DeepSea keystone RGW users block deepsea stage.4

keystone RGW users block deepsea stage.4

Open smithfarm opened this issue 6 years ago • 2 comments

User Sebastian reports:

deepsea get stuck in stage.4 during RGW configuration/testing:

2017-10-05 09:27:10,154 [salt.state       ][ERROR   ][5272] Run failed on minions: ses-node01

Failures:
    ses-node01:
      Name: install rgw - Function: pkg.installed - Result: Clean Started: - 09:27:09.331264 Duration: 335.224 ms
    ----------
              ID: create demo bucket for admin
        Function: module.run
            Name: rgw.create_bucket
          Result: True
         Comment: Module function rgw.create_bucket executed
         Started: 09:27:09.666942
        Duration: 403.011 ms
         Changes:
                  ----------
                  ret:
                      True
    ----------
              ID: create demo bucket for b5b37e9498a942b3b464f451a06e7a9a
        Function: module.run
            Name: rgw.create_bucket
          Result: False
         Comment: Module function rgw.create_bucket threw an exception. Exception: S3ResponseError: 403 Forbidden
                  <?xml version="1.0" encoding="UTF-8"?><Error><Code>InvalidAccessKeyId</Code><RequestId>tx000000000000000000002-0059d5faee-41757-default</RequestId><HostId>41757-default-default</HostId></Error>
         Started: 09:27:10.070177
        Duration: 39.425 ms
         Changes:
    ----------
              ID: create demo bucket for 1fbfd4d446be43e0a39aad1dadedccc0
        Function: module.run
            Name: rgw.create_bucket
          Result: False
         Comment: Module function rgw.create_bucket threw an exception. Exception: S3ResponseError: 403 Forbidden
                  <?xml version="1.0" encoding="UTF-8"?><Error><Code>InvalidAccessKeyId</Code><RequestId>tx000000000000000000003-0059d5faee-41757-default</RequestId><HostId>41757-default-default</HostId></Error>
         Started: 09:27:10.109693
        Duration: 36.268 ms
         Changes:
 

    Summary for ses-node01
    ------------
   Succeeded: 2 (changed=1)
    Failed:    2
    ------------
    Total states run:     4
    Total run time: 813.928 ms

Problem is, that our RGW uses Keystone authentication and therefore have Keystone Users:

root@ses-node01:/srv/salt/ceph/rgw/users # salt -I 'roles:rgw' rgw.users
ses-node02:
    - admin
    - b5b37e9498a942b3b464f451a06e7a9a
    - 1fbfd4d446be43e0a39aad1dadedccc0
    - e79af9077f0242d8a1fefd189762f9d1
ses-node04:
    - admin
    - b5b37e9498a942b3b464f451a06e7a9a
    - 1fbfd4d446be43e0a39aad1dadedccc0
    - e79af9077f0242d8a1fefd189762f9d1
ses-node03:
    - admin
    - b5b37e9498a942b3b464f451a06e7a9a
    - 1fbfd4d446be43e0a39aad1dadedccc0
    - e79af9077f0242d8a1fefd189762f9d1

root@ses-node01:/srv/salt/ceph/rgw/users #

or

root@ses-node01:~ # radosgw-admin user list

[
    "admin",
    "b5b37e9498a942b3b464f451a06e7a9a",
    "1fbfd4d446be43e0a39aad1dadedccc0",
    "e79af9077f0242d8a1fefd189762f9d1"
]

root@ses-node01:~ #

I’d like to specify a white list, which users deepsea can/should use for validating the RGW service.

Thx and Br

Sebastian

Oct 09 '17 10:10 smithfarm

Is that still a known issue?

Aug 29 '18 10:08 jschmid1

If someone can provide me with a "deploy RGW with keystone for dummies" HOWTO, I could make a test case for this.

Aug 29 '18 10:08 smithfarm

DeepSea DeepSea copied to clipboard

keystone RGW users block deepsea stage.4

DeepSea
DeepSea copied to clipboard