On 15/12/14 20:54, Vivek Varghese Cherian wrote:
Hi,
Do I need to overwrite the existing .db files and .txt file in
/var/lib/nssdb on the radosgw host with the ones copied from
/var/ceph/nss on the Juno node ?
Yeah - worth a try (we want to rule out any certificate mis-match
errors).
Cheers
Mark
I have manually copied the keys from the directory /var/ceph/nss on the
juno node to the /var/ceph/nss on my radogw node, I have also made the
following changes to my ceph.conf:
#rgw keystone url = 10.x.x.175:35357
rgw keystone url = 10.x.x.175:5000
rgw keystone admin token = password123
rgw keystone accepted roles = Member, admin
rgw keystone token cache size = 10000
rgw keystone revocation interval = 15 * 60
rgw s3 auth use keystone = true
#nss db path = /var/lib/nssdb
nss db path = /var/ceph/nss
I have restarted the radosgw and it works.
ceph@ppm-c240-ceph3:~$ ps aux | grep rados
root 19833 0.2 0.0 10324668 33288 ? Ssl Dec12 7:30
/usr/bin/radosgw -n client.radosgw.gateway
ceph 28101 0.0 0.0 10464 916 pts/0 S+ 02:25 0:00 grep
--color=auto rados
ceph@ppm-c240-ceph3:~$
Imho, the document ( http://ceph.com/docs/master/radosgw/keystone/ )
should explicitly state that the /var/ceph/nss directory should be
created on the radosgw node and not on the openstack node.
I had a discussion with Loïc Dachary on irc, and on his request, I have
filed a bug against the documentation.
The ticket url is http://tracker.ceph.com/issues/10305
Btw, thanks Mark for the pointers.
Excellent - glad it is working now. Yeah, the docs could certainly be
clearer. Also the error message from radosgw when the certs are
wrong/missing could be better too!
Regards
Mark
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
