1709968 – Overcloud deployed with rgw has incomplete swift endpoints

Bug 1709968 - Overcloud deployed with rgw has incomplete swift endpoints

Summary: Overcloud deployed with rgw has incomplete swift endpoints

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	13.0 (Queens)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	z11
Target Release:	13.0 (Queens)
Assignee:	Giulio Fidente
QA Contact:	Yogev Rabl
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1778511 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-05-14 16:54 UTC by nalmond
Modified:	2023-09-07 20:05 UTC (History)
CC List:	17 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-8.4.1-41.el7ost
Doc Type:	Bug Fix
Doc Text:	Before this update, when deploying Ceph RGW, the object-store endpoint that is created in the Identity service (keystone) was missing the `AUTH_%(tenant_id)s` suffix. This meant that public containers that were created in Ceph RGW could not be accessed without authentication. With this update, the `account_in_url` configuration option for Ceph RGW is appended with `AUTH_%(tenant_id)s` for the object-store endpoints. Public containers can now be hosted in Ceph RGW and accessed without authentication.
Clone Of:
Environment:
Last Closed:	2020-03-10 11:18:29 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
OpenStack gerrit	696059	0	'None'	MERGED	Enable Ceph RGW 'account in url' option	2021-01-28 08:40:29 UTC
Red Hat Issue Tracker	OSP-28229	0	None	None	None	2023-09-07 20:05:34 UTC

Description nalmond 2019-05-14 16:54:26 UTC

Description of problem:
When deploying the overcloud using /usr/share/openstack-tripleo-heat-templates/environments/ceph-ansible/ceph-rgw.yaml to configure rgw as a drop-in replacement for swift, the swift endpoints are missing AUTH_%(tenant_id)s causing the issue described in https://access.redhat.com/solutions/3228661 to appear.

The issue appears to lie within /usr/share/openstack-tripleo-heat-templates/network/endpoints/endpoint_data.yaml which has this set for swift, but not rgw:
~~~
Swift:
    Internal:
        net_param: SwiftProxy
        uri_suffixes:
            '': /v1/AUTH_%(tenant_id)s
            S3:
    Public:
        net_param: Public
        uri_suffixes:
            '': /v1/AUTH_%(tenant_id)s
            S3:
    Admin:
        net_param: SwiftProxy
        uri_suffixes:
            '':
            S3:
    port: 8080

CephRgw:
    Internal:
        net_param: CephRgw
        uri_suffixes:
            '': /swift/v1
    Public:
        net_param: Public
        uri_suffixes:
            '': /swift/v1
    Admin:
        net_param: CephRgw
        uri_suffixes:
            '': /swift/v1
    port: 8080
~~~

Version-Release number of selected component (if applicable):
openstack-tripleo-heat-templates-8.2.0-6.2.el7ost.noarch
ceph-ansible-3.2.8-1.el7cp.noarch

How reproducible:
Each deployment

Steps to Reproduce:
1. Deploy RHOSP 13 with rgw per https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/13/html-single/deploying_an_overcloud_with_containerized_red_hat_ceph/index#ceph-rgw
2. Attempt to utilize public containers

Actual results:
Receive NoSuchBucket with public containers, swift endpoints are missing AUTH_%(tenant_id)s

Expected results:
Public containers work normally, swift endpoints are complete

Additional info:
Workaround is:
- append "AUTH_%(tenant_id)s" to each of the uri_suffixes in CephRGW in endpoint_data.yaml
- run the builder script build_endpoint_map.py
- re-run the overcloud deployment

Comment 2 Giulio Fidente 2019-05-22 13:29:18 UTC

We'll be working on a code change to support this in OSP15, tracked by BZ #1670217 but not backport it to OSP13 given it will be changing the existing default behavior of RGW. For new deployments based on OSP13 a valid workaround exists, as described in comment #0.

Comment 9 Giulio Fidente 2019-12-02 14:28:03 UTC

*** Bug 1778511 has been marked as a duplicate of this bug. ***

Comment 27 errata-xmlrpc 2020-03-10 11:18:29 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0760

Note You need to log in before you can comment on or make changes to this bug.