DeepSea
DeepSea copied to clipboard
keystone RGW users block deepsea stage.4
User Sebastian reports:
deepsea get stuck in stage.4 during RGW configuration/testing:
2017-10-05 09:27:10,154 [salt.state ][ERROR ][5272] Run failed on minions: ses-node01
Failures:
ses-node01:
Name: install rgw - Function: pkg.installed - Result: Clean Started: - 09:27:09.331264 Duration: 335.224 ms
----------
ID: create demo bucket for admin
Function: module.run
Name: rgw.create_bucket
Result: True
Comment: Module function rgw.create_bucket executed
Started: 09:27:09.666942
Duration: 403.011 ms
Changes:
----------
ret:
True
----------
ID: create demo bucket for b5b37e9498a942b3b464f451a06e7a9a
Function: module.run
Name: rgw.create_bucket
Result: False
Comment: Module function rgw.create_bucket threw an exception. Exception: S3ResponseError: 403 Forbidden
<?xml version="1.0" encoding="UTF-8"?><Error><Code>InvalidAccessKeyId</Code><RequestId>tx000000000000000000002-0059d5faee-41757-default</RequestId><HostId>41757-default-default</HostId></Error>
Started: 09:27:10.070177
Duration: 39.425 ms
Changes:
----------
ID: create demo bucket for 1fbfd4d446be43e0a39aad1dadedccc0
Function: module.run
Name: rgw.create_bucket
Result: False
Comment: Module function rgw.create_bucket threw an exception. Exception: S3ResponseError: 403 Forbidden
<?xml version="1.0" encoding="UTF-8"?><Error><Code>InvalidAccessKeyId</Code><RequestId>tx000000000000000000003-0059d5faee-41757-default</RequestId><HostId>41757-default-default</HostId></Error>
Started: 09:27:10.109693
Duration: 36.268 ms
Changes:
Summary for ses-node01
------------
Succeeded: 2 (changed=1)
Failed: 2
------------
Total states run: 4
Total run time: 813.928 ms
Problem is, that our RGW uses Keystone authentication and therefore have Keystone Users:
root@ses-node01:/srv/salt/ceph/rgw/users # salt -I 'roles:rgw' rgw.users
ses-node02:
- admin
- b5b37e9498a942b3b464f451a06e7a9a
- 1fbfd4d446be43e0a39aad1dadedccc0
- e79af9077f0242d8a1fefd189762f9d1
ses-node04:
- admin
- b5b37e9498a942b3b464f451a06e7a9a
- 1fbfd4d446be43e0a39aad1dadedccc0
- e79af9077f0242d8a1fefd189762f9d1
ses-node03:
- admin
- b5b37e9498a942b3b464f451a06e7a9a
- 1fbfd4d446be43e0a39aad1dadedccc0
- e79af9077f0242d8a1fefd189762f9d1
root@ses-node01:/srv/salt/ceph/rgw/users #
or
root@ses-node01:~ # radosgw-admin user list
[
"admin",
"b5b37e9498a942b3b464f451a06e7a9a",
"1fbfd4d446be43e0a39aad1dadedccc0",
"e79af9077f0242d8a1fefd189762f9d1"
]
root@ses-node01:~ #
I’d like to specify a white list, which users deepsea can/should use for validating the RGW service.
Thx and Br
Sebastian
Is that still a known issue?
If someone can provide me with a "deploy RGW with keystone for dummies" HOWTO, I could make a test case for this.