Hi,
>> Do I need to overwrite the existing .db files and .txt file in >> /var/lib/nssdb on the radosgw host with the ones copied from >> /var/ceph/nss on the Juno node ? >> >> > Yeah - worth a try (we want to rule out any certificate mis-match errors). > > Cheers > > Mark > > I have manually copied the keys from the directory /var/ceph/nss on the juno node to the /var/ceph/nss on my radogw node, I have also made the following changes to my ceph.conf: #rgw keystone url = 10.x.x.175:35357 rgw keystone url = 10.x.x.175:5000 rgw keystone admin token = password123 rgw keystone accepted roles = Member, admin rgw keystone token cache size = 10000 rgw keystone revocation interval = 15 * 60 rgw s3 auth use keystone = true #nss db path = /var/lib/nssdb nss db path = /var/ceph/nss I have restarted the radosgw and it works. ceph@ppm-c240-ceph3:~$ ps aux | grep rados root 19833 0.2 0.0 10324668 33288 ? Ssl Dec12 7:30 /usr/bin/radosgw -n client.radosgw.gateway ceph 28101 0.0 0.0 10464 916 pts/0 S+ 02:25 0:00 grep --color=auto rados ceph@ppm-c240-ceph3:~$ Imho, the document ( http://ceph.com/docs/master/radosgw/keystone/ ) should explicitly state that the /var/ceph/nss directory should be created on the radosgw node and not on the openstack node. I had a discussion with Loïc Dachary on irc, and on his request, I have filed a bug against the documentation. The ticket url is http://tracker.ceph.com/issues/10305 Btw, thanks Mark for the pointers. Regards, --- Vivek Varghese Cherian
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
