This was reported in http://tracker.ceph.com/issues/8052 about a year ago. This ticket hasn't been updated...
On Fri, Sep 25, 2015 at 1:37 PM, Robert Duncan <[email protected]> wrote: > I would be interested if anyone even has a work around to this - no matter > how arcane. > If anyone gets this to work I would be most obliged > > -----Original Message----- > From: Shinobu Kinjo [mailto:[email protected]] > Sent: 25 September 2015 13:31 > To: Luis Periquito > Cc: Abhishek L; Robert Duncan; ceph-users > Subject: Re: [ceph-users] radosgw and keystone version 3 domains > > Thanks for the info. > > Shinobu > > ----- Original Message ----- > From: "Luis Periquito" <[email protected]> > To: "Shinobu Kinjo" <[email protected]> > Cc: "Abhishek L" <[email protected]>, "Robert Duncan" < > [email protected]>, "ceph-users" <[email protected]> > Sent: Friday, September 25, 2015 8:52:48 PM > Subject: Re: [ceph-users] radosgw and keystone version 3 domains > > I'm having the exact same issue, and after looking it seems that radosgw > is hardcoded to authenticate using v2 api. > > from the config file: rgw keystone url = > http://openstackcontrol.lab:35357/ > > the "/v2.0/" is hardcoded and gets appended to the authentication request. > > a snippet taken from radosgw (ran with "-d --debug-ms=1 --debug-rgw=20" > options) > > 2015-09-25 12:40:00.359333 7ff4bcf61700 1 ====== starting new request > req=0x7ff57801b810 ===== > 2015-09-25 12:40:00.359355 7ff4bcf61700 2 req 1:0.000021::GET > /swift/v1::initializing > 2015-09-25 12:40:00.359358 7ff4bcf61700 10 host=s3.lab.tech.lastmile.com > 2015-09-25 12:40:00.359363 7ff4bcf61700 20 subdomain= domain= > s3.lab.tech.lastmile.com in_hosted_domain=1 > 2015-09-25 12:40:00.359400 7ff4bcf61700 10 ver=v1 first= req= > 2015-09-25 12:40:00.359410 7ff4bcf61700 10 s->object=<NULL> > s->bucket=<NULL> > 2015-09-25 12:40:00.359419 7ff4bcf61700 2 req 1:0.000085:swift:GET > /swift/v1::getting op > 2015-09-25 12:40:00.359422 7ff4bcf61700 2 req 1:0.000089:swift:GET > /swift/v1:list_buckets:authorizing > 2015-09-25 12:40:00.359428 7ff4bcf61700 20 > token_id=6b67585266ce4aee9e326e72c81865dd > 2015-09-25 12:40:00.359451 7ff4bcf61700 20 sending request to > http://openstackcontrol.lab:35357/v2.0/tokens/6b67585266ce4aee9e326e72c81865dd > 2015-09-25 12:40:00.377066 7ff4bcf61700 20 received response: {"error": > {"message": "Non-default domain is not supported (Disable debug mode to > suppress these details.)", "code": 401, "title": "Unauthorized"}} > 2015-09-25 12:40:00.377175 7ff4bcf61700 0 user does not hold a matching > role; required roles: admin, Member, _member_ > 2015-09-25 12:40:00.377179 7ff4bcf61700 10 failed to authorize request > 2015-09-25 12:40:00.377216 7ff4bcf61700 2 req 1:0.017883:swift:GET > /swift/v1:list_buckets:http status=401 > 2015-09-25 12:40:00.377219 7ff4bcf61700 1 ====== req done > req=0x7ff57801b810 http_status=401 ====== > > > From this it seems that radosgw doesn't support auth v3! Are there any > plans to add that support? > > > On Sat, Sep 19, 2015 at 6:56 AM, Shinobu Kinjo <[email protected]> wrote: > > > What's error message you saw when you tried? > > > > Shinobu > > > > ----- Original Message ----- > > From: "Abhishek L" <[email protected]> > > To: "Robert Duncan" <[email protected]> > > Cc: [email protected] > > Sent: Friday, September 18, 2015 12:29:20 PM > > Subject: Re: [ceph-users] radosgw and keystone version 3 domains > > > > On Fri, Sep 18, 2015 at 4:38 AM, Robert Duncan > > <[email protected]> > > wrote: > > > > > > Hi > > > > > > > > > > > > It seems that radosgw cannot find users in Keystone V3 domains, that > > > is, > > > > > > When keystone is configured for domain specific drivers radossgw > > > cannot > > find the users in the keystone users table (as they are not there) > > > > > > I have a deployment in which ceph providers object block ephemeral > > > and > > user storage, however any user outside of the ‘default’ sql backed > > domain cannot be found by radosgw. > > > > > > Has anyone seen this issue before when using ceph in openstack? Is > > > it > > possible to configure radosgw to use a keystone v3 url? > > > > I'm not sure whether keystone v3 support for radosgw is there yet, > > particularly for the swift api. Currently keystone v2 api is > > supported, and due to the change in format between v2 and v3 tokens, > > I'm not sure whether swift apis will work with v3 yet, though keystone > > v3 *might* just work on the s3 interface due to the different format > used. > > > > > > > > > > > > > Thanks, > > > > > > Rob. > > > > > > ________________________________ > > > > > > The information contained and transmitted in this e-mail is > > > confidential > > information, and is intended only for the named recipient to which it > > is addressed. The content of this e-mail may not have been sent with > > the authority of National College of Ireland. Any views or opinions > > presented are solely those of the author and do not necessarily > > represent those of National College of Ireland. If the reader of this > > message is not the named recipient or a person responsible for > > delivering it to the named recipient, you are notified that the > > review, dissemination, distribution, transmission, printing or > > copying, forwarding, or any other use of this message or any part of > > it, including any attachments, is strictly prohibited. If you have > > received this communication in error, please delete the e-mail and > > destroy all record of this communication. Thank you for your assistance. > > > > > > ________________________________ > > > > > > _______________________________________________ > > > ceph-users mailing list > > > [email protected] > > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > > > _______________________________________________ > > ceph-users mailing list > > [email protected] > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > _______________________________________________ > > ceph-users mailing list > > [email protected] > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > ________________________________ > > The information contained and transmitted in this e-mail is confidential > information, and is intended only for the named recipient to which it is > addressed. The content of this e-mail may not have been sent with the > authority of National College of Ireland. Any views or opinions presented > are solely those of the author and do not necessarily represent those of > National College of Ireland. If the reader of this message is not the named > recipient or a person responsible for delivering it to the named recipient, > you are notified that the review, dissemination, distribution, > transmission, printing or copying, forwarding, or any other use of this > message or any part of it, including any attachments, is strictly > prohibited. If you have received this communication in error, please delete > the e-mail and destroy all record of this communication. Thank you for your > assistance. > ________________________________ >
_______________________________________________ ceph-users mailing list [email protected] http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
