Bug 1947556

Summary: [RFE][TestOnly] Barbican support for RadosGW with external Ceph
Product: Red Hat OpenStack Reporter: Gregory Charot <gcharot>
Component: openstack-tripleo-heat-templatesAssignee: Giulio Fidente <gfidente>
Status: CLOSED MIGRATED QA Contact: Yogev Rabl <yrabl>
Severity: medium Docs Contact:
Priority: medium    
Version: 17.0 (Wallaby)CC: alberto.gonzalez, cbodley, fpantano, gcharot, gfidente, jdurgin, johfulto, kjosy, lhh, mburns, njohnston, scohen, yrabl
Target Milestone: AlphaKeywords: FutureFeature, TestOnly, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: 1643715 Environment:
Last Closed: 2024-01-18 23:23:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1643715, 1701416    
Bug Blocks:    

Description Gregory Charot 2021-04-08 17:15:45 UTC 
Test RGW encryption with Barbican when ceph is external.


+++ This bug was initially created as a clone of Bug #1643715 +++

Description of problem:
At this moment is possible to use Barbican for Swift but not when RadosGW is used as Object Storage

Version-Release number of selected component (if applicable): OpenStack 13 and Ceph 3

Additional Information:

Ceph RadosGW allows to use Barbican to encrypt on server level:
http://docs.ceph.com/docs/mimic/radosgw/barbican/

--- Additional comment from Alberto Gonzalez on 2018-10-27 21:47:33 CEST ---

I created a document how to configure manually, https://docs.google.com/document/d/1m9j_6NsHHYTmtKfinB35eE2_9J_r47U3n4e9jefvH60/edit

The idea of this RFE is to integrate it with TripleO to configure the ceph.conf  file automatically.

--- Additional comment from John Fulton on 2018-10-31 14:24:33 CET ---

Hi Sean,

What priority would you give this RFE? If it's important, do you know
which version of OSP it should be in?

 https://bugzilla.redhat.com/show_bug.cgi?id=1643715

Thanks,
  John

http://post-office.corp.redhat.com/archives/rhos-dfg-ceph/2018-October/msg00057.html

--- Additional comment from John Fulton on 2018-11-30 18:17:32 CET ---

We'll target OSP16 and we might need to depends-on a ceph test-only bug for RGW in this usecase.

--- Additional comment from Giulio Fidente on 2019-04-15 12:24:38 CEST ---

For the implementation also see the post from Gregory [1] and the existing implementation for Swift [2]

1. https://mojo.redhat.com/people/gcharot/blog/2019/03/04/server-side-encryption-with-rgw-and-barbican
2. https://github.com/openstack/tripleo-heat-templates/blob/master/deployment/swift/swift-proxy-container-puppet.yaml#L197-L206https://github.com/openstack/tripleo-heat-templates/blob/master/deployment/swift/swift-proxy-container-puppet.yaml#L197-L206

--- Additional comment from Gregory Charot on 2019-04-19 10:56:44 CEST ---

Setting to TP preview as it requires to have TLS enabled RGW first and we are not sure to have the capacity to delivery both for 16.

Options:
If dev work is done for 16GA then we will QE, Doc and promote it full support during a Zstream release.
If dev work is not done
- "Manual" configuration is feasible (see materials above) and subject to SE on a case per case basics
-  Target THT integration for the next release and backport the changes to 16.

--- Additional comment from Gregory Charot on 2019-06-05 14:51:47 CEST ---

setting as 17 given chances it lands is low

--- Additional comment from RHEL Program Management on 2019-06-05 14:51:51 CEST ---

This bugzilla has been removed from the release since it is missing the Triaged keyword or does not have an acked release flag. For details, see https://mojo.redhat.com/docs/DOC-1144661#jive_content_id_OSP_Release_Planning.

--- Additional comment from Gregory Charot on 2019-06-07 11:07:20 CEST ---

Customer request on 13:
Taiwan NCHC
SE: https://tools.apps.cee.redhat.com/support-exceptions/id/1218
Comment 2 Gregory Charot 2022-08-25 12:08:13 UTC 
Removing the target milestone of this RFE due to low demands. If you have specific a customer demand, please feel free to reopen.