06:/home/swift/swift/bin$ sudo swift-auth-create-account a3 b3 c3
	https://ec2-184-72-156-130.compute-1.amazonaws.com:8080/v1/06228ccf-6d0a-4395-889e-e971e8de8781


	It's important that the URL that if given back to you be accessible publicly. This URL is tied to this account, and will be served back to cyberduck after authorization. If this url gives back something like: http://127.0.0.1/v1/... this won't work, because Cyberduck will attempt to connect to 127.0.0.1.

	This URL is specified in the auth-server config's default_cluster_url. However, once you have created an account/user, this URL is fixed and won't change even if you change that configuration item. You will have to use sqlite to manually edit the auth.db in order to change it.


	7. Turn back on SSL for auth-server, restart, then verify it works:


	ubuntu@domU-12-31-39-03-CD-06:/home/swift/swift/bin$ st -A https://127.0.0.1:11000/v1.0 -U a3:b3 -K c3 stat
	Account: 06228ccf-6d0a-4395-889e-e971e8de8781
	Containers: 0
	Objects: 0
	Bytes: 0

	More importantly, make sure it works from your "public" URL (yes I know this resolves privately inside EC2):

	ubuntu@domU-12-31-39-03-CD-06:/home/swift/swift/bin$ st -A https://ec2-184-72-156-130.compute-1.amazonaws.com:11000/v1.0 -U a3:b3 -K c3 stat
	Account: 06228ccf-6d0a-4395-889e-e971e8de8781
	Containers: 0
	Objects: 0
	Bytes: 0


	8. Edit the cyberduck source. Look for lib/cloudfiles.properties, and edit this file. Change auth_url to your public auth url (note the https):

	auth_url=https://ec2-184-72-156-130.compute-1.amazonaws.com:11000/v1.0

	9. Edit source/ch/cyberduck/core/Protocol.java. Look for the line saying "storage.clouddrive.com". Just below that, change:

	public boolean isWebUrlConfigurable() {
	return true; <---- change this to true
	}

	10. In the root directory, run "make" to rebuild Cyberduck. When done, type: open build/Release/Cyberduck.app/

	to start the program.

	11. Go to "Open Connection", select Rackspace Cloud Files, (http://imgur.com/aqXZb.png) and connect.

	12. If you get SSL errors, make sure your auth and proxy server are both setup for SSL. If you get certificate errors (specifically, 'unable to find valid certification path to requested target'), you are using a self signed certificate, you need to perform a few more steps:

	13. As outlined here: http://blogs.sun.com/andreas/entry/no_more_unable_to_find, download http://blogs.sun.com/andreas/resource/InstallCert.java, run "javac InstallCert.java" to compile it, then run "java InstallCert https://your-auth-server-url:8080". This script will pull down that certificate and put it into a Java cert store, in your local directory. The file is jssecacerts.

	14. You need to move that file to $JAVA_HOME/jre/lib/security, so your java run time picks it up.

	15. Restart cyberduck, and it should now allow you to use that certificate without an error.



	Please let me know if you find any changes that need to be made: caleb.tennis@gmail.com