Hi,
Which version of OpenStack do you have ? I guess , since Usurri ( or may be even before ) swift authentification through keystone require the account in url . You have to add this option in "/etc/ceph/ceph.conf" , section rgw "rgw swift account in url = true" or do it via setting directly . Also , I noticed you did this ==> 3) ceph config set mgr rgw_keystone_accepted_admin_roles xxxx || I think , you should use the option "rgw keystone accepted roles xxxx" instead.
Regards
-----Message d'origine-----
De : Mika Saari <mika.saari@xxxxxxxxx>
Envoyé : mardi 5 janvier 2021 10:03
À : ceph-users@xxxxxxx
Objet : Ceph RadosGW & OpenStack swift problem
Hi,
Using Ceph 15.2.8 installed with cephadm. Trying to get RadosGW to work.
I have managed to get the RadosGW working. I can manage it through a dashboard and use aws s3 client to create new buckets etc. When trying to use swift I get errors.
Not sure how to continue to track the problem here. Any tips are welcome.
Thank you very much,
-Mika
------- What I have done and what are the results. Some data changed manually -------
What I have done:
At OpenStack Side:
1) openstack user create --domain default --password-prompt swift
2) openstack role add --project service --user swift admin
3) openstack endpoint create --region RegionOne object-store public https://urldefense.proofpoint.com/v2/url?u=http-3A__ceph1_swift_v1_AUTH-5F-25-255C-28project-5Fid-255C-29s&d=DwICAg&c=1tDFxPZjcWEmlmmx4CZtyA&r=h1fIFv3Ydv-kdH6KKa6lmB20LbjUiXP9Kttb6tTs__E&m=EmlYLMTNHaWmSJrApw1U46oD9d1KMRwdpbF9VLg7eX4&s=-1FtdhjTcNA8jPSUoyoUfsPl5uqTqu4I_ThTOJNLjtg&e=
4) openstack endpoint create --region RegionOne object-store internal https://urldefense.proofpoint.com/v2/url?u=http-3A__ceph1_swift_v1_AUTH-5F-25-255C-28project-5Fid-255C-29s&d=DwICAg&c=1tDFxPZjcWEmlmmx4CZtyA&r=h1fIFv3Ydv-kdH6KKa6lmB20LbjUiXP9Kttb6tTs__E&m=EmlYLMTNHaWmSJrApw1U46oD9d1KMRwdpbF9VLg7eX4&s=-1FtdhjTcNA8jPSUoyoUfsPl5uqTqu4I_ThTOJNLjtg&e=
5) openstack endpoint create --region RegionOne object-store admin https://urldefense.proofpoint.com/v2/url?u=http-3A__ceph1_swift_v1&d=DwICAg&c=1tDFxPZjcWEmlmmx4CZtyA&r=h1fIFv3Ydv-kdH6KKa6lmB20LbjUiXP9Kttb6tTs__E&m=EmlYLMTNHaWmSJrApw1U46oD9d1KMRwdpbF9VLg7eX4&s=bm67b3lMVeLC3sNvuyufFCe3AksJgfIgeI8SDorhHMU&e=
At Ceph side:
1) ceph config set mgr rgw_keystone_api_version 3
2) ceph config set mgr rgw_keystone_url https://urldefense.proofpoint.com/v2/url?u=http-3A__controller-3A5000&d=DwICAg&c=1tDFxPZjcWEmlmmx4CZtyA&r=h1fIFv3Ydv-kdH6KKa6lmB20LbjUiXP9Kttb6tTs__E&m=EmlYLMTNHaWmSJrApw1U46oD9d1KMRwdpbF9VLg7eX4&s=lyXWyh-BXrikPWqWM3dcPW4ZofvjiAxnq-nXsjifnEw&e=
3) ceph config set mgr rgw_keystone_accepted_admin_roles admin
4) ceph config set mgr rgw_keystone_admin_user swift
5) ceph config set mgr rgw_keystone_admin_password swift_test
6) ceph config set mgr rgw_keystone_admin_domain default
7) ceph config set mgr rgw_keystone_admin_project service
for project I have tested different projects e.g. service and admin
Now when testing the API using swift client I get next:
1) swift post test3 --debug
DEBUG:keystoneclient.auth.identity.v3.base:Making authentication request to https://urldefense.proofpoint.com/v2/url?u=http-3A__controller-3A5000_v3_auth_tokens&d=DwICAg&c=1tDFxPZjcWEmlmmx4CZtyA&r=h1fIFv3Ydv-kdH6KKa6lmB20LbjUiXP9Kttb6tTs__E&m=EmlYLMTNHaWmSJrApw1U46oD9d1KMRwdpbF9VLg7eX4&s=-98qpMcc8sdRTdN7AwNPIyGsIK1GaFvi_SC5GtZGUpY&e=
DEBUG:urllib3.connectionpool:Starting new HTTP connection (1):
controller:5000
DEBUG:urllib3.connectionpool:http://controller:5000 "POST /v3/auth/tokens HTTP/1.1" 201 7032
. some openstack data here .
DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): ceph1:80
DEBUG:urllib3.connectionpool:http://ceph1:80 "POST
/swift/v1/AUTH_adsfasdfasdfasdfasdfasdf/test3 HTTP/1.1" 401 12
INFO:swiftclient:REQ: curl -i
https://urldefense.proofpoint.com/v2/url?u=http-3A__ceph1_swift_v1_AUTH-5Fadsfasdfasdfasdfasdfasdf_test3&d=DwICAg&c=1tDFxPZjcWEmlmmx4CZtyA&r=h1fIFv3Ydv-kdH6KKa6lmB20LbjUiXP9Kttb6tTs__E&m=EmlYLMTNHaWmSJrApw1U46oD9d1KMRwdpbF9VLg7eX4&s=g1inMAENxiOpxc4L8FlmbLypegdcQwgH8drm6aoESZ0&e= -X POST -H
"X-Auth-Token: <Token would be here>" -H "Content-Length: 0"
INFO:swiftclient:RESP STATUS: 401 Unauthorized
and finally I get
Container POST failed:
https://urldefense.proofpoint.com/v2/url?u=http-3A__ceph1_swift_v1_AUTH-5Fadsfasdfasdfasdfasdfasdf_test3&d=DwICAg&c=1tDFxPZjcWEmlmmx4CZtyA&r=h1fIFv3Ydv-kdH6KKa6lmB20LbjUiXP9Kttb6tTs__E&m=EmlYLMTNHaWmSJrApw1U46oD9d1KMRwdpbF9VLg7eX4&s=g1inMAENxiOpxc4L8FlmbLypegdcQwgH8drm6aoESZ0&e= 401 Unauthorized
b'AccessDenied'
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
