Hi everyone,
I am trying to integrate Openstack Keystone with radosgw using the doc :
http://ceph.com/docs/master/radosgw/config/#integrating-with-openstack-keystone
I have made all the necessary changes and was successfully able to use
swift client to connect and use the Ceph Object Gateway via
Swift-compatible API.
But, issue arises when I want to use Keystone as my authenticationg
mechanism.
I have created keystone service and endpoint.
But while running the command :
openssl x509 -in /etc/keystone/ssl/certs/ca.pem -pubkey | certutil -d /var/lib/ceph/nss
-A -n ca -t "TCu,Cu,Tuw"
gives me error as:
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The
certificate/key database is in an old, unsupported format.
Here is my ceph.conf:
[global]
fsid = 30040254-7177-4a08-8d31-9be2a8b4bac7
mon_initial_members = ceph-node1
mon_host = 10.0.1.11
auth_cluster_required = cephx
auth_service_required = cephx
auth_client_required = cephx
filestore_xattr_use_omap = true
[client.radosgw.gateway]
host = ceph-node1
keyring = /etc/ceph/keyring.radosgw.gateway
rgw_socket_path = /tmp/radosgw.sock
log_file = /var/log/ceph/radosgw.log
rgw keystone url = http://10.0.1.11:35357
rgw keystone admin token = ashish
rgw keystone accepted roles = admin, Member
rgw keystone token cache size = 100
rgw keystone revocation interval = 300
rgw s3 auth use keystone = true
nss db path = /var/lib/ceph/nss
Please let me know what I could be doing wrong.
Thanks and Regards
Ashish Chandra
Openstack Developer, Cloud Engineering
Reliance Jio
_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
