RadosGW Keystone Integration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am trying to configure radosgw integration with keystone in the
following environment:
1) Use user/pass authentication with Keystone instead of admin token.
2) Use keystone v3 API
3) Keystone internal and admin URLs are non-SSL
4) Keystone is configured to use fernet tokens

My RGW configuration looks like:
[client.rgw.radosgw-1]
rgw keystone admin user = radosgw
rgw keystone admin password = <removed>
rgw keystone token cache size = 10000
keyring = /var/lib/ceph/radosgw/ceph-rgw.radosgw-1/keyring
rgw keystone url = http://keystone-admin:35357
rgw data = /var/lib/ceph/radosgw/ceph-rgw.radosgw-1
rgw keystone admin tenant = service
rgw keystone admin domain = default
rgw keystone api version = 3
host = radosgw-1
rgw s3 auth use keystone = true
rgw socket path = /tmp/radosgw-radosgw-1.sock
log file = /var/log/ceph/ceph-rgw-radosgw-1.log
rgw keystone accepted roles = Member, _member_, admin
rgw frontends = civetweb port=10.13.32.15:8080 num_threads=50
rgw keystone revocation interval = 900

When I start radosgw the following log is produced:
2016-07-13 17:37:42.277988 7f0b31b5b900  0 ceph version 10.2.2
(45107e21c568dd033c2f0a3107dec8f0b0e58374), process radosgw, pid 9643
2016-07-13 17:37:42.596319 7f0b31b5b900  0 RGWZoneParams::create():
error creating default zone params: (17) File exists
2016-07-13 17:37:42.894745 7f0b31b5b900  0 starting handler: civetweb
2016-07-13 17:37:42.903768 7f0b0f7fe700  0 -- 10.13.32.15:0/1830608620
submit_message mon_subscribe({osdmap=11472}) v2 remote,
10.53.3.35:6789/0, failed lossy con, dropping message 0x7f0b04034000
2016-07-13 17:37:42.915816 7f0b0f7fe700  0 monclient: hunting for new mon
2016-07-13 17:37:43.136941 7f0ab729f700  0 revoked tokens response is
missing signed section
2016-07-13 17:37:43.137148 7f0ab729f700  0 ERROR: keystone revocation
processing returned error r=-22

And http on the rgw ip:port does not serve anything, just accept the
connection and hang.

I saw the message at ceph-devel:
http://www.spinics.net/lists/ceph-devel/msg30521.html
However there are no replies. It seems like this would be a growing
issue for rgw deployers as fernet will soon be the default/recommended
token method.
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux