Hi all, In reference to: https://lists.ceph.io/hyperkitty/list/ceph-users@xxxxxxx/thread/Y2KTC7RXQYWRA54PVBAMEXSNNBRZUXP7/ We are seeing similar behavior with public Swift bucket access being broken. In this case RadosGW Nautilus integrated to OpenStack Queens Keystone. Public Swift containers have worked fine from Luminous era up to Nautilus 14.2.11, and started to break when upgrading RadosGW to 14.2.12 or newer. Unsure if this is related to the backport of "rgw: Swift API anonymous access should 401 (pr#37438", or some other rgw change within 14.2.12. I believe the following ceph.conf we use is relevant: rgw_swift_account_in_url = true rgw_keystone_implicit_tenants = false As well as the configured endpoint format: https://fqdn:443/swift/v1/AUTH_%(tenant_id)s Steps to reproduce: Horizon: -------- 1) Public container access - Create a container with "Container Access" set to Public - Click on the Horizon provided Link which is of the format https://fqdn/swift/v1/AUTH_projectUUID/public-test-container/ Expected result: Empty bucket listing Actual result: "AccessDenied" 2) Public object access - Upload an object to the public container - Try to access the object via unauthenticated browser session Expected result: Object downloaded or loaded into browser Actual result: "NoSuchBucket" Also getting similar behavior with Swift CLI tools (ACL '.r:*') from what I can see. Any suggestions how to troubleshoot further? Happy to provide more debug log and configuration details if need be, as well as pointers if something might be actually wrong in our configuration. Also, apologies for the possible double post - I tried to first submit via the hyperkitty web form but that post seems to have gone into a black hole. BR, Jukka _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx