Bug 1012382
Summary: | swift: Admin user does not have permissions to see containers created by glance service | ||
---|---|---|---|
Product: | [Community] RDO | Reporter: | Dafna Ron <dron> |
Component: | openstack-packstack | Assignee: | Martin Magr <mmagr> |
Status: | CLOSED EOL | QA Contact: | nlevinki <nlevinki> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | Kilo | CC: | aortega, chris.brown, derekh, dron, ichavero, oblaut, pportant, srevivo, zaitcev |
Target Milestone: | --- | Keywords: | Reopened, ZStream |
Target Release: | trunk | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | storage | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-06-18 06:07:29 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 884748 | ||
Bug Blocks: |
Description
Dafna Ron
2013-09-26 11:34:57 UTC
This is not a bug. When we create an image, the 'container' in swift is an implementation detail. The fact that you *can* configure the same user for both system doesn't mean anything Reopening after discussing with Dafna. The problem iiuc is that 'admin' user does not have enough permissions to 'see' containers created by services (e.g. glance) *** Bug 1014735 has been marked as a duplicate of this bug. *** Unfortunately, Swift seems to have problem with ACL. Even though I have set ACL for container glance for admin user, the cantainer is not visible. I'm not sure [para@localhost ~(keystone_admin)]$ source keystonerc_glance [para@localhost ~(keystone_glance)]$ swift list glance [para@localhost ~(keystone_glance)]$ swift stat glance Account: AUTH_83f6607d54844b08874184766148d375 Container: glance Objects: 1 Bytes: 13147648 Read ACL: Write ACL: Sync To: Sync Key: Accept-Ranges: bytes X-Timestamp: 1413465069.26403 X-Trans-Id: tx7d7bd62674d843f9b9ea0-005440cd76 Content-Type: text/plain; charset=utf-8 [para@localhost ~(keystone_glance)]$ swift post glance -r admin:admin [para@localhost ~(keystone_glance)]$ swift post glance -w admin:admin [para@localhost ~(keystone_glance)]$ swift stat glance Account: AUTH_83f6607d54844b08874184766148d375 Container: glance Objects: 1 Bytes: 13147648 Read ACL: admin:admin Write ACL: admin:admin Sync To: Sync Key: Accept-Ranges: bytes X-Timestamp: 1413465069.26403 X-Trans-Id: txdad6dc7ac974427d8d9f6-005440d3cf Content-Type: text/plain; charset=utf-8 [para@localhost ~(keystone_glance)]$ source keystonerc_admin [para@localhost ~(keystone_admin)]$ swift list [para@localhost ~(keystone_admin)]$ swift stat glance Container 'glance' not found I tried to use also only 'admin' as ACL, but it didn't work too. Any thoughts Peter or Pete? The operations in comment #5 only work if glance and admin share a tennant. Do they? You can verify it with stat -v. can i have acks for this bug please? Hmmm, I think this can be safely closed now? |