I think I figured it out, for my install the admin token is broken for v2 auth and I needed to use user:password w/ admin role. It is the more correct way to do things but is conspicuously missing from here http://docs.ceph.com/docs/master/radosgw/keystone/ <http://docs.ceph.com/docs/master/radosgw/keystone/> and here http://docs.ceph.com/docs/master/radosgw/config-ref/ <http://docs.ceph.com/docs/master/radosgw/config-ref/> and I had to read the source code to find it. I would have expected some sort of error to be thrown before the role checking failed. I’ll see if I can’t file a documentation bug.
> On Oct 15, 2015, at 2:06 PM, Mike Lowe <j.michael.l...@gmail.com> wrote: > > I think so, unless I misunderstand how it works. > > (openstack) role list --user jomlowe --project jomlowe > +----------------------------------+----------+---------+---------+ > | ID | Name | Project | User | > +----------------------------------+----------+---------+---------+ > | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | jomlowe | jomlowe | > | 8adcf7413cd3469abe4ae13cf259be6e | user | jomlowe | jomlowe | > +----------------------------------+----------+---------+---------+ > > >> On Oct 15, 2015, at 1:50 PM, Yehuda Sadeh-Weinraub <yeh...@redhat.com> wrote: >> >> On Thu, Oct 15, 2015 at 8:34 AM, Mike Lowe <j.michael.l...@gmail.com> wrote: >>> I’m having some trouble with radosgw and keystone integration, I always get >>> the following error: >>> >>> user does not hold a matching role; required roles: >>> Member,user,_member_,admin >>> >>> Despite my token clearly having one of the roles: >>> >>> "user": { >>> "id": "401375297eb540bbb1c32432439827b0", >>> "name": "jomlowe", >>> "roles": [ >>> { >>> "id": "8adcf7413cd3469abe4ae13cf259be6e", >>> "name": "user" >>> } >>> ], >>> "roles_links": [], >>> "username": "jomlowe" >>> } >>> >>> Does anybody have any hints? >> >> >> Does the user has these roles assigned on keystone? >> >> Yehuda >
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com