Below are the logs. Appreciate you time.
root@overcloud-ce-controller-controllermgmt0-pc23jdstfxy5:~# keystone endpoint-list
+----------------------------------+-----------+-----------------------------------------+-----------------------------------------+-----------------------------------------+----------------------------------+
| id | region | publicurl | internalurl | adminurl | service_id |
+----------------------------------+-----------+-----------------------------------------+-----------------------------------------+-----------------------------------------+----------------------------------+
| 03cfa620e6094a8d8b3adea5e357af34 | regionOne | http://gateway.ex.com/swift/v1 | http://gateway.ex.com/swift/v1 | http://gateway.ex.com/swift/v1 | 77434bc194a3495793b5b4c943248e16 |
root@overcloud-ce-controller-controllermgmt0-pc23jdstfxy5:~# swift --debug -V 2.0 -A http://192.0.2.21:5000/v2.0 -U ceph:cephUser -K ceph123 stat
DEBUG:keystoneclient.auth.identity.v2:Making authentication request to http://192.0.2.21:5000/v2.0/tokens
INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): 192.0.2.21
DEBUG:requests.packages.urllib3.connectionpool:"POST /v2.0/tokens HTTP/1.1" 200 3670
DEBUG:iso8601.iso8601:Parsed 2014-10-12T06:41:22Z into {'tz_sign': None, 'second_fraction': None, 'hour': u'06', 'daydash': u'12', 'tz_hour': None, 'month': None, 'timezone': u'Z', 'second': u'22', 'tz_minute': None, 'year': u'2014', 'separator': u'T', 'monthdash': u'10', 'day': None, 'minute': u'41'} with default timezone <iso8601.iso8601.Utc object at 0x7f678c6680d0>
DEBUG:iso8601.iso8601:Got u'2014' for 'year' with default None
DEBUG:iso8601.iso8601:Got u'10' for 'monthdash' with default 1
DEBUG:iso8601.iso8601:Got 10 for 'month' with default 10
DEBUG:iso8601.iso8601:Got u'12' for 'daydash' with default 1
DEBUG:iso8601.iso8601:Got 12 for 'day' with default 12
DEBUG:iso8601.iso8601:Got u'06' for 'hour' with default None
DEBUG:iso8601.iso8601:Got u'41' for 'minute' with default None
DEBUG:iso8601.iso8601:Got u'22' for 'second' with default None
INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): gateway.ex.com
DEBUG:requests.packages.urllib3.connectionpool:"HEAD /swift/v1 HTTP/1.1" 401 0
INFO:swiftclient:REQ: curl -i http://gateway.ex.com/swift/v1 -I -H "X-Auth-Token: 48aeae6e5a8c418c916f0db699d5ca76"
INFO:swiftclient:RESP STATUS: 401 Unauthorized
INFO:swiftclient:RESP HEADERS: [('content-length', '12'), ('accept-ranges', 'bytes'), ('keep-alive', 'timeout=5, max=100'), ('server', 'Apache/2.4.7 (Ubuntu)'), ('connection', 'Keep-Alive'), ('date', 'Sun, 12 Oct 2014 02:38:27 GMT'), ('content-type', 'text/plain; charset=utf-8')]
DEBUG:keystoneclient.auth.identity.v2:Making
authentication request to http://192.0.2.21:5000/v2.0/tokens
INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): 192.0.2.21
DEBUG:requests.packages.urllib3.connectionpool:"POST /v2.0/tokens HTTP/1.1" 200 3670
DEBUG:iso8601.iso8601:Parsed 2014-10-12T06:41:23Z into {'tz_sign': None, 'second_fraction': None, 'hour': u'06', 'daydash': u'12', 'tz_hour': None, 'month': None, 'timezone': u'Z', 'second': u'23', 'tz_minute': None, 'year': u'2014', 'separator': u'T', 'monthdash': u'10', 'day': None, 'minute': u'41'} with default timezone <iso8601.iso8601.Utc object at 0x7f678c6680d0>
DEBUG:iso8601.iso8601:Got u'2014' for 'year' with default None
DEBUG:iso8601.iso8601:Got u'10' for 'monthdash' with default 1
DEBUG:iso8601.iso8601:Got 10 for 'month' with default 10
DEBUG:iso8601.iso8601:Got u'12' for 'daydash' with default 1
DEBUG:iso8601.iso8601:Got 12 for 'day' with default 12
DEBUG:iso8601.iso8601:Got u'06' for 'hour' with default None
DEBUG:iso8601.iso8601:Got u'41' for 'minute' with default None
DEBUG:iso8601.iso8601:Got u'23' for 'second' with default None
INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): gateway.ex.com
DEBUG:requests.packages.urllib3.connectionpool:"HEAD /swift/v1 HTTP/1.1" 401 0
INFO:swiftclient:REQ: curl -i http://gateway.ex.com/swift/v1 -I -H "X-Auth-Token: 2a695befdbe6493d8df677b3e94961d8"
INFO:swiftclient:RESP STATUS: 401 Unauthorized
INFO:swiftclient:RESP HEADERS: [('content-length', '12'), ('accept-ranges', 'bytes'), ('keep-alive', 'timeout=5, max=100'), ('server', 'Apache/2.4.7 (Ubuntu)'), ('connection', 'Keep-Alive'), ('date', 'Sun, 12 Oct 2014 02:38:28 GMT'), ('content-type', 'text/plain; charset=utf-8')]
ERROR:swiftclient:Account HEAD failed: http://gateway.ex.com/swift/v1 401 Unauthorized
Traceback (most recent call last):
File "/opt/stack/python-swiftclient/swiftclient/client.py", line 1208, in _retry
rv = func(self.url, self.token, *args, **kwargs)
File "/opt/stack/python-swiftclient/swiftclient/client.py", line 493, in head_account
http_response_content=body)
ClientException: Account HEAD failed: http://gateway.ex.com/swift/v1 401 Unauthorized
Account HEAD failed: http://gateway.ex.com/swift/v1 401 Unauthorized
Radosgw log
2014-10-11 19:38:27.272166 7f13dd6f9700 20 enqueued request req=0x7f13e40262b0
2014-10-11 19:38:27.272190 7f13dd6f9700 20 RGWWQ:
2014-10-11 19:38:27.272192 7f13dd6f9700 20 req: 0x7f13e40262b0
2014-10-11 19:38:27.272198 7f13dd6f9700 10 allocated request req=0x7f13e40256a0
2014-10-11 19:38:27.272280 7f13cb7f6700 20 dequeued request req=0x7f13e40262b0
2014-10-11 19:38:27.272286 7f13cb7f6700 20 RGWWQ: empty
2014-10-11 19:38:27.272319 7f13cb7f6700 20 CONTEXT_DOCUMENT_ROOT=/var/www
2014-10-11 19:38:27.272321 7f13cb7f6700 20 CONTEXT_PREFIX=
2014-10-11 19:38:27.272322 7f13cb7f6700 20 DOCUMENT_ROOT=/var/www
2014-10-11 19:38:27.272323 7f13cb7f6700 20
FCGI_ROLE=RESPONDER
2014-10-11 19:38:27.272324 7f13cb7f6700 20 GATEWAY_INTERFACE=CGI/1.1
2014-10-11 19:38:27.272325 7f13cb7f6700 20 HTTP_ACCEPT=*/*
2014-10-11 19:38:27.272326 7f13cb7f6700 20 HTTP_ACCEPT_ENCODING=gzip, deflate
2014-10-11 19:38:27.272327 7f13cb7f6700 20 HTTP_AUTHORIZATION=
2014-10-11 19:38:27.272329 7f13cb7f6700 20 HTTP_CONNECTION=keep-alive
2014-10-11 19:38:27.272330 7f13cb7f6700 20 HTTP_HOST=gateway.ex.com
2014-10-11 19:38:27.272332 7f13cb7f6700 20 HTTP_USER_AGENT=python-swiftclient-2.2.0.12.g57a913e
2014-10-11 19:38:27.272333 7f13cb7f6700 20 HTTP_X_AUTH_TOKEN=48aeae6e5a8c418c916f0db699d5ca76
2014-10-11 19:38:27.272334 7f13cb7f6700 20
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
2014-10-11 19:38:27.272335 7f13cb7f6700 20 QUERY_STRING=
2014-10-11 19:38:27.272336 7f13cb7f6700 20 REMOTE_ADDR=192.0.2.24
2014-10-11 19:38:27.272337 7f13cb7f6700 20 REMOTE_PORT=60635
2014-10-11 19:38:27.272339 7f13cb7f6700 20 REQUEST_METHOD=HEAD
2014-10-11 19:38:27.272340 7f13cb7f6700 20 REQUEST_SCHEME=http
2014-10-11 19:38:27.272341 7f13cb7f6700 20 REQUEST_URI=/swift/v1
2014-10-11 19:38:27.272342 7f13cb7f6700 20 SCRIPT_FILENAME=/var/www/s3gw.fcgi
2014-10-11 19:38:27.272343 7f13cb7f6700 20 SCRIPT_NAME=/swift/v1
2014-10-11 19:38:27.272344 7f13cb7f6700 20 SCRIPT_URI=http://gateway.ex.com/swift/v1
2014-10-11
19:38:27.272345 7f13cb7f6700 20 SCRIPT_URL=/swift/v1
2014-10-11 19:38:27.272346 7f13cb7f6700 20 SERVER_ADDR=192.0.2.214
2014-10-11 19:38:27.272347 7f13cb7f6700 20 SERVER_ADMIN=gateway@xxxxxx
2014-10-11 19:38:27.272348 7f13cb7f6700 20 SERVER_NAME=gateway.ex.com
2014-10-11 19:38:27.272349 7f13cb7f6700 20 SERVER_PORT=80
2014-10-11 19:38:27.272350 7f13cb7f6700 20 SERVER_PROTOCOL=HTTP/1.1
2014-10-11 19:38:27.272352 7f13cb7f6700 20 SERVER_SIGNATURE=
2014-10-11 19:38:27.272353 7f13cb7f6700 20 SERVER_SOFTWARE=Apache/2.4.7 (Ubuntu)
2014-10-11 19:38:27.272356 7f13cb7f6700 1 ====== starting new request req=0x7f13e40262b0 =====
2014-10-11 19:38:27.272369 7f13cb7f6700 2 req 3:0.000015::HEAD
/swift/v1::initializing
2014-10-11 19:38:27.272398 7f13cb7f6700 10 ver=v1 first= req=
2014-10-11 19:38:27.272401 7f13cb7f6700 10 s->object=<NULL> s->bucket=<NULL>
2014-10-11 19:38:27.272406 7f13cb7f6700 2 req 3:0.000051:swift:HEAD /swift/v1::getting op
2014-10-11 19:38:27.272409 7f13cb7f6700 2 req 3:0.000055:swift:HEAD /swift/v1:stat_account:authorizing
2014-10-11 19:38:27.272414 7f13cb7f6700 10 failed to authorize request
2014-10-11 19:38:27.272447 7f13cb7f6700 2 req 3:0.000092:swift:HEAD /swift/v1:stat_account:http status=401
2014-10-11 19:38:27.272450 7f13cb7f6700 1 ====== req done req=0x7f13e40262b0 http_status=401 ======
2014-10-11 19:38:27.272456 7f13cb7f6700 20 process_request()
returned -1
2014-10-11 19:38:28.516449 7f13dd6f9700 20 enqueued request req=0x7f13e40256a0
2014-10-11 19:38:28.516470 7f13dd6f9700 20 RGWWQ:
2014-10-11 19:38:28.516472 7f13dd6f9700 20 req: 0x7f13e40256a0
2014-10-11 19:38:28.516477 7f13dd6f9700 10 allocated request req=0x7f13e4025b20
2014-10-11 19:38:28.516491 7f13c67ec700 20 dequeued request req=0x7f13e40256a0
2014-10-11 19:38:28.516494 7f13c67ec700 20 RGWWQ: empty
2014-10-11 19:38:28.516534 7f13c67ec700 20 CONTEXT_DOCUMENT_ROOT=/var/www
2014-10-11 19:38:28.516536 7f13c67ec700 20 CONTEXT_PREFIX=
2014-10-11 19:38:28.516537 7f13c67ec700 20 DOCUMENT_ROOT=/var/www
2014-10-11 19:38:28.516538 7f13c67ec700 20
FCGI_ROLE=RESPONDER
2014-10-11 19:38:28.516539 7f13c67ec700 20 GATEWAY_INTERFACE=CGI/1.1
2014-10-11 19:38:28.516540 7f13c67ec700 20 HTTP_ACCEPT=*/*
2014-10-11 19:38:28.516541 7f13c67ec700 20 HTTP_ACCEPT_ENCODING=gzip, deflate
2014-10-11 19:38:28.516542 7f13c67ec700 20 HTTP_AUTHORIZATION=
2014-10-11 19:38:28.516543 7f13c67ec700 20 HTTP_CONNECTION=keep-alive
2014-10-11 19:38:28.516544 7f13c67ec700 20 HTTP_HOST=gateway.ex.com
2014-10-11 19:38:28.516545 7f13c67ec700 20 HTTP_USER_AGENT=python-swiftclient-2.2.0.12.g57a913e
2014-10-11 19:38:28.516545 7f13c67ec700 20 HTTP_X_AUTH_TOKEN=2a695befdbe6493d8df677b3e94961d8
2014-10-11 19:38:28.516546 7f13c67ec700 20
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
2014-10-11 19:38:28.516547 7f13c67ec700 20 QUERY_STRING=
2014-10-11 19:38:28.516548 7f13c67ec700 20 REMOTE_ADDR=192.0.2.24
2014-10-11 19:38:28.516549 7f13c67ec700 20 REMOTE_PORT=60656
2014-10-11 19:38:28.516550 7f13c67ec700 20 REQUEST_METHOD=HEAD
2014-10-11 19:38:28.516551 7f13c67ec700 20 REQUEST_SCHEME=http
2014-10-11 19:38:28.516552 7f13c67ec700 20 REQUEST_URI=/swift/v1
2014-10-11 19:38:28.516553 7f13c67ec700 20 SCRIPT_FILENAME=/var/www/s3gw.fcgi
2014-10-11 19:38:28.516554 7f13c67ec700 20 SCRIPT_NAME=/swift/v1
2014-10-11 19:38:28.516555 7f13c67ec700 20 SCRIPT_URI=http://gateway.ex.com/swift/v1
2014-10-11
19:38:28.516556 7f13c67ec700 20 SCRIPT_URL=/swift/v1
2014-10-11 19:38:28.516556 7f13c67ec700 20 SERVER_ADDR=192.0.2.214
2014-10-11 19:38:28.516557 7f13c67ec700 20 SERVER_ADMIN=gateway@xxxxxx
2014-10-11 19:38:28.516558 7f13c67ec700 20 SERVER_NAME=gateway.ex.com
2014-10-11 19:38:28.516559 7f13c67ec700 20 SERVER_PORT=80
2014-10-11 19:38:28.516560 7f13c67ec700 20 SERVER_PROTOCOL=HTTP/1.1
2014-10-11 19:38:28.516561 7f13c67ec700 20 SERVER_SIGNATURE=
2014-10-11 19:38:28.516562 7f13c67ec700 20 SERVER_SOFTWARE=Apache/2.4.7 (Ubuntu)
2014-10-11 19:38:28.516564 7f13c67ec700 1 ====== starting new request req=0x7f13e40256a0 =====
2014-10-11 19:38:28.516581 7f13c67ec700 2 req 4:0.000017::HEAD
/swift/v1::initializing
2014-10-11 19:38:28.516607 7f13c67ec700 10 ver=v1 first= req=
2014-10-11 19:38:28.516609 7f13c67ec700 10 s->object=<NULL> s->bucket=<NULL>
2014-10-11 19:38:28.516612 7f13c67ec700 2 req 4:0.000049:swift:HEAD /swift/v1::getting op
2014-10-11 19:38:28.516615 7f13c67ec700 2 req 4:0.000051:swift:HEAD /swift/v1:stat_account:authorizing
2014-10-11 19:38:28.516618 7f13c67ec700 10 failed to authorize request
2014-10-11 19:38:28.516639 7f13c67ec700 2 req 4:0.000076:swift:HEAD /swift/v1:stat_account:http status=401
2014-10-11 19:38:28.516642 7f13c67ec700 1 ====== req done req=0x7f13e40256a0 http_status=401 ======
2014-10-11 19:38:28.516647 7f13c67ec700 20 process_request()
returned -1
On Friday, October 10, 2014 10:15 PM, Mark Kirkwood <mark.kirkwood@xxxxxxxxxxxxxxx> wrote:
Right, well I suggest changing it back, and adding
debug rgw = 20
in the [client.radosgw...] section of ceph.conf and capture the
resulting log when you try 'swift stat'. It might reveal the next thing
to check.
Regards
Mark
On 11/10/14 16:02, lakshmi k s wrote:
> Hello Mark - I tried that as well, but in vain. In fact, that is how I
> created the endpoint to begin with. Since, that didn't work, I followed
> Openstack standard which was to include %tenant-id.
>
> -Lakshmi.
>
>
> On Friday, October 10, 2014 6:49 PM, Mark Kirkwood
> <mark.kirkwood@xxxxxxxxxxxxxxx> wrote:
>
>
> Hi,
>
> I think your swift endpoint:
>
> | 2ccd8523954c4491b08b648cfd42ae6c | regionOne |
> http://gateway.ex.com/swift/v1/AUTH_%(tenant_id)s |
> http://gateway.ex.com/swift/v1/AUTH_%(tenant_id)s |
> http://gateway.ex.com/swift/v1 <http://gateway.ex.com/swift/v1> |
> 77434bc194a3495793b5b4c943248e16 |
>
> is the issue. It should be:
>
> | 2ccd8523954c4491b08b648cfd42ae6c | regionOne |
> http://gateway.ex.com/swift/v1 <http://gateway.ex.com/swift/v1>|
> http://gateway.ex.com/swift/v1 <http://gateway.ex.com/swift/v1>|
> http://gateway.ex.com/swift/v1 <http://gateway.ex.com/swift/v1> |
> 77434bc194a3495793b5b4c943248e16 |
>
> i.e no AUTH_%(tenantid)s in there
> http://ceph.com/docs/master/radosgw/keystone/.
>
> Regards
>
> Mark
>
> On 11/10/14 14:28, lakshmi k s wrote:
> > With latest HA build, I found keystone_modwsgi.conf in
> > /etc/apache2/sites-available and added the chunking like below. We have
> > many controller nodes, but single virtual IP - 192.0.2.21 for which
> > keystone is configured. I have verified keystone setup by executing
> > other services like nova list, cinder list, etc. They work fine. It is
> > swift pointing to ceph object gateway that is not working.
> >
> > Listen 192.0.2.24:35357
> > Listen 192.0.2.24:5000
> >
> > <VirtualHost *:35357>
> > WSGIScriptAlias / /etc/keystone/admin
> > WSGIDaemonProcess keystoneadmin user=keystone group=keystone
> > processes=2 threads=1 home=/opt/stack/venvs/openstack
> >
> python-path=/opt/stack/venvs/openstack:/opt/stack/venvs/openstack/lib/python2.7/site-packages/
> > WSGIApplicationGroup keystoneadmin
> >
> > WSGIProcessGroup keystoneadmin
> >
> > <Directory /etc/keystone>
> > Options FollowSymLinks
> > Require all granted
> > WSGIChunkedRequest On
> > </Directory>
> >
> > ErrorLog /var/log/keystone/keystone_modwsgi.log
> > LogLevel info
> > CustomLog /var/log/keystone/keystone_apache_access.log combined
> > </VirtualHost>
> >
> > <VirtualHost *:5000>
> > WSGIScriptAlias / /etc/keystone/main
> > WSGIDaemonProcess keystonemain user=keystone group=keystone
> > processes=2 threads=1 home=/opt/stack/venvs/openstack
> >
> python-path=/opt/stack/venvs/openstack:/opt/stack/venvs/openstack/lib/python2.7/site-packages/
> > WSGIApplicationGroup keystonemain
> >
> > WSGIProcessGroup keystonemain
> >
> > <Directory /etc/keystone>
> > Options FollowSymLinks
> > WSGIChunkedRequest On
> > Require all granted
> > </Directory>
> >
> > ErrorLog /var/log/keystone/keystone_modwsgi.log
> > LogLevel info
> > CustomLog /var/log/keystone/keystone_apache_access.log combined
> > </VirtualHost>
> >
> > root@overcloud-ce-controller-controllermgmt0-pc23jdstfxy5
> <mailto:root@overcloud-ce-controller-controllermgmt0-pc23jdstfxy5>:~#
> keystone
> > service-list
> >
> +----------------------------------+----------+---------------+---------------------------+
> > | id | name | type |
> > description |
> >
> +----------------------------------+----------+---------------+---------------------------+
> > | 642251f08a93444da1aa457c2a0ae9f3 | cinder | volume | Cinder
> > Volume Service |
> > | c909ea43c9244f7c8296e870986c5fc1 | glance | image |
> > Glance Image Service |
> > | bf80fcba3aec45a6988262b31b7ae12a | heat | orchestration |
> > Heat Service |
> > | 3a1cf21dd3974313ba833e807b3ff997 | keystone | identity | Keystone
> > Identity Service |
> > | 8abff3ea4bba41f4b9cc9a77a29191fe | neutron | network |
> > Neutron Service |
> > | d87e2f24576a459495f1e08439bae238 | nova | compute | Nova
> > Compute Service |
> > | 77434bc194a3495793b5b4c943248e16 | swift | object-store
> > | |
> >
> +----------------------------------+----------+---------------+---------------------------+
> >
> >
> > root@overcloud-ce-controller-controllermgmt0-pc23jdstfxy5
> <mailto:root@overcloud-ce-controller-controllermgmt0-pc23jdstfxy5>:~#
> keystone
> > endpoint-list
> >
> +----------------------------------+-----------+---------------------------------------------------+---------------------------------------------------+-----------------------------------------+----------------------------------+
> > | id | region |
> > publicurl |
> > internalurl | adminurl
> > | service_id |
> >
> +----------------------------------+-----------+---------------------------------------------------+---------------------------------------------------+-----------------------------------------+----------------------------------+
> > | 09159f243eb6457581e01af56e32bf18 | regionOne |
> > http://192.0.2.21:8774/v3 <http://192.0.2.21:8774/v3> |
> > http://192.0.2.21:8774/v3 <http://192.0.2.21:8774/v3> |
> > http://192.0.2.21:8774/v3 <http://192.0.2.21:8774/v3> |
> 9b431dae0ff642629ae8f5bfd006e578 |
> > | 0dda582955934dc0af898ec3db2c5fbc | regionOne |
> > http://192.0.2.21:8776/v1/%(tenant_id)s |
> > http://192.0.2.21:8776/v1/%(tenant_id)s |
> > http://192.0.2.21:8776/v1/%(tenant_id)s |
> 642251f08a93444da1aa457c2a0ae9f3 |
> > | 2ccd8523954c4491b08b648cfd42ae6c | regionOne |
> > http://gateway.ex.com/swift/v1/AUTH_%(tenant_id)s |
> > http://gateway.ex.com/swift/v1/AUTH_%(tenant_id)s |
> > http://gateway.ex.com/swift/v1 <http://gateway.ex.com/swift/v1> |
> 77434bc194a3495793b5b4c943248e16 |
> > | 30ca33f2f84242c2a6ad8a91446d265b | regionOne |
> > http://192.0.2.21:8773/services/Cloud
> <http://192.0.2.21:8773/services/Cloud> |
> > http://192.0.2.21:8773/services/Cloud
> <http://192.0.2.21:8773/services/Cloud> |
> > http://192.0.2.21:8773/services/Admin
> <http://192.0.2.21:8773/services/Admin> | 389b4dec8c9c479dbf46622c22da12d1 |
> > | 9caad71ea7144f4283509cb60faff864 | regionOne |
> > http://192.0.2.21:8774/v2/$(tenant_id)s |
> > http://192.0.2.21:8774/v2/$(tenant_id)s |
> > http://192.0.2.21:8774/v2/$(tenant_id)s |
> d87e2f24576a459495f1e08439bae238 |
> > | d3a87ad4fd1c4626a499f0491cfb054a | regionOne |
> > http://192.0.2.21:9292/ <http://192.0.2.21:9292/> |
> > http://192.0.2.21:9292/ <http://192.0.2.21:9292/> |
> > http://192.0.2.21:9292/ <http://192.0.2.21:9292/> |
> c909ea43c9244f7c8296e870986c5fc1 |
> > | e10b562bb4b646c8a90b6a4255d7efd7 | regionOne |
> > http://192.0.2.21:21131/v1 <http://192.0.2.21:21131/v1> |
> > http://192.0.2.21:21131/v1 <http://192.0.2.21:21131/v1> |
> > http://192.0.2.21:21131/v1 <http://192.0.2.21:21131/v1> |
> 296f0ce272834f70af9fc6f36924c89a |
> > | f898c1e25d76471c8a28147e2ddfa52e | regionOne |
> > http://192.0.2.21:8004/v1/%(tenant_id)s |
> > http://192.0.2.21:8004/v1/%(tenant_id)s |
> > http://192.0.2.21:8004/v1/%(tenant_id)s |
> bf80fcba3aec45a6988262b31b7ae12a |
> > | fbbc102593394c1fb7da4160dbc28f5b | regionOne |
> > http://192.0.2.21:9696/ <http://192.0.2.21:9696/> |
> > http://192.0.2.21:9696/ <http://192.0.2.21:9696/> |
> > http://192.0.2.21:9696/ <http://192.0.2.21:9696/> |
> 8abff3ea4bba41f4b9cc9a77a29191fe |
> > | fc8e024afc9b43308a5cf8323be76ba5 | regionOne |
> > http://192.0.2.21:5000/v2.0 <http://192.0.2.21:5000/v2.0> |
> > http://192.0.2.21:5000/v2.0 <http://192.0.2.21:5000/v2.0> |
> > http://192.0.2.21:35357/v2.0 <http://192.0.2.21:35357/v2.0> |
> 3a1cf21dd3974313ba833e807b3ff997 |
> >
> +----------------------------------+-----------+-----------------------------
> >
> >
> > ceph.conf
> >
> > [global]
> > fsid = b35e8496-e809-416a-bd66-aba761d78fac
> > mon_initial_members = node1
> > mon_host = 192.0.2.211
> > auth_cluster_required = cephx
> > auth_service_required = cephx
> > auth_client_required = cephx
> > filestore_xattr_use_omap = true
> >
> > [client.admin]
> > keyring = /etc/ceph/ceph.client.admin.keyring
> >
> > [client.radosgw.gateway]
> > rgw keystone url = "" href="http://192.0.2.21:5000/" target="_blank" class="" style="">http://192.0.2.21:5000 <http://192.0.2.21:5000/>
> > rgw keystone admin token = 337b8816f019a04396a2e00e65e6c30ea96ba59b
> > rgw keystone accepted roles = admim _member_ swiftoperator
> > rgw keystone token cache size = 500
> > rgw keystone revocation interval = 500
> > rgw s3 auth use keystone = false
> > nss db path = /var/lib/ceph/nss
> > debug rgw = 20
> > host = gateway
> > keyring = /etc/ceph/ceph.client.radosgw.keyring
> > rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
> > log file = /var/log/ceph/client.radosgw.gateway.log
> > rgw dns name = gateway
> >
> >
> >
> >
> >
> >
> >
> >
> > >
> > > On Friday, October 10, 2014 9:20 AM, lakshmi k s <lux_ks@xxxxxxxxx
> <mailto:lux_ks@xxxxxxxxx>
> > <mailto:lux_ks@xxxxxxxxx <mailto:lux_ks@xxxxxxxxx>>> wrote:
> > >
> > >
> > > Mark, I am going no where with this. I am going to try with latest
> > > OpenStack build (build internal to my company) that has HA support. I
> > > will keep you posted.
> > >
> > >
> > > On Thursday, October 9, 2014 10:46 PM, Mark Kirkwood
> > > <mark.kirkwood@xxxxxxxxxxxxxxx <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>> wrote:
> > >
> > >
> > > Oh, I see. That complicates it a wee bit (looks back at your
> messages).
> > > I see you have:
> > >
> > > rgw_keystone_url = http://192.0.8.2:5000 <http://192.0.8.2:5000/>
> > <http://192.0.8.2:5000/><http://192.0.8.2:5000/>
> > >
> > > So you'll need to amend/create etc a
> > >
> > > <Virtualhost *:5000>
> > >
> > > and put it in there. I suspect you might be better off changing
> your rgw
> > > kesytone url to use port 35357 (the public one). However I think
> that is
> > > a side issue.
> > >
> > > Also just to double check - 192.0.8.2 *is* the server you are
> showing us
> > > the sites-available from?
> > >
> > > Cheers
> > >
> > > Mark
> > >
> > > On 10/10/14 12:50, lakshmi k s wrote:
> > > > Yes Mark, but there is no keystone.conf in this modified Openstack
> > code.
> > > > There is only horizon.conf under /etc/apache2/sites-available
> folder.
> > > > And that has virtual host 80 only. Should I simply add :35357?
> > > >
> > > > root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>
> > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>>
> > > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>
> > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>>>
> > > > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>
> > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>>
> > > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>
> > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>>>>:/etc/apache2/sites-available#
> > > > ls
> > > > 000-default.conf default-ssl.conf horizon.conf
> > > >
> > > >
> > > >
> > > >
> > > > On Thursday, October 9, 2014 4:45 PM, Mark Kirkwood
> > > > <mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>> wrote:
> > > >
> > > >
> > > > Hmm - It looks to me like you added the chunked request into
> Horizon
> > > > instead of Keystone. You want virtual host *:35357
> > > >
> > > >
> > > > On 10/10/14 12:32, lakshmi k s wrote:
> > > > > Have done this too, but in vain. I made changes to
> Horizon.conf as
> > > shown
> > > > > below. I had only I do not see the user being validated in
> > radosgw log
> > > > > at all.
> > > > >
> > > > > root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>
> > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>>
> > > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>
> > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>>>
> > > > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>
> > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>>
> > > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>
> > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>>>>:/etc/apache2/sites-available#
> > > > ls
> > > > > 000-default.conf default-ssl.conf horizon.conf
> > > > >
> > > > > ----------------------------------------------------
> > > > > <VirtualHost *:80>
> > > > > WSGIScriptAlias /
> > > > >
> > > >
> > >
> >
> /opt/stack/venvs/horizon/lib/python2.7/site-packages/openstack_dashboard/wsgi/django.wsgi
> > > > > WSGIDaemonProcess horizon user=horizon group=horizon
> > processes=3
> > > > > threads=10 home=/opt/stack/venvs/horizon
> > > > >
> > > >
> > >
> >
> python-path=/opt/stack/venvs/horizon:/opt/stack/venvs/horizon/lib/python2.7/site-packages/
> > > > > WSGIApplicationGroup %{GLOBAL}
> > > > >
> > > > > SetEnv APACHE_RUN_USER horizon
> > > > > SetEnv APACHE_RUN_GROUP horizon
> > > > > WSGIProcessGroup horizon
> > > > > WSGIChunkedRequest On
> > > > >
> > > > > DocumentRoot
> > > > >
> > > >
> > >
> >
> /opt/stack/venvs/horizon/lib/python2.7/site-packages/openstack_dashboard/static
> > > > > Alias /static
> > > > >
> > > >
> > >
> >
> /opt/stack/venvs/horizon/lib/python2.7/site-packages/openstack_dashboard/static
> > > > > Alias /media
> > > > >
> > > >
> > >
> >
> /opt/stack/venvs/horizon/lib/python2.7/site-packages/openstack_dashboard/static
> > > > >
> > > > > <Directory />
> > > > > Options FollowSymLinks
> > > > > AllowOverride None
> > > > > </Directory>
> > > > >
> > > > > <Directory
> > > > >
> > > >
> > >
> >
> /opt/stack/venvs/horizon/lib/python2.7/site-packages/openstack_dashboard/static>
> > > > > Options Indexes FollowSymLinks MultiViews
> > > > > Require all granted
> > > > > AllowOverride None
> > > > > Order allow,deny
> > > > > allow from all
> > > > > </Directory>
> > > > >
> > > > > <Directory
> > > > >
> > >
> /opt/stack/venvs/horizon/lib/python2.7/site-packages/openstack_dashboard>
> > > > > Options Indexes FollowSymLinks MultiViews
> > > > > Require all granted
> > > > > AllowOverride None
> > > > > Order allow,deny
> > > > > allow from all
> > > > > </Directory>
> > > > >
> > > > > ErrorLog /var/log/httpd/horizon_error.log
> > > > > LogLevel debug
> > > > > CustomLog /var/log/httpd/horizon_access.log combined
> > > > > </VirtualHost>
> > > > >
> > > > > WSGISocketPrefix /var/run/httpd
> > > > >
> > > > > ----------------------------------
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On Thursday, October 9, 2014 3:51 PM, Mark Kirkwood
> > > > > <mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>> wrote:
> > > > >
> > > > >
> > > > > No, I don't have any explicit ssl enabled in the rgw site.
> > > > >
> > > > > Now you might be running into
> http://tracker.ceph.com/issues/7796
> > > > > <http://tracker.ceph.com/issues/7796>. So
> > > > > check if you have enabled
> > > > >
> > > > > WSGIChunkedRequest On
> > > > >
> > > > > In your keystone virtualhost setup (explained in the issue).
> > > > >
> > > > > Cheers
> > > > >
> > > > > Mark
> > > > >
> > > > >
> > > > > On 10/10/14 11:03, lakshmi k s wrote:
> > > > > > Right, I have these certs on both nodes - keystone node
> and rgw
> > > > gateway
> > > > > > node. Not sure where I am going wrong. And what about SSL?
> > > Should the
> > > > > > following be in rgw.conf in gateway node? I am not using
> this as
> > > > it was
> > > > > > optional.
> > > > > >
> > > > > > SSLEngine on
> > > > > > SSLCertificateFile /etc/apache2/ssl/apache.crt
> > > > > > SSLCertificateKeyFile /etc/apache2/ssl/apache.key
> > > > > > SetEnv SERVER_PORT_SECURE 443
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Thursday, October 9, 2014 2:48 PM, Mark Kirkwood
> > > > > > <mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>> wrote:
> > > > > >
> > > > > >
> > > > > > Almost - the converted certs need to be saved on your *rgw*
> > host in
> > > > > > nss_db_path (default is /var/ceph/nss but wherever you
> have it
> > > > > > configured should be ok). Then restart the gateway.
> > > > > >
> > > > > > What is happening is the the rgw needs these certs to
> speak with
> > > > > > encryption to the keystone server (the latter does not need
> > > anything
> > > > > > changed, as it is already using encryption).
> > > > > >
> > > > > > Regards
> > > > > >
> > > > > > Mark
> > > > > >
> > > > > > On 10/10/14 08:31, lakshmi k s wrote:
> > > > > > > Thanks Mark. I got past this error being root. So
> > essentially, I
> > > > > copied
> > > > > > > the certs from openstack controller node to gateway node.
> > > Did the
> > > > > > > conversion using certutil and copied the files back to
> > > > controller node
> > > > > > > under /var/lib/ceph/nss directory. Is this the correct
> > > > directory? Ceph
> > > > > > > doc says /var/ceph/nss though.
> > > > > > >
> > > > > > > But after this, I tried to use curl GET command, but in
> > > > vain.Same old
> > > > > > > 401 - Authorization failure.
> > > > > > >
> > > > > > > curl -i -X GET
> > > > > > >
> > > >
> http://gateway.ex.com/swift/v1/AUTH_bad9e2232b304f89acb03436635b80cc
> > > > > >
> > > >
> > <http://gateway.ex.com/swift/v1/AUTH_bad9e2232b304f89acb03436635b80cc>-H
> > > > > > > "X-Auth-
> > > > > > > Token: a510edb22f074946940cd4c07aafcd9d"
> > > > > > >
> > > > > > > HTTP/1.1 401 Unauthorized
> > > > > > > Date: Thu, 09 Oct 2014 19:17:31 GMT
> > > > > > > Server: Apache/2.4.7 (Ubuntu)
> > > > > > > Accept-Ranges: bytes
> > > > > > > Content-Length: 12
> > > > > > > Content-Type: text/plain; charset=utf-8
> > > > > > > AccessDeniedroot
> > > > > > >
> > > > > > > Not much difference in radosgw logs too. Note that the
> > token used
> > > > > above
> > > > > > > is same one in ceph.conf file too. Please help.
> > > > > > >
> > > > > > > [client.radosgw.gateway]
> > > > > > > rgw keystone url = "" href="http://192.0.8.2:5000/" target="_blank" class="" style="">http://192.0.8.2:5000
> <http://192.0.8.2:5000/>
> > <http://192.0.8.2:5000/>
> > > <http://192.0.8.2:5000/><http://192.0.8.2:5000/>
> > > > > <http://192.0.8.2:5000/><http://192.0.8.2:5000/>
> > > > > > > rgw keystone admin token = a510edb22f074946940cd4c07aafcd9d
> > > > > > > rgw keystone accepted roles = admim Member _member_
> > > swiftoperator
> > > > > > > rgw keystone token cache size = 500
> > > > > > > rgw keystone revocation interval = 500
> > > > > > > rgw s3 auth use keystone = false
> > > > > > > nss db path = /var/lib/ceph/nss
> > > > > > > debug rgw = 20
> > > > > > > host = gateway
> > > > > > > keyring = /etc/ceph/ceph.client.radosgw.keyring
> > > > > > > rgw socket path =
> > > /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
> > > > > > > log file = /var/log/ceph/client.radosgw.gateway.log
> > > > > > > rgw dns name = gateway
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On Thursday, October 9, 2014 1:15 AM, Mark Kirkwood
> > > > > > > <mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>
> > > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>>> wrote:
> > > > > > >
> > > > > > >
> > > > > > > I ran into this - needed to actually be root via sudo
> -i or
> > > > similar,
> > > > > > > *then* it worked. Unhelpful error message is I think
> > referring
> > > > to no
> > > > > > > intialized db.
> > > > > > >
> > > > > > > On 09/10/14 16:36, lakshmi k s wrote:
> > > > > > > > Good workaround. But it did not work. Not sure what
> this
> > > error
> > > > > is all
> > > > > > > > about now.
> > > > > > > >
> > > > > > > > gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>
> > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>>
> > > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>
> > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>>>
> > > > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>
> > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>>
> > > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>
> > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>>>>
> > > > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>
> > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>>
> > > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>
> > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>>>
> > > > > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>
> > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>>
> > > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>
> > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>>>>>:~$ openssl x509 -in
> > > > > > > /home/gateway/ca.pem -pubkey |
> > > > > > > > certutil -d /var/lib/ceph/nss -A -n ca -t "TCu,Cu,Tuw"
> > > > > > > > certutil: function failed:
> SEC_ERROR_LEGACY_DATABASE: The
> > > > > > > > certificate/key database is in an old, unsupported
> format.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > On Wednesday, October 8, 2014 7:55 PM, Mark Kirkwood
> > > > > > > > <mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>>
> > > > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>
> > > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>>>> wrote:
> > > > > > > >
> > > > > > > >
> > > > > > > > As a workaround check if your rgw host has openssl and
> > > certutil
> > > > > > > > installed, if so you can copy the relevant unconverted
> > certs
> > > > over
> > > > > > to it
> > > > > > > > and convert 'em there.
> > > > > > > >
> > > > > > > > On 09/10/14 15:07, lakshmi k s wrote:
> > > > > > > > > Tried aptitude as well, but no luck.
> > > > > > > > >
> > > > > > > > > Ceph users, have you tried to install
> libnss3-tools or
> > > > certutil
> > > > > > > tool on
> > > > > > > > > debian/ubuntu? If so, how did you go about this
> > problem.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > On Wednesday, October 8, 2014 7:01 PM, Mark Kirkwood
> > > > > > > > > <mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>
> > > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > >
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>>
> > > >
> > > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>
> > > > >
> > > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>>>
> > > > > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>
> > > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>>
> > > > > >
> > > > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>
> > > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>>>>> wrote:
> > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Ok, so that is the thing to get sorted. I'd suggest
> > > > posting the
> > > > > > > error(s)
> > > > > > > > > you are getting perhaps here (someone else might
> > > know), but
> > > > > > definitely
> > > > > > > > > to one of the Debian specific lists.
> > > > > > > > >
> > > > > > > > > In the meantime perhaps try installing the packages
> > with
> > > > > aptitude
> > > > > > > rather
> > > > > > > > > than apt-get - if there is some fancy footwork
> > > required it is
> > > > > > fairly
> > > > > > > > > smart about what needs to be done.
> > > > > > > > >
> > > > > > > > > Cheers
> > > > > > > > >
> > > > > > > > > Mark
> > > > > > > > >
> > > > > > > > > On 09/10/14 14:38, lakshmi k s wrote:
> > > > > > > > > > Thanks Mark. I have been trying to install
> this on
> > > > controller
> > > > > > > > node. But
> > > > > > > > > > for some reason, I am unable to install
> certutil or
> > > > > > > libnss3-tools on
> > > > > > > > > > debian. I am not sure how to proceed.
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
> >
> >
>
>
>
debug rgw = 20
in the [client.radosgw...] section of ceph.conf and capture the
resulting log when you try 'swift stat'. It might reveal the next thing
to check.
Regards
Mark
On 11/10/14 16:02, lakshmi k s wrote:
> Hello Mark - I tried that as well, but in vain. In fact, that is how I
> created the endpoint to begin with. Since, that didn't work, I followed
> Openstack standard which was to include %tenant-id.
>
> -Lakshmi.
>
>
> On Friday, October 10, 2014 6:49 PM, Mark Kirkwood
> <mark.kirkwood@xxxxxxxxxxxxxxx> wrote:
>
>
> Hi,
>
> I think your swift endpoint:
>
> | 2ccd8523954c4491b08b648cfd42ae6c | regionOne |
> http://gateway.ex.com/swift/v1/AUTH_%(tenant_id)s |
> http://gateway.ex.com/swift/v1/AUTH_%(tenant_id)s |
> http://gateway.ex.com/swift/v1 <http://gateway.ex.com/swift/v1> |
> 77434bc194a3495793b5b4c943248e16 |
>
> is the issue. It should be:
>
> | 2ccd8523954c4491b08b648cfd42ae6c | regionOne |
> http://gateway.ex.com/swift/v1 <http://gateway.ex.com/swift/v1>|
> http://gateway.ex.com/swift/v1 <http://gateway.ex.com/swift/v1>|
> http://gateway.ex.com/swift/v1 <http://gateway.ex.com/swift/v1> |
> 77434bc194a3495793b5b4c943248e16 |
>
> i.e no AUTH_%(tenantid)s in there
> http://ceph.com/docs/master/radosgw/keystone/.
>
> Regards
>
> Mark
>
> On 11/10/14 14:28, lakshmi k s wrote:
> > With latest HA build, I found keystone_modwsgi.conf in
> > /etc/apache2/sites-available and added the chunking like below. We have
> > many controller nodes, but single virtual IP - 192.0.2.21 for which
> > keystone is configured. I have verified keystone setup by executing
> > other services like nova list, cinder list, etc. They work fine. It is
> > swift pointing to ceph object gateway that is not working.
> >
> > Listen 192.0.2.24:35357
> > Listen 192.0.2.24:5000
> >
> > <VirtualHost *:35357>
> > WSGIScriptAlias / /etc/keystone/admin
> > WSGIDaemonProcess keystoneadmin user=keystone group=keystone
> > processes=2 threads=1 home=/opt/stack/venvs/openstack
> >
> python-path=/opt/stack/venvs/openstack:/opt/stack/venvs/openstack/lib/python2.7/site-packages/
> > WSGIApplicationGroup keystoneadmin
> >
> > WSGIProcessGroup keystoneadmin
> >
> > <Directory /etc/keystone>
> > Options FollowSymLinks
> > Require all granted
> > WSGIChunkedRequest On
> > </Directory>
> >
> > ErrorLog /var/log/keystone/keystone_modwsgi.log
> > LogLevel info
> > CustomLog /var/log/keystone/keystone_apache_access.log combined
> > </VirtualHost>
> >
> > <VirtualHost *:5000>
> > WSGIScriptAlias / /etc/keystone/main
> > WSGIDaemonProcess keystonemain user=keystone group=keystone
> > processes=2 threads=1 home=/opt/stack/venvs/openstack
> >
> python-path=/opt/stack/venvs/openstack:/opt/stack/venvs/openstack/lib/python2.7/site-packages/
> > WSGIApplicationGroup keystonemain
> >
> > WSGIProcessGroup keystonemain
> >
> > <Directory /etc/keystone>
> > Options FollowSymLinks
> > WSGIChunkedRequest On
> > Require all granted
> > </Directory>
> >
> > ErrorLog /var/log/keystone/keystone_modwsgi.log
> > LogLevel info
> > CustomLog /var/log/keystone/keystone_apache_access.log combined
> > </VirtualHost>
> >
> > root@overcloud-ce-controller-controllermgmt0-pc23jdstfxy5
> <mailto:root@overcloud-ce-controller-controllermgmt0-pc23jdstfxy5>:~#
> keystone
> > service-list
> >
> +----------------------------------+----------+---------------+---------------------------+
> > | id | name | type |
> > description |
> >
> +----------------------------------+----------+---------------+---------------------------+
> > | 642251f08a93444da1aa457c2a0ae9f3 | cinder | volume | Cinder
> > Volume Service |
> > | c909ea43c9244f7c8296e870986c5fc1 | glance | image |
> > Glance Image Service |
> > | bf80fcba3aec45a6988262b31b7ae12a | heat | orchestration |
> > Heat Service |
> > | 3a1cf21dd3974313ba833e807b3ff997 | keystone | identity | Keystone
> > Identity Service |
> > | 8abff3ea4bba41f4b9cc9a77a29191fe | neutron | network |
> > Neutron Service |
> > | d87e2f24576a459495f1e08439bae238 | nova | compute | Nova
> > Compute Service |
> > | 77434bc194a3495793b5b4c943248e16 | swift | object-store
> > | |
> >
> +----------------------------------+----------+---------------+---------------------------+
> >
> >
> > root@overcloud-ce-controller-controllermgmt0-pc23jdstfxy5
> <mailto:root@overcloud-ce-controller-controllermgmt0-pc23jdstfxy5>:~#
> keystone
> > endpoint-list
> >
> +----------------------------------+-----------+---------------------------------------------------+---------------------------------------------------+-----------------------------------------+----------------------------------+
> > | id | region |
> > publicurl |
> > internalurl | adminurl
> > | service_id |
> >
> +----------------------------------+-----------+---------------------------------------------------+---------------------------------------------------+-----------------------------------------+----------------------------------+
> > | 09159f243eb6457581e01af56e32bf18 | regionOne |
> > http://192.0.2.21:8774/v3 <http://192.0.2.21:8774/v3> |
> > http://192.0.2.21:8774/v3 <http://192.0.2.21:8774/v3> |
> > http://192.0.2.21:8774/v3 <http://192.0.2.21:8774/v3> |
> 9b431dae0ff642629ae8f5bfd006e578 |
> > | 0dda582955934dc0af898ec3db2c5fbc | regionOne |
> > http://192.0.2.21:8776/v1/%(tenant_id)s |
> > http://192.0.2.21:8776/v1/%(tenant_id)s |
> > http://192.0.2.21:8776/v1/%(tenant_id)s |
> 642251f08a93444da1aa457c2a0ae9f3 |
> > | 2ccd8523954c4491b08b648cfd42ae6c | regionOne |
> > http://gateway.ex.com/swift/v1/AUTH_%(tenant_id)s |
> > http://gateway.ex.com/swift/v1/AUTH_%(tenant_id)s |
> > http://gateway.ex.com/swift/v1 <http://gateway.ex.com/swift/v1> |
> 77434bc194a3495793b5b4c943248e16 |
> > | 30ca33f2f84242c2a6ad8a91446d265b | regionOne |
> > http://192.0.2.21:8773/services/Cloud
> <http://192.0.2.21:8773/services/Cloud> |
> > http://192.0.2.21:8773/services/Cloud
> <http://192.0.2.21:8773/services/Cloud> |
> > http://192.0.2.21:8773/services/Admin
> <http://192.0.2.21:8773/services/Admin> | 389b4dec8c9c479dbf46622c22da12d1 |
> > | 9caad71ea7144f4283509cb60faff864 | regionOne |
> > http://192.0.2.21:8774/v2/$(tenant_id)s |
> > http://192.0.2.21:8774/v2/$(tenant_id)s |
> > http://192.0.2.21:8774/v2/$(tenant_id)s |
> d87e2f24576a459495f1e08439bae238 |
> > | d3a87ad4fd1c4626a499f0491cfb054a | regionOne |
> > http://192.0.2.21:9292/ <http://192.0.2.21:9292/> |
> > http://192.0.2.21:9292/ <http://192.0.2.21:9292/> |
> > http://192.0.2.21:9292/ <http://192.0.2.21:9292/> |
> c909ea43c9244f7c8296e870986c5fc1 |
> > | e10b562bb4b646c8a90b6a4255d7efd7 | regionOne |
> > http://192.0.2.21:21131/v1 <http://192.0.2.21:21131/v1> |
> > http://192.0.2.21:21131/v1 <http://192.0.2.21:21131/v1> |
> > http://192.0.2.21:21131/v1 <http://192.0.2.21:21131/v1> |
> 296f0ce272834f70af9fc6f36924c89a |
> > | f898c1e25d76471c8a28147e2ddfa52e | regionOne |
> > http://192.0.2.21:8004/v1/%(tenant_id)s |
> > http://192.0.2.21:8004/v1/%(tenant_id)s |
> > http://192.0.2.21:8004/v1/%(tenant_id)s |
> bf80fcba3aec45a6988262b31b7ae12a |
> > | fbbc102593394c1fb7da4160dbc28f5b | regionOne |
> > http://192.0.2.21:9696/ <http://192.0.2.21:9696/> |
> > http://192.0.2.21:9696/ <http://192.0.2.21:9696/> |
> > http://192.0.2.21:9696/ <http://192.0.2.21:9696/> |
> 8abff3ea4bba41f4b9cc9a77a29191fe |
> > | fc8e024afc9b43308a5cf8323be76ba5 | regionOne |
> > http://192.0.2.21:5000/v2.0 <http://192.0.2.21:5000/v2.0> |
> > http://192.0.2.21:5000/v2.0 <http://192.0.2.21:5000/v2.0> |
> > http://192.0.2.21:35357/v2.0 <http://192.0.2.21:35357/v2.0> |
> 3a1cf21dd3974313ba833e807b3ff997 |
> >
> +----------------------------------+-----------+-----------------------------
> >
> >
> > ceph.conf
> >
> > [global]
> > fsid = b35e8496-e809-416a-bd66-aba761d78fac
> > mon_initial_members = node1
> > mon_host = 192.0.2.211
> > auth_cluster_required = cephx
> > auth_service_required = cephx
> > auth_client_required = cephx
> > filestore_xattr_use_omap = true
> >
> > [client.admin]
> > keyring = /etc/ceph/ceph.client.admin.keyring
> >
> > [client.radosgw.gateway]
> > rgw keystone url = "" href="http://192.0.2.21:5000/" target="_blank" class="" style="">http://192.0.2.21:5000 <http://192.0.2.21:5000/>
> > rgw keystone admin token = 337b8816f019a04396a2e00e65e6c30ea96ba59b
> > rgw keystone accepted roles = admim _member_ swiftoperator
> > rgw keystone token cache size = 500
> > rgw keystone revocation interval = 500
> > rgw s3 auth use keystone = false
> > nss db path = /var/lib/ceph/nss
> > debug rgw = 20
> > host = gateway
> > keyring = /etc/ceph/ceph.client.radosgw.keyring
> > rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
> > log file = /var/log/ceph/client.radosgw.gateway.log
> > rgw dns name = gateway
> >
> >
> >
> >
> >
> >
> >
> >
> > >
> > > On Friday, October 10, 2014 9:20 AM, lakshmi k s <lux_ks@xxxxxxxxx
> <mailto:lux_ks@xxxxxxxxx>
> > <mailto:lux_ks@xxxxxxxxx <mailto:lux_ks@xxxxxxxxx>>> wrote:
> > >
> > >
> > > Mark, I am going no where with this. I am going to try with latest
> > > OpenStack build (build internal to my company) that has HA support. I
> > > will keep you posted.
> > >
> > >
> > > On Thursday, October 9, 2014 10:46 PM, Mark Kirkwood
> > > <mark.kirkwood@xxxxxxxxxxxxxxx <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>> wrote:
> > >
> > >
> > > Oh, I see. That complicates it a wee bit (looks back at your
> messages).
> > > I see you have:
> > >
> > > rgw_keystone_url = http://192.0.8.2:5000 <http://192.0.8.2:5000/>
> > <http://192.0.8.2:5000/><http://192.0.8.2:5000/>
> > >
> > > So you'll need to amend/create etc a
> > >
> > > <Virtualhost *:5000>
> > >
> > > and put it in there. I suspect you might be better off changing
> your rgw
> > > kesytone url to use port 35357 (the public one). However I think
> that is
> > > a side issue.
> > >
> > > Also just to double check - 192.0.8.2 *is* the server you are
> showing us
> > > the sites-available from?
> > >
> > > Cheers
> > >
> > > Mark
> > >
> > > On 10/10/14 12:50, lakshmi k s wrote:
> > > > Yes Mark, but there is no keystone.conf in this modified Openstack
> > code.
> > > > There is only horizon.conf under /etc/apache2/sites-available
> folder.
> > > > And that has virtual host 80 only. Should I simply add :35357?
> > > >
> > > > root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>
> > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>>
> > > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>
> > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>>>
> > > > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>
> > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>>
> > > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>
> > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>>>>:/etc/apache2/sites-available#
> > > > ls
> > > > 000-default.conf default-ssl.conf horizon.conf
> > > >
> > > >
> > > >
> > > >
> > > > On Thursday, October 9, 2014 4:45 PM, Mark Kirkwood
> > > > <mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>> wrote:
> > > >
> > > >
> > > > Hmm - It looks to me like you added the chunked request into
> Horizon
> > > > instead of Keystone. You want virtual host *:35357
> > > >
> > > >
> > > > On 10/10/14 12:32, lakshmi k s wrote:
> > > > > Have done this too, but in vain. I made changes to
> Horizon.conf as
> > > shown
> > > > > below. I had only I do not see the user being validated in
> > radosgw log
> > > > > at all.
> > > > >
> > > > > root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>
> > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>>
> > > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>
> > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>>>
> > > > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>
> > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>>
> > > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>
> > <mailto:root@overcloud-controller0-fjvtpqjip2hl
> <mailto:root@overcloud-controller0-fjvtpqjip2hl>>>>:/etc/apache2/sites-available#
> > > > ls
> > > > > 000-default.conf default-ssl.conf horizon.conf
> > > > >
> > > > > ----------------------------------------------------
> > > > > <VirtualHost *:80>
> > > > > WSGIScriptAlias /
> > > > >
> > > >
> > >
> >
> /opt/stack/venvs/horizon/lib/python2.7/site-packages/openstack_dashboard/wsgi/django.wsgi
> > > > > WSGIDaemonProcess horizon user=horizon group=horizon
> > processes=3
> > > > > threads=10 home=/opt/stack/venvs/horizon
> > > > >
> > > >
> > >
> >
> python-path=/opt/stack/venvs/horizon:/opt/stack/venvs/horizon/lib/python2.7/site-packages/
> > > > > WSGIApplicationGroup %{GLOBAL}
> > > > >
> > > > > SetEnv APACHE_RUN_USER horizon
> > > > > SetEnv APACHE_RUN_GROUP horizon
> > > > > WSGIProcessGroup horizon
> > > > > WSGIChunkedRequest On
> > > > >
> > > > > DocumentRoot
> > > > >
> > > >
> > >
> >
> /opt/stack/venvs/horizon/lib/python2.7/site-packages/openstack_dashboard/static
> > > > > Alias /static
> > > > >
> > > >
> > >
> >
> /opt/stack/venvs/horizon/lib/python2.7/site-packages/openstack_dashboard/static
> > > > > Alias /media
> > > > >
> > > >
> > >
> >
> /opt/stack/venvs/horizon/lib/python2.7/site-packages/openstack_dashboard/static
> > > > >
> > > > > <Directory />
> > > > > Options FollowSymLinks
> > > > > AllowOverride None
> > > > > </Directory>
> > > > >
> > > > > <Directory
> > > > >
> > > >
> > >
> >
> /opt/stack/venvs/horizon/lib/python2.7/site-packages/openstack_dashboard/static>
> > > > > Options Indexes FollowSymLinks MultiViews
> > > > > Require all granted
> > > > > AllowOverride None
> > > > > Order allow,deny
> > > > > allow from all
> > > > > </Directory>
> > > > >
> > > > > <Directory
> > > > >
> > >
> /opt/stack/venvs/horizon/lib/python2.7/site-packages/openstack_dashboard>
> > > > > Options Indexes FollowSymLinks MultiViews
> > > > > Require all granted
> > > > > AllowOverride None
> > > > > Order allow,deny
> > > > > allow from all
> > > > > </Directory>
> > > > >
> > > > > ErrorLog /var/log/httpd/horizon_error.log
> > > > > LogLevel debug
> > > > > CustomLog /var/log/httpd/horizon_access.log combined
> > > > > </VirtualHost>
> > > > >
> > > > > WSGISocketPrefix /var/run/httpd
> > > > >
> > > > > ----------------------------------
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On Thursday, October 9, 2014 3:51 PM, Mark Kirkwood
> > > > > <mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>> wrote:
> > > > >
> > > > >
> > > > > No, I don't have any explicit ssl enabled in the rgw site.
> > > > >
> > > > > Now you might be running into
> http://tracker.ceph.com/issues/7796
> > > > > <http://tracker.ceph.com/issues/7796>. So
> > > > > check if you have enabled
> > > > >
> > > > > WSGIChunkedRequest On
> > > > >
> > > > > In your keystone virtualhost setup (explained in the issue).
> > > > >
> > > > > Cheers
> > > > >
> > > > > Mark
> > > > >
> > > > >
> > > > > On 10/10/14 11:03, lakshmi k s wrote:
> > > > > > Right, I have these certs on both nodes - keystone node
> and rgw
> > > > gateway
> > > > > > node. Not sure where I am going wrong. And what about SSL?
> > > Should the
> > > > > > following be in rgw.conf in gateway node? I am not using
> this as
> > > > it was
> > > > > > optional.
> > > > > >
> > > > > > SSLEngine on
> > > > > > SSLCertificateFile /etc/apache2/ssl/apache.crt
> > > > > > SSLCertificateKeyFile /etc/apache2/ssl/apache.key
> > > > > > SetEnv SERVER_PORT_SECURE 443
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Thursday, October 9, 2014 2:48 PM, Mark Kirkwood
> > > > > > <mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>> wrote:
> > > > > >
> > > > > >
> > > > > > Almost - the converted certs need to be saved on your *rgw*
> > host in
> > > > > > nss_db_path (default is /var/ceph/nss but wherever you
> have it
> > > > > > configured should be ok). Then restart the gateway.
> > > > > >
> > > > > > What is happening is the the rgw needs these certs to
> speak with
> > > > > > encryption to the keystone server (the latter does not need
> > > anything
> > > > > > changed, as it is already using encryption).
> > > > > >
> > > > > > Regards
> > > > > >
> > > > > > Mark
> > > > > >
> > > > > > On 10/10/14 08:31, lakshmi k s wrote:
> > > > > > > Thanks Mark. I got past this error being root. So
> > essentially, I
> > > > > copied
> > > > > > > the certs from openstack controller node to gateway node.
> > > Did the
> > > > > > > conversion using certutil and copied the files back to
> > > > controller node
> > > > > > > under /var/lib/ceph/nss directory. Is this the correct
> > > > directory? Ceph
> > > > > > > doc says /var/ceph/nss though.
> > > > > > >
> > > > > > > But after this, I tried to use curl GET command, but in
> > > > vain.Same old
> > > > > > > 401 - Authorization failure.
> > > > > > >
> > > > > > > curl -i -X GET
> > > > > > >
> > > >
> http://gateway.ex.com/swift/v1/AUTH_bad9e2232b304f89acb03436635b80cc
> > > > > >
> > > >
> > <http://gateway.ex.com/swift/v1/AUTH_bad9e2232b304f89acb03436635b80cc>-H
> > > > > > > "X-Auth-
> > > > > > > Token: a510edb22f074946940cd4c07aafcd9d"
> > > > > > >
> > > > > > > HTTP/1.1 401 Unauthorized
> > > > > > > Date: Thu, 09 Oct 2014 19:17:31 GMT
> > > > > > > Server: Apache/2.4.7 (Ubuntu)
> > > > > > > Accept-Ranges: bytes
> > > > > > > Content-Length: 12
> > > > > > > Content-Type: text/plain; charset=utf-8
> > > > > > > AccessDeniedroot
> > > > > > >
> > > > > > > Not much difference in radosgw logs too. Note that the
> > token used
> > > > > above
> > > > > > > is same one in ceph.conf file too. Please help.
> > > > > > >
> > > > > > > [client.radosgw.gateway]
> > > > > > > rgw keystone url = "" href="http://192.0.8.2:5000/" target="_blank" class="" style="">http://192.0.8.2:5000
> <http://192.0.8.2:5000/>
> > <http://192.0.8.2:5000/>
> > > <http://192.0.8.2:5000/><http://192.0.8.2:5000/>
> > > > > <http://192.0.8.2:5000/><http://192.0.8.2:5000/>
> > > > > > > rgw keystone admin token = a510edb22f074946940cd4c07aafcd9d
> > > > > > > rgw keystone accepted roles = admim Member _member_
> > > swiftoperator
> > > > > > > rgw keystone token cache size = 500
> > > > > > > rgw keystone revocation interval = 500
> > > > > > > rgw s3 auth use keystone = false
> > > > > > > nss db path = /var/lib/ceph/nss
> > > > > > > debug rgw = 20
> > > > > > > host = gateway
> > > > > > > keyring = /etc/ceph/ceph.client.radosgw.keyring
> > > > > > > rgw socket path =
> > > /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
> > > > > > > log file = /var/log/ceph/client.radosgw.gateway.log
> > > > > > > rgw dns name = gateway
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On Thursday, October 9, 2014 1:15 AM, Mark Kirkwood
> > > > > > > <mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>
> > > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>>> wrote:
> > > > > > >
> > > > > > >
> > > > > > > I ran into this - needed to actually be root via sudo
> -i or
> > > > similar,
> > > > > > > *then* it worked. Unhelpful error message is I think
> > referring
> > > > to no
> > > > > > > intialized db.
> > > > > > >
> > > > > > > On 09/10/14 16:36, lakshmi k s wrote:
> > > > > > > > Good workaround. But it did not work. Not sure what
> this
> > > error
> > > > > is all
> > > > > > > > about now.
> > > > > > > >
> > > > > > > > gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>
> > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>>
> > > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>
> > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>>>
> > > > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>
> > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>>
> > > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>
> > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>>>>
> > > > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>
> > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>>
> > > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>
> > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>>>
> > > > > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>
> > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>>
> > > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>
> > > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>
> > <mailto:gateway@gateway <mailto:gateway@gateway>
> <mailto:gateway@gateway <mailto:gateway@gateway>>>>>>>:~$ openssl x509 -in
> > > > > > > /home/gateway/ca.pem -pubkey |
> > > > > > > > certutil -d /var/lib/ceph/nss -A -n ca -t "TCu,Cu,Tuw"
> > > > > > > > certutil: function failed:
> SEC_ERROR_LEGACY_DATABASE: The
> > > > > > > > certificate/key database is in an old, unsupported
> format.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > On Wednesday, October 8, 2014 7:55 PM, Mark Kirkwood
> > > > > > > > <mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>>
> > > > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>
> > > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>>>> wrote:
> > > > > > > >
> > > > > > > >
> > > > > > > > As a workaround check if your rgw host has openssl and
> > > certutil
> > > > > > > > installed, if so you can copy the relevant unconverted
> > certs
> > > > over
> > > > > > to it
> > > > > > > > and convert 'em there.
> > > > > > > >
> > > > > > > > On 09/10/14 15:07, lakshmi k s wrote:
> > > > > > > > > Tried aptitude as well, but no luck.
> > > > > > > > >
> > > > > > > > > Ceph users, have you tried to install
> libnss3-tools or
> > > > certutil
> > > > > > > tool on
> > > > > > > > > debian/ubuntu? If so, how did you go about this
> > problem.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > On Wednesday, October 8, 2014 7:01 PM, Mark Kirkwood
> > > > > > > > > <mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>
> > > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > >
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>>
> > > >
> > > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>
> > > > >
> > > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>>>
> > > > > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>
> > > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>>
> > > > > >
> > > > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>
> > > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>
> > > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>
> > > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>
> > > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>
> > <mailto:mark.kirkwood@xxxxxxxxxxxxxxx
> <mailto:mark.kirkwood@xxxxxxxxxxxxxxx>>>>>>>>> wrote:
> > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Ok, so that is the thing to get sorted. I'd suggest
> > > > posting the
> > > > > > > error(s)
> > > > > > > > > you are getting perhaps here (someone else might
> > > know), but
> > > > > > definitely
> > > > > > > > > to one of the Debian specific lists.
> > > > > > > > >
> > > > > > > > > In the meantime perhaps try installing the packages
> > with
> > > > > aptitude
> > > > > > > rather
> > > > > > > > > than apt-get - if there is some fancy footwork
> > > required it is
> > > > > > fairly
> > > > > > > > > smart about what needs to be done.
> > > > > > > > >
> > > > > > > > > Cheers
> > > > > > > > >
> > > > > > > > > Mark
> > > > > > > > >
> > > > > > > > > On 09/10/14 14:38, lakshmi k s wrote:
> > > > > > > > > > Thanks Mark. I have been trying to install
> this on
> > > > controller
> > > > > > > > node. But
> > > > > > > > > > for some reason, I am unable to install
> certutil or
> > > > > > > libnss3-tools on
> > > > > > > > > > debian. I am not sure how to proceed.
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
> >
> >
>
>
>
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com