Re: Ceph RadosGW & OpenStack swift problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

  I have added debug_rgw 20 to configuration. When checking docker logs -f
<radosgw container id> I get this error for my radowgw request (swift post
test3  --debug)

  Would there be a way to get more debug information from radosgw to solve
this 401 problem ?

  Thanks a lot,
    -Mika

  --- clip clip ----
debug 2021-01-07T10:32:42.269+0000 7f1ae111b700  1 ====== starting new
request req=0x7f1b5b32a6b0 =====
debug 2021-01-07T10:32:42.269+0000 7f1ae111b700  1 op->ERRORHANDLER:
err_no=-1 new_err_no=-1
debug 2021-01-07T10:32:42.269+0000 7f1ae111b700  1 ====== req done
req=0x7f1b5b32a6b0 op status=0 http_status=401 latency=0s ======
debug 2021-01-07T10:32:42.269+0000 7f1ae111b700  1 beast: 0x7f1b5b32a6b0:
10.0.2.10 - - [2021-01-07T10:32:42.269372+0000] "POST
/swift/v1/AUTH_50f0ce372a4a4ed6a41126852358f097/test3 HTTP/1.1" 401 12 -
"python-swiftclient-3.9.0" -
  --- clip clip ----


On Tue, Jan 5, 2021 at 8:00 PM Mika Saari <mika.saari@xxxxxxxxx> wrote:

> Hi,
>
>   I am using indeed OpenStack Ussuri release. I changed the "gw swift
> account in url = true" directly with ceph config set ... command. Also
> checked that rgw_keystone_accepted_roles is correctly set and not the admin
> one. Also tested disabling rgw_keystone_verify_ssl.
>
>   Should radosgw communicate with keystone somehow? I can not see my
> ceph-cluster requesting anything from keystone through any interface
> (tcpdump checked this one). I have tested restarting the radosgw with
> command "ceph orch restart rgw.default.ou" and seems that it brings the
> container down and up. Not sure though it is enough to bring the settings
> in use.q
>
>   Current status is:
>     1) swift command seems to be able to authenticate with keystone at the
> very beginning, this is done in the client side.
>     2) swift command makes a request to radosgw and gets 401
>        INFO:swiftclient:REQ: curl -i <radosgw url
> here>/swift/v1/AUTH_<some id here>/test3 -X POST -H "X-Auth-Token: <token
> here>" -H "Content-Length: 0"
>       INFO:swiftclient:RESP STATUS: 401 Unauthorized
>
>   Thanks a lot again,
>      -Mika
>
> On Tue, Jan 5, 2021 at 11:19 AM Wissem MIMOUNA <
> wissem.mimouna@xxxxxxxxxxxxxxxx> wrote:
>
>> Hi,
>>
>> Which version of OpenStack do you have ? I guess , since Usurri ( or may
>> be even before ) swift authentification through keystone require the
>> account in url . You have to add this option in "/etc/ceph/ceph.conf" ,
>> section rgw "rgw swift account in url = true" or do it via setting directly
>> . Also , I noticed you did  this ==>     3) ceph config set mgr
>> rgw_keystone_accepted_admin_roles xxxx ||  I think , you should use the
>> option "rgw keystone accepted roles xxxx" instead.
>>
>> Regards
>>
>> -----Message d'origine-----
>> De : Mika Saari <mika.saari@xxxxxxxxx>
>> Envoyé : mardi 5 janvier 2021 10:03
>> À : ceph-users@xxxxxxx
>> Objet :  Ceph RadosGW & OpenStack swift problem
>>
>> Hi,
>>
>>   Using Ceph 15.2.8 installed with cephadm. Trying to get RadosGW to work.
>> I have managed to get the RadosGW working. I can manage it through a
>> dashboard and use aws s3 client to create new buckets etc. When trying to
>> use swift I get errors.
>>
>>   Not sure how to continue to track the problem here. Any tips are
>> welcome.
>>
>>     Thank you very much,
>>       -Mika
>>
>> ------- What I have done and what are the results. Some data changed
>> manually  -------
>>   What I have done:
>>     At OpenStack Side:
>>       1) openstack user create --domain default --password-prompt swift
>>       2) openstack role add --project service --user swift admin
>>       3) openstack endpoint create --region RegionOne object-store public
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__ceph1_swift_v1_AUTH-5F-25-255C-28project-5Fid-255C-29s&d=DwICAg&c=1tDFxPZjcWEmlmmx4CZtyA&r=h1fIFv3Ydv-kdH6KKa6lmB20LbjUiXP9Kttb6tTs__E&m=EmlYLMTNHaWmSJrApw1U46oD9d1KMRwdpbF9VLg7eX4&s=-1FtdhjTcNA8jPSUoyoUfsPl5uqTqu4I_ThTOJNLjtg&e=
>>       4) openstack endpoint create --region RegionOne object-store
>> internal
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__ceph1_swift_v1_AUTH-5F-25-255C-28project-5Fid-255C-29s&d=DwICAg&c=1tDFxPZjcWEmlmmx4CZtyA&r=h1fIFv3Ydv-kdH6KKa6lmB20LbjUiXP9Kttb6tTs__E&m=EmlYLMTNHaWmSJrApw1U46oD9d1KMRwdpbF9VLg7eX4&s=-1FtdhjTcNA8jPSUoyoUfsPl5uqTqu4I_ThTOJNLjtg&e=
>>       5) openstack endpoint create --region RegionOne object-store admin
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__ceph1_swift_v1&d=DwICAg&c=1tDFxPZjcWEmlmmx4CZtyA&r=h1fIFv3Ydv-kdH6KKa6lmB20LbjUiXP9Kttb6tTs__E&m=EmlYLMTNHaWmSJrApw1U46oD9d1KMRwdpbF9VLg7eX4&s=bm67b3lMVeLC3sNvuyufFCe3AksJgfIgeI8SDorhHMU&e=
>>
>>   At Ceph side:
>>     1) ceph config set mgr rgw_keystone_api_version 3
>>     2) ceph config set mgr rgw_keystone_url
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__controller-3A5000&d=DwICAg&c=1tDFxPZjcWEmlmmx4CZtyA&r=h1fIFv3Ydv-kdH6KKa6lmB20LbjUiXP9Kttb6tTs__E&m=EmlYLMTNHaWmSJrApw1U46oD9d1KMRwdpbF9VLg7eX4&s=lyXWyh-BXrikPWqWM3dcPW4ZofvjiAxnq-nXsjifnEw&e=
>>     3) ceph config set mgr rgw_keystone_accepted_admin_roles admin
>>     4) ceph config set mgr rgw_keystone_admin_user swift
>>     5) ceph config set mgr rgw_keystone_admin_password swift_test
>>     6) ceph config set mgr rgw_keystone_admin_domain default
>>     7) ceph config set mgr rgw_keystone_admin_project service
>>       for project I have tested different projects e.g. service and admin
>>
>>   Now when testing the API using swift client I get next:
>>     1) swift post test3 --debug
>>
>> DEBUG:keystoneclient.auth.identity.v3.base:Making authentication request
>> to
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__controller-3A5000_v3_auth_tokens&d=DwICAg&c=1tDFxPZjcWEmlmmx4CZtyA&r=h1fIFv3Ydv-kdH6KKa6lmB20LbjUiXP9Kttb6tTs__E&m=EmlYLMTNHaWmSJrApw1U46oD9d1KMRwdpbF9VLg7eX4&s=-98qpMcc8sdRTdN7AwNPIyGsIK1GaFvi_SC5GtZGUpY&e=
>> DEBUG:urllib3.connectionpool:Starting new HTTP connection (1):
>> controller:5000
>> DEBUG:urllib3.connectionpool:http://controller:5000 "POST
>> /v3/auth/tokens HTTP/1.1" 201 7032
>>
>> . some openstack data here .
>>
>> DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): ceph1:80
>> DEBUG:urllib3.connectionpool:http://ceph1:80 "POST
>> /swift/v1/AUTH_adsfasdfasdfasdfasdfasdf/test3 HTTP/1.1" 401 12
>> INFO:swiftclient:REQ: curl -i
>>
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__ceph1_swift_v1_AUTH-5Fadsfasdfasdfasdfasdfasdf_test3&d=DwICAg&c=1tDFxPZjcWEmlmmx4CZtyA&r=h1fIFv3Ydv-kdH6KKa6lmB20LbjUiXP9Kttb6tTs__E&m=EmlYLMTNHaWmSJrApw1U46oD9d1KMRwdpbF9VLg7eX4&s=g1inMAENxiOpxc4L8FlmbLypegdcQwgH8drm6aoESZ0&e=
>> -X POST -H
>> "X-Auth-Token: <Token would be here>" -H "Content-Length: 0"
>> INFO:swiftclient:RESP STATUS: 401 Unauthorized
>>
>> and finally I get
>> Container POST failed:
>>
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__ceph1_swift_v1_AUTH-5Fadsfasdfasdfasdfasdfasdf_test3&d=DwICAg&c=1tDFxPZjcWEmlmmx4CZtyA&r=h1fIFv3Ydv-kdH6KKa6lmB20LbjUiXP9Kttb6tTs__E&m=EmlYLMTNHaWmSJrApw1U46oD9d1KMRwdpbF9VLg7eX4&s=g1inMAENxiOpxc4L8FlmbLypegdcQwgH8drm6aoESZ0&e=
>> 401 Unauthorized
>>   b'AccessDenied'
>> _______________________________________________
>> ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an
>> email to ceph-users-leave@xxxxxxx
>>
>
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux