Hi Jukka, In my case, public Swif buckets are working as exprcted for RGW Nautilus 14.2.12-14.2.14 with OpenStack Rocky. However, Octopus 15.2.5 which should have this fix according to the change log, still fails. Do you have anything interesting in rgw debug log (debug rgw = 20) or in keystone log? Could you provide the full ceph.conf? Or just mimic my config from the reference link, you've provided. My default setup assumes <...> rgw_keystone_implicit_tenants = true <...> but as of my understanding, this parameter should not affect the anonymous access to existing buckets. As of today, I suspect, that could be a Keystone problem talking to the new Ceph releases 14.2.12+ in your case and Octopus 15.2.x in my. Regars, Vladimir -----Original Message----- From: Jukka Nousiainen <jukka.nousiainen@xxxxxx> To: ceph-users@xxxxxxx Subject: Public Swift yielding errors since 14.2.12 Date: Thu, 26 Nov 2020 08:08:23 +0200 (EET) Hi all, In reference to: https://lists.ceph.io/hyperkitty/list/ceph-users@xxxxxxx/thread/Y2KTC7RXQYWRA54PVBAMEXSNNBRZUXP7/ We are seeing similar behavior with public Swift bucket access being broken. In this case RadosGW Nautilus integrated to OpenStack Queens Keystone. Public Swift containers have worked fine from Luminous era up to Nautilus14.2.11, and started to break when upgrading RadosGW to 14.2.12 or newer. Unsure if this is related to the backport of "rgw: Swift API anonymous accessshould 401 (pr#37438", or some other rgw change within 14.2.12. I believe the following ceph.conf we use is relevant: rgw_swift_account_in_url = truergw_keystone_implicit_tenants = false As well as the configured endpoint format: https://fqdn:443/swift/v1/AUTH_%(tenant_id)s Steps to reproduce: Horizon:-------- 1) Public container access - Create a container with "Container Access" set to Public- Click on the Horizon provided Link which is of the format https://fqdn/swift/v1/AUTH_projectUUID/public-test-container/ Expected result: Empty bucket listingActual result: "AccessDenied" 2) Public object access - Upload an object to the public container- Try to access the object via unauthenticated browser session Expected result: Object downloaded or loaded into browserActual result: "NoSuchBucket" Also getting similar behavior with Swift CLI tools (ACL '.r:*') from what Ican see. Any suggestions how to troubleshoot further? Happy to provide more debug log and configuration details if need be, as wellas pointers if something might be actually wrong in our configuration. Also, apologies for the possible double post - I tried to first submit via thehyperkitty web form but that post seems to have gone into a black hole. BR,Jukka_______________________________________________ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |