Hello Mark -
Changing the rwg keystone url to http://192.168.122.165:35357 did not help. I
continue to get 401 error. Also, I am trying to integrate with Icehouse this
time. I did not see any keystone.conf in /etc/apache2/sites-available for
adding WSGI chunked encoding. That said, I am having issues with initial
keystone handshake itself.
Thanks,
Lakshmi.
On Wednesday, October 15, 2014 2:37 PM, Mark Kirkwood
<mark.kirkw...@catalyst.net.nz> wrote:
On 16/10/14 09:08, lakshmi k s wrote:
> I am trying to integrate Openstack keystone with radosgw. I have
> followed the instructions as per the link -
> http://ceph.com/docs/master/radosgw/keystone/. But for some reason,
> keystone flags under [client.radosgw.gateway] section are not being
> honored. That means, presence of these flags never attempt to use
> keystone. Hence, any swift v2.0 calls results in 401-Authorization
> problem. But If I move the keystone url outside under global section, I
> see that there is initial keystone handshake between keystone and
> gateway nodes.
>
> Please note that swift v1 calls (without using keystone) work great.
> Any thoughts on how to resolve this problem?
>
> ceph.conf
>
> [global]
> fsid = f216cbe1-fa49-42ed-b28a-322aa3d48fff
> mon_initial_members = node1
> mon_host = 192.168.122.182
> auth_cluster_required = cephx
> auth_service_required = cephx
> auth_client_required = cephx
> filestore_xattr_use_omap = true
>
> [client.admin]
> keyring = /etc/ceph/ceph.client.admin.keyring
>
> [client.radosgw.gateway]
> host = radosgw
> keyring = /etc/ceph/ceph.client.radosgw.keyring
> rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
> log file = /var/log/ceph/client.radosgw.gateway.log
> rgw dns name = radosgw
>
> rgw keystone url = http://192.168.122.165:5000
> rgw keystone admin token = faedf7bc53e3371924e7b3ddb9d13ddd
> rgw keystone accepted roles = admin Member _member_
> rgw keystone token cache size = 500
> rgw keystone revocation interval = 500
> rgw s3 auth use keystone = true
> nss db path = /var/ceph/nss
>
>
I have managed to to reproduce this:
If I copy your [client.radosgw.gateway] section and amend the obvious
differences (hostnames and ips, and socket paths), then I too see auth
failed and no sign of any attempt to use keystone auth logged. Making
the following change:
- rgw keystone url = http://192.168.122.165:5000
+ rgw keystone url = http://192.168.122.165:35357
makes it work again. I'm guessing it is tied up with with the fact we
needed to add WSGI Chunked encoding... and we did that only for the
35357 keystone virtualhost (I guess I can add it to 5000 too and see if
that fixes it). I does seem odd that there is no log entry on the rgw...
but it may be failing before the call gets logged (will look).
Regards
Mark
P.s: Added $SUBJECT header.
_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
