I am trying to integrate Openstack keystone with radosgw. I have followed the instructions as per the link - http://ceph.com/docs/master/radosgw/keystone/. But for some reason, keystone flags under [client.radosgw.gateway] section are not being honored. That means, presence of these flags never attempt to use keystone. Hence, any swift v2.0 calls results in 401-Authorization problem. But If I move the keystone url outside under global section, I see that there is initial keystone handshake between keystone and gateway nodes.
Please note that swift v1 calls (without using keystone) work great.
Any thoughts on how to resolve this problem?
ceph.conf
[global]
fsid = f216cbe1-fa49-42ed-b28a-322aa3d48fff
mon_initial_members = node1
mon_host = 192.168.122.182
auth_cluster_required = cephx
auth_service_required = cephx
auth_client_required = cephx
filestore_xattr_use_omap = true
[client.admin]
keyring = /etc/ceph/ceph.client.admin.keyring
[client.radosgw.gateway]
host = radosgw
keyring = /etc/ceph/ceph.client.radosgw.keyring
rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
log file = /var/log/ceph/client.radosgw.gateway.log
rgw dns name = radosgw
rgw keystone url =
"">
rgw keystone admin token = faedf7bc53e3371924e7b3ddb9d13ddd
rgw keystone accepted roles = admin Member _member_
rgw keystone token cache size = 500
rgw keystone revocation interval = 500
rgw s3 auth use keystone = true
nss db path = /var/ceph/nss
Thanks much.
Lakshmi.
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
- Follow-Ups:
- Re: Radosgw refusing to even attempt to use keystone auth
- From: Mark Kirkwood
- Re: Radosgw refusing to even attempt to use keystone auth
- Prev by Date: Re: Openstack keystone with Radosgw
- Next by Date: Re: Replacing a disk: Best practices?
- Previous by thread: (no subject)
- Next by thread: Re: Radosgw refusing to even attempt to use keystone auth
- Index(es):