Thanks for the info. Shinobu ----- Original Message ----- From: "Luis Periquito" <periquito@xxxxxxxxx> To: "Shinobu Kinjo" <skinjo@xxxxxxxxxx> Cc: "Abhishek L" <abhishek.lekshmanan@xxxxxxxxx>, "Robert Duncan" <Robert.Duncan@xxxxxxxx>, "ceph-users" <ceph-users@xxxxxxxx> Sent: Friday, September 25, 2015 8:52:48 PM Subject: Re: radosgw and keystone version 3 domains I'm having the exact same issue, and after looking it seems that radosgw is hardcoded to authenticate using v2 api. from the config file: rgw keystone url = http://openstackcontrol.lab:35357/ the "/v2.0/" is hardcoded and gets appended to the authentication request. a snippet taken from radosgw (ran with "-d --debug-ms=1 --debug-rgw=20" options) 2015-09-25 12:40:00.359333 7ff4bcf61700 1 ====== starting new request req=0x7ff57801b810 ===== 2015-09-25 12:40:00.359355 7ff4bcf61700 2 req 1:0.000021::GET /swift/v1::initializing 2015-09-25 12:40:00.359358 7ff4bcf61700 10 host=s3.lab.tech.lastmile.com 2015-09-25 12:40:00.359363 7ff4bcf61700 20 subdomain= domain= s3.lab.tech.lastmile.com in_hosted_domain=1 2015-09-25 12:40:00.359400 7ff4bcf61700 10 ver=v1 first= req= 2015-09-25 12:40:00.359410 7ff4bcf61700 10 s->object=<NULL> s->bucket=<NULL> 2015-09-25 12:40:00.359419 7ff4bcf61700 2 req 1:0.000085:swift:GET /swift/v1::getting op 2015-09-25 12:40:00.359422 7ff4bcf61700 2 req 1:0.000089:swift:GET /swift/v1:list_buckets:authorizing 2015-09-25 12:40:00.359428 7ff4bcf61700 20 token_id=6b67585266ce4aee9e326e72c81865dd 2015-09-25 12:40:00.359451 7ff4bcf61700 20 sending request to http://openstackcontrol.lab:35357/v2.0/tokens/6b67585266ce4aee9e326e72c81865dd 2015-09-25 12:40:00.377066 7ff4bcf61700 20 received response: {"error": {"message": "Non-default domain is not supported (Disable debug mode to suppress these details.)", "code": 401, "title": "Unauthorized"}} 2015-09-25 12:40:00.377175 7ff4bcf61700 0 user does not hold a matching role; required roles: admin, Member, _member_ 2015-09-25 12:40:00.377179 7ff4bcf61700 10 failed to authorize request 2015-09-25 12:40:00.377216 7ff4bcf61700 2 req 1:0.017883:swift:GET /swift/v1:list_buckets:http status=401 2015-09-25 12:40:00.377219 7ff4bcf61700 1 ====== req done req=0x7ff57801b810 http_status=401 ====== >From this it seems that radosgw doesn't support auth v3! Are there any plans to add that support? On Sat, Sep 19, 2015 at 6:56 AM, Shinobu Kinjo <skinjo@xxxxxxxxxx> wrote: > What's error message you saw when you tried? > > Shinobu > > ----- Original Message ----- > From: "Abhishek L" <abhishek.lekshmanan@xxxxxxxxx> > To: "Robert Duncan" <Robert.Duncan@xxxxxxxx> > Cc: ceph-users@xxxxxxxx > Sent: Friday, September 18, 2015 12:29:20 PM > Subject: Re: radosgw and keystone version 3 domains > > On Fri, Sep 18, 2015 at 4:38 AM, Robert Duncan <Robert.Duncan@xxxxxxxx> > wrote: > > > > Hi > > > > > > > > It seems that radosgw cannot find users in Keystone V3 domains, that is, > > > > When keystone is configured for domain specific drivers radossgw cannot > find the users in the keystone users table (as they are not there) > > > > I have a deployment in which ceph providers object block ephemeral and > user storage, however any user outside of the ‘default’ sql backed domain > cannot be found by radosgw. > > > > Has anyone seen this issue before when using ceph in openstack? Is it > possible to configure radosgw to use a keystone v3 url? > > I'm not sure whether keystone v3 support for radosgw is there yet, > particularly for the swift api. Currently keystone v2 api is supported, > and due to the change in format between v2 and v3 tokens, I'm not sure > whether swift apis will work with v3 yet, though keystone v3 *might* > just work on the s3 interface due to the different format used. > > > > > > > > Thanks, > > > > Rob. > > > > ________________________________ > > > > The information contained and transmitted in this e-mail is confidential > information, and is intended only for the named recipient to which it is > addressed. The content of this e-mail may not have been sent with the > authority of National College of Ireland. Any views or opinions presented > are solely those of the author and do not necessarily represent those of > National College of Ireland. If the reader of this message is not the named > recipient or a person responsible for delivering it to the named recipient, > you are notified that the review, dissemination, distribution, > transmission, printing or copying, forwarding, or any other use of this > message or any part of it, including any attachments, is strictly > prohibited. If you have received this communication in error, please delete > the e-mail and destroy all record of this communication. Thank you for your > assistance. > > > > ________________________________ > > > > _______________________________________________ > > ceph-users mailing list > > ceph-users@xxxxxxxxxxxxxx > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |