Re: Openstack keystone with Radosgw

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Mark - I tried that as well, but in vain. In fact, that is how I created the endpoint to begin with. Since, that didn't work, I followed Openstack standard which was to include %tenant-id.

-Lakshmi.


On Friday, October 10, 2014 6:49 PM, Mark Kirkwood <mark.kirkwood@xxxxxxxxxxxxxxx> wrote:


Hi,

I think your swift endpoint:

| 2ccd8523954c4491b08b648cfd42ae6c | regionOne |
http://gateway.ex.com/swift/v1/AUTH_%(tenant_id)s |
http://gateway.ex.com/swift/v1/AUTH_%(tenant_id)s |
http://gateway.ex.com/swift/v1     | 77434bc194a3495793b5b4c943248e16 |

is the issue. It should be:

| 2ccd8523954c4491b08b648cfd42ae6c | regionOne |
http://gateway.ex.com/swift/v1 | http://gateway.ex.com/swift/v1 |
http://gateway.ex.com/swift/v1     | 77434bc194a3495793b5b4c943248e16 |

i.e no AUTH_%(tenantid)s in there
http://ceph.com/docs/master/radosgw/keystone/.

Regards

Mark

On 11/10/14 14:28, lakshmi k s wrote:
> With latest HA build, I found keystone_modwsgi.conf in
> /etc/apache2/sites-available and added the chunking like below. We have
> many controller nodes, but single virtual IP - 192.0.2.21 for which
> keystone is configured. I have verified keystone setup by executing
> other services like nova list, cinder list, etc. They work fine. It is
> swift pointing to ceph object gateway that is not working.
>
> Listen 192.0.2.24:35357
> Listen 192.0.2.24:5000
>
> <VirtualHost *:35357>
>      WSGIScriptAlias / /etc/keystone/admin
>      WSGIDaemonProcess keystoneadmin user=keystone group=keystone
> processes=2 threads=1 home=/opt/stack/venvs/openstack
> python-path=/opt/stack/venvs/openstack:/opt/stack/venvs/openstack/lib/python2.7/site-packages/
>      WSGIApplicationGroup keystoneadmin
>
>      WSGIProcessGroup keystoneadmin
>
>      <Directory /etc/keystone>
>          Options FollowSymLinks
>          Require all granted
>          WSGIChunkedRequest On
>      </Directory>
>
>      ErrorLog /var/log/keystone/keystone_modwsgi.log
>      LogLevel info
>      CustomLog /var/log/keystone/keystone_apache_access.log combined
> </VirtualHost>
>
> <VirtualHost *:5000>
>      WSGIScriptAlias / /etc/keystone/main
>      WSGIDaemonProcess keystonemain user=keystone group=keystone
> processes=2 threads=1 home=/opt/stack/venvs/openstack
> python-path=/opt/stack/venvs/openstack:/opt/stack/venvs/openstack/lib/python2.7/site-packages/
>      WSGIApplicationGroup keystonemain
>
>      WSGIProcessGroup keystonemain
>
>      <Directory /etc/keystone>
>          Options FollowSymLinks
>          WSGIChunkedRequest On
>          Require all granted
>      </Directory>
>
>      ErrorLog /var/log/keystone/keystone_modwsgi.log
>      LogLevel info
>      CustomLog /var/log/keystone/keystone_apache_access.log combined
> </VirtualHost>
>
> root@overcloud-ce-controller-controllermgmt0-pc23jdstfxy5:~# keystone
> service-list
> +----------------------------------+----------+---------------+---------------------------+
> |                id                |  name  |      type    |
> description        |
> +----------------------------------+----------+---------------+---------------------------+
> | 642251f08a93444da1aa457c2a0ae9f3 |  cinder  |    volume    |  Cinder
> Volume Service  |
> | c909ea43c9244f7c8296e870986c5fc1 |  glance  |    image    |
> Glance Image Service  |
> | bf80fcba3aec45a6988262b31b7ae12a |  heat  | orchestration |
> Heat Service      |
> | 3a1cf21dd3974313ba833e807b3ff997 | keystone |    identity  | Keystone
> Identity Service |
> | 8abff3ea4bba41f4b9cc9a77a29191fe | neutron  |    network    |
> Neutron Service      |
> | d87e2f24576a459495f1e08439bae238 |  nova  |    compute    |    Nova
> Compute Service  |
> | 77434bc194a3495793b5b4c943248e16 |  swift  |  object-store
> |                          |
> +----------------------------------+----------+---------------+---------------------------+
>
>
> root@overcloud-ce-controller-controllermgmt0-pc23jdstfxy5:~# keystone
> endpoint-list
> +----------------------------------+-----------+---------------------------------------------------+---------------------------------------------------+-----------------------------------------+----------------------------------+
> |                id                |  region  |
> publicurl                    |
> internalurl                    |                adminurl
> |            service_id            |
> +----------------------------------+-----------+---------------------------------------------------+---------------------------------------------------+-----------------------------------------+----------------------------------+
> | 09159f243eb6457581e01af56e32bf18 | regionOne |
> http://192.0.2.21:8774/v3             |
> http://192.0.2.21:8774/v3             |
> http://192.0.2.21:8774/v3       | 9b431dae0ff642629ae8f5bfd006e578 |
> | 0dda582955934dc0af898ec3db2c5fbc | regionOne |
> http://192.0.2.21:8776/v1/%(tenant_id)s      |
> http://192.0.2.21:8776/v1/%(tenant_id)s      |
> http://192.0.2.21:8776/v1/%(tenant_id)s | 642251f08a93444da1aa457c2a0ae9f3 |
> | 2ccd8523954c4491b08b648cfd42ae6c | regionOne |
> http://gateway.ex.com/swift/v1/AUTH_%(tenant_id)s |
> http://gateway.ex.com/swift/v1/AUTH_%(tenant_id)s |
> http://gateway.ex.com/swift/v1     | 77434bc194a3495793b5b4c943248e16 |
> | 30ca33f2f84242c2a6ad8a91446d265b | regionOne |
> http://192.0.2.21:8773/services/Cloud       |
> http://192.0.2.21:8773/services/Cloud       |
> http://192.0.2.21:8773/services/Admin | 389b4dec8c9c479dbf46622c22da12d1 |
> | 9caad71ea7144f4283509cb60faff864 | regionOne |
> http://192.0.2.21:8774/v2/$(tenant_id)s      |
> http://192.0.2.21:8774/v2/$(tenant_id)s      |
> http://192.0.2.21:8774/v2/$(tenant_id)s | d87e2f24576a459495f1e08439bae238 |
> | d3a87ad4fd1c4626a499f0491cfb054a | regionOne |
> http://192.0.2.21:9292/             |
> http://192.0.2.21:9292/             |
> http://192.0.2.21:9292/         | c909ea43c9244f7c8296e870986c5fc1 |
> | e10b562bb4b646c8a90b6a4255d7efd7 | regionOne |
> http://192.0.2.21:21131/v1           |
> http://192.0.2.21:21131/v1           |
> http://192.0.2.21:21131/v1       | 296f0ce272834f70af9fc6f36924c89a |
> | f898c1e25d76471c8a28147e2ddfa52e | regionOne |
> http://192.0.2.21:8004/v1/%(tenant_id)s      |
> http://192.0.2.21:8004/v1/%(tenant_id)s      |
> http://192.0.2.21:8004/v1/%(tenant_id)s | bf80fcba3aec45a6988262b31b7ae12a |
> | fbbc102593394c1fb7da4160dbc28f5b | regionOne |
> http://192.0.2.21:9696/             |
> http://192.0.2.21:9696/             |
> http://192.0.2.21:9696/         | 8abff3ea4bba41f4b9cc9a77a29191fe |
> | fc8e024afc9b43308a5cf8323be76ba5 | regionOne |
> http://192.0.2.21:5000/v2.0           |
> http://192.0.2.21:5000/v2.0           |
> http://192.0.2.21:35357/v2.0     | 3a1cf21dd3974313ba833e807b3ff997 |
> +----------------------------------+-----------+-----------------------------
>
>
> ceph.conf
>
> [global]
> fsid = b35e8496-e809-416a-bd66-aba761d78fac
> mon_initial_members = node1
> mon_host = 192.0.2.211
> auth_cluster_required = cephx
> auth_service_required = cephx
> auth_client_required = cephx
> filestore_xattr_use_omap = true
>
> [client.admin]
> keyring = /etc/ceph/ceph.client.admin.keyring
>
> [client.radosgw.gateway]
> rgw keystone url = "" href="http://192.0.2.21:5000/" target="_blank" >http://192.0.2.21:5000
> rgw keystone admin token = 337b8816f019a04396a2e00e65e6c30ea96ba59b
> rgw keystone accepted roles = admim _member_ swiftoperator
> rgw keystone token cache size = 500
> rgw keystone revocation interval = 500
> rgw s3 auth use keystone = false
> nss db path = /var/lib/ceph/nss
> debug rgw = 20
> host = gateway
> keyring = /etc/ceph/ceph.client.radosgw.keyring
> rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
> log file = /var/log/ceph/client.radosgw.gateway.log
> rgw dns name = gateway
>
>
>
>
>
>
>
>
>  >
>  > On Friday, October 10, 2014 9:20 AM, lakshmi k s <lux_ks@xxxxxxxxx
> <mailto:lux_ks@xxxxxxxxx>> wrote:
>  >
>  >
>  > Mark, I am going no where with this. I am going to try with latest
>  > OpenStack build (build internal to my company) that has HA support. I
>  > will keep you posted.
>  >
>  >
>  > On Thursday, October 9, 2014 10:46 PM, Mark Kirkwood
>  > <mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>> wrote:
>  >
>  >
>  > Oh, I see. That complicates it a wee bit (looks back at your messages).
>  > I see you have:
>  >
>  > rgw_keystone_url = http://192.0.8.2:5000
> <http://192.0.8.2:5000/><http://192.0.8.2:5000/>
>  >
>  > So you'll need to amend/create etc a
>  >
>  > <Virtualhost *:5000>
>  >
>  > and put it in there. I suspect you might be better off changing your rgw
>  > kesytone url to use port 35357 (the public one). However I think that is
>  > a side issue.
>  >
>  > Also just to double check - 192.0.8.2 *is* the server you are showing us
>  > the sites-available from?
>  >
>  > Cheers
>  >
>  > Mark
>  >
>  > On 10/10/14 12:50, lakshmi k s wrote:
>  >  > Yes Mark, but there is no keystone.conf in this modified Openstack
> code.
>  >  > There is only horizon.conf under /etc/apache2/sites-available folder.
>  >  > And that has virtual host 80 only. Should I simply add :35357?
>  >  >
>  >  > root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>
>  > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>>
>  >  > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>
>  > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>>>:/etc/apache2/sites-available#
>  >  > ls
>  >  > 000-default.conf  default-ssl.conf  horizon.conf
>  >  >
>  >  >
>  >  >
>  >  >
>  >  > On Thursday, October 9, 2014 4:45 PM, Mark Kirkwood
>  >  > <mark.kirkwood@xxxxxxxxxxxxxxx <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>> wrote:
>  >  >
>  >  >
>  >  > Hmm - It looks to me like you added the chunked request into Horizon
>  >  > instead of Keystone. You want virtual host *:35357
>  >  >
>  >  >
>  >  > On 10/10/14 12:32, lakshmi k s wrote:
>  >  >  > Have done this too, but in vain. I made changes to Horizon.conf as
>  > shown
>  >  >  > below. I had only I do not see the user being validated in
> radosgw log
>  >  >  > at all.
>  >  >  >
>  >  >  > root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>
>  > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>>
>  >  > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>
>  > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>>>:/etc/apache2/sites-available#
>  >  > ls
>  >  >  > 000-default.conf  default-ssl.conf  horizon.conf
>  >  >  >
>  >  >  > ----------------------------------------------------
>  >  >  > <VirtualHost *:80>
>  >  >  >      WSGIScriptAlias /
>  >  >  >
>  >  >
>  >
> /opt/stack/venvs/horizon/lib/python2.7/site-packages/openstack_dashboard/wsgi/django.wsgi
>  >  >  >      WSGIDaemonProcess horizon user=horizon group=horizon
> processes=3
>  > >  > threads=10 home=/opt/stack/venvs/horizon
>  >  >  >
>  >  >
>  >
> python-path=/opt/stack/venvs/horizon:/opt/stack/venvs/horizon/lib/python2.7/site-packages/
>  >  >  >    WSGIApplicationGroup %{GLOBAL}
>  >  >  >
>  >  >  >      SetEnv APACHE_RUN_USER horizon
>  >  >  >      SetEnv APACHE_RUN_GROUP horizon
>  >  >  >      WSGIProcessGroup horizon
>  >  >  >    WSGIChunkedRequest On
>  >  >  >
>  >  >  >      DocumentRoot
>  >  >  >
>  >  >
>  >
> /opt/stack/venvs/horizon/lib/python2.7/site-packages/openstack_dashboard/static
>  >  > >      Alias /static
>  >  >  >
>  >  >
>  >
> /opt/stack/venvs/horizon/lib/python2.7/site-packages/openstack_dashboard/static
>  >  > >      Alias /media
>  >  >  >
>  >  >
>  >
> /opt/stack/venvs/horizon/lib/python2.7/site-packages/openstack_dashboard/static
>  >  >  >
>  >  >  >      <Directory />
>  >  >  >          Options FollowSymLinks
>  >  >  >          AllowOverride None
>  >  >  >      </Directory>
>  >  >  >
>  >  >  >      <Directory
>  >  >  >
>  >  >
>  >
> /opt/stack/venvs/horizon/lib/python2.7/site-packages/openstack_dashboard/static>
>  >  >  >          Options Indexes FollowSymLinks MultiViews
>  > >  >          Require all granted
>  >  >  >    AllowOverride None
>  >  >  >          Order allow,deny
>  >  >  >          allow from all
>  >  >  >      </Directory>
>  >  >  >
>  >  >  >      <Directory
>  >  >  >
>  > /opt/stack/venvs/horizon/lib/python2.7/site-packages/openstack_dashboard>
>  >  >  >          Options Indexes FollowSymLinks MultiViews
>  >  >  >          Require all granted
>  >  >  >          AllowOverride None
>  >  >  >          Order allow,deny
>  >  >  > allow from all
>  >  >  >    </Directory>
>  >  >  >
>  >  >  >      ErrorLog /var/log/httpd/horizon_error.log
>  >  >  >      LogLevel debug
>  >  >  >      CustomLog /var/log/httpd/horizon_access.log combined
>  >  >  > </VirtualHost>
>  >  >  >
>  >  >  > WSGISocketPrefix /var/run/httpd
>  >  >  >
>  >  >  > ----------------------------------
>  > >  >
>  >  >  >
>  >  >  >
>  >  >  >
>  >  >  > On Thursday, October 9, 2014 3:51 PM, Mark Kirkwood
>  >  >  > <mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>> wrote:
>  >  >  >
>  >  >  >
>  >  >  > No, I don't have any explicit ssl enabled in the rgw site.
>  >  >  >
>  >  >  > Now you might be running into http://tracker.ceph.com/issues/7796
>  >  >  > <http://tracker.ceph.com/issues/7796>. So
>  >  >  > check if you have enabled
>  >  >  >
>  >  >  > WSGIChunkedRequest On
>  >  >  >
>  >  >  > In your keystone virtualhost setup (explained in the issue).
>  >  >  >
>  >  >  > Cheers
>  >  >  >
>  >  >  > Mark
>  >  >  >
>  >  >  >
>  >  >  > On 10/10/14 11:03, lakshmi k s wrote:
>  >  >  >  > Right, I have these certs on both nodes - keystone node and rgw
>  >  > gateway
>  >  >  >  > node. Not sure where I am going wrong. And what about SSL?
>  > Should the
>  >  >  >  > following be in rgw.conf in gateway node? I am not using this as
>  >  > it was
>  >  >  >  > optional.
>  >  >  >  >
>  >  >  >  > SSLEngine on
>  >  >  >  > SSLCertificateFile /etc/apache2/ssl/apache.crt
>  >  >  >  > SSLCertificateKeyFile /etc/apache2/ssl/apache.key
>  >  >  >  > SetEnv SERVER_PORT_SECURE 443
>  >  >  >  >
>  >  >  >  >
>  >  >  >  >
>  >  >  >  >
>  >  >  >  >
>  >  >  >  > On Thursday, October 9, 2014 2:48 PM, Mark Kirkwood
>  >  >  >  > <mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
>  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>> wrote:
>  >  >  >  >
>  >  >  >  >
>  >  >  >  > Almost - the converted certs need to be saved on your *rgw*
> host in
>  >  >  >  > nss_db_path (default is /var/ceph/nss but wherever you have it
>  >  >  >  > configured should be ok). Then restart the gateway.
>  >  >  >  >
>  >  >  >  > What is happening is the the rgw needs these certs to speak with
>  >  >  >  > encryption to the keystone server (the latter does not need
>  > anything
>  >  > >  > changed, as it is already using encryption).
>  >  >  >  >
>  >  >  >  > Regards
>  >  >  > >
>  >  >  >  > Mark
>  >  >  >  >
>  >  >  >  > On 10/10/14 08:31, lakshmi k s wrote:
>  >  >  >  >  > Thanks Mark. I got past this error being root. So
> essentially, I
>  >  >  > copied
>  >  >  >  >  > the certs from openstack controller node to gateway node.
>  > Did the
>  >  >  >  >  > conversion using certutil and copied the files back to
>  >  > controller node
>  >  >  >  >  > under /var/lib/ceph/nss directory. Is this the correct
>  >  > directory? Ceph
>  >  > >  >  > doc says /var/ceph/nss though.
>  >  >  >  >  >
>  >  >  >  >  > But after this, I tried to use curl GET command, but in
>  >  > vain.Same old
>  >  >  >  >  > 401 - Authorization failure.
>  >  >  >  >  >
>  >  >  >  >  > curl -i -X GET
>  >  >  >  >  >
>  >  > http://gateway.ex.com/swift/v1/AUTH_bad9e2232b304f89acb03436635b80cc
>  >  >  >  >
>  >  >
> <http://gateway.ex.com/swift/v1/AUTH_bad9e2232b304f89acb03436635b80cc>-H
>  >  >  >  >  > "X-Auth-
>  >  >  >  >  > Token: a510edb22f074946940cd4c07aafcd9d"
>  >  >  >  >  >
>  >  >  > >  > HTTP/1.1 401 Unauthorized
>  >  >  >  >  > Date: Thu, 09 Oct 2014 19:17:31 GMT
>  >  >  >  >  > Server: Apache/2.4.7 (Ubuntu)
>  >  >  >  >  > Accept-Ranges: bytes
>  >  >  >  >  > Content-Length: 12
>  >  >  >  >  > Content-Type: text/plain; charset=utf-8
>  >  >  >  >  > AccessDeniedroot
>  >  >  >  >  >
>  >  >  > >  > Not much difference in radosgw logs too. Note that the
> token used
>  >  >  > above
>  >  >  >  >  > is same one in ceph.conf file too. Please help.
>  >  >  >  >  >
>  >  >  >  >  > [client.radosgw.gateway]
>  > >  >  >  > rgw keystone url = "" href="http://192.0.8.2:5000/" target="_blank" >http://192.0.8.2:5000
> <http://192.0.8.2:5000/>
>  > <http://192.0.8.2:5000/><http://192.0.8.2:5000/>
>  >  >  > <http://192.0.8.2:5000/><http://192.0.8.2:5000/>
>  >  >  > >  > rgw keystone admin token = a510edb22f074946940cd4c07aafcd9d
>  >  >  >  >  > rgw keystone accepted roles = admim Member _member_
>  > swiftoperator
>  >  >  >  >  > rgw keystone token cache size = 500
>  >  >  >  >  > rgw keystone revocation interval = 500
>  >  >  >  > > rgw s3 auth use keystone = false
>  >  >  >  >  > nss db path = /var/lib/ceph/nss
>  >  >  >  >  > debug rgw = 20
>  >  >  > >  > host = gateway
>  >  >  >  >  > keyring = /etc/ceph/ceph.client.radosgw.keyring
>  >  >  >  >  > rgw socket path =
>  > /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
>  >  >  >  >  > log file = /var/log/ceph/client.radosgw.gateway.log
>  >  > >  >  > rgw dns name = gateway
>  >  >  > >  >
>  >  >  >  >  >
>  >  >  >  >  >
>  >  >  >  >  >
>  >  >  >  >  >
>  >  >  >  >  > On Thursday, October 9, 2014 1:15 AM, Mark Kirkwood
>  >  >  >  >  > <mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
>  >  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
>  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>> wrote:
>  >  >  >  >  >
>  >  >  >  >  >
>  >  >  >  >  > I ran into this - needed to actually be root via sudo -i or
>  > > similar,
>  >  >  >  >  > *then* it worked. Unhelpful error message is I think
> referring
>  >  > to no
>  >  >  >  >  > intialized db.
>  >  >  >  >  >
>  >  >  >  >  > On 09/10/14 16:36, lakshmi k s wrote:
>  >  >  >  >  >  > Good workaround. But it did not work. Not sure what this
>  > error
>  >  >  > is all
>  >  >  >  >  >  > about now.
>  >  >  >  > >  >
>  >  >  >  >  >  > gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
>  > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>
>  >  > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
>  > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>>
>  >  >  > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
>  > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>
>  >  > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
>  > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>>>
>  >  >  > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
>  > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>
>  >  > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
>  > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>>
>  >  >  >  > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
>  > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>
>  >  > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
>  > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>>>>:~$ openssl x509 -in
>  >  >  >  >  > /home/gateway/ca.pem -pubkey |
>  >  >  >  >  >  > certutil -d /var/lib/ceph/nss -A -n ca -t "TCu,Cu,Tuw"
>  >  >  >  >  >  > certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The
>  >  >  >  >  >  > certificate/key database is in an old, unsupported format.
>  >  >  >  >  >  >
>  > >  >  >  >  >
>  >  >  >  >  >  >
>  >  >  >  >  >  > On Wednesday, October 8, 2014 7:55 PM, Mark Kirkwood
>  >  >  >  >  >  > <mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
>  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
>  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
>  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>
>  >  >  >  > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
>  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
>  >  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
>  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>>> wrote:
>  >  >  >  >  >  >
>  >  >  >  >  >  >
>  >  >  >  >  >  > As a workaround check if your rgw host has openssl and
>  > certutil
>  >  >  >  >  >  > installed, if so you can copy the relevant unconverted
> certs
>  >  > over
>  >  >  >  > to it
>  >  >  >  >  > > and convert 'em there.
>  >  >  >  >  >  >
>  >  >  >  >  >  > On 09/10/14 15:07, lakshmi k s wrote:
>  >  >  >  >  >  >  > Tried aptitude as well, but no luck.
>  >  >  >  >  >  >  >
>  >  >  >  >  >  >  > Ceph users, have you tried to install libnss3-tools or
>  > > certutil
>  >  >  >  >  > tool on
>  >  >  >  >  >  >  > debian/ubuntu? If so, how did you go about this
> problem.
>  >  >  >  >  > > >
>  >  >  >  >  >  >  >
>  >  >  >  >  >  >  > On Wednesday, October 8, 2014 7:01 PM, Mark Kirkwood
>  >  >  >  >  >  >  > <mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
>  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
>  >  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
>  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>
>  >  >
>  >  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
>  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
>  >  >  >
>  >  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
>  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>>
>  >  >  >  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
>  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
>  >  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
>  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>
>  >  >  >  >
>  >  >  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
>  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
>  >  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
>  >  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
>  >  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
>  > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>>>> wrote:
>  >  >  >  >  >
>  >  >  >  >  >  >  >
>  >  >  >  > >  >  >
>  >  >  >  >  >  >  > Ok, so that is the thing to get sorted. I'd suggest
>  >  > posting the
>  >  >  >  >  > error(s)
>  >  >  >  >  >  >  > you are getting perhaps here (someone else might
>  > know), but
>  >  >  >  > definitely
>  >  >  >  > >  >  > to one of the Debian specific lists.
>  >  >  >  >  > >  >
>  >  >  >  >  >  >  > In the meantime perhaps try installing the packages
> with
>  >  >  > aptitude
>  >  >  >  >  > rather
>  >  >  >  >  >  >  > than apt-get - if there is some fancy footwork
>  > required it is
>  >  >  >  > fairly
>  >  >  >  >  >  >  > smart about what needs to be done.
>  >  > >  >  >  >  >
>  >  >  >  >  > >  > Cheers
>  >  >  >  >  >  >  >
>  >  >  >  >  >  >  > Mark
>  >  >  >  >  >  >  >
>  >  >  > >  >  >  > On 09/10/14 14:38, lakshmi k s wrote:
>  >  >  >  >  >  >  >  > Thanks Mark. I have been trying to install this on
>  >  > controller
>  >  >  >  >  >  > node. But
>  >  >  >  >  >  >  >  > for some reason, I am unable to install certutil or
>  >  >  >  >  > libnss3-tools on
>  >  >  >  >  >  >  >  > debian. I am not sure how to proceed.
>  >  >  >  >  >  >  >  >
>  >  > >  >  >  >  >
>  >  >  >  >  > >  >
>  >  >  >  >  >  >  >
>  >  >  >  >  >  >
>  >  >  >  >  >  >
>  >  >  >  >  >  >
>  >  >  >  >  >
>  >  >  >  >  >
>  >  >  >  >  >
>  >  >  >  >
>  >  >  >  >
>  >  >  >  >
>  >  >  >
>  >  >  >
>  >  >  >
>  >  >
>  >  >
>  >  >
>  >
>  >
>  >
>  >
>  >
>
>
>
>
>



_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux