1789178 – swiftoperator role should be created when deploying an overcloud with containerized Redhat Ceph and enabling the RadowGW service

Bug 1789178 - swiftoperator role should be created when deploying an overcloud with containerized Redhat Ceph and enabling the RadowGW service

Summary: swiftoperator role should be created when deploying an overcloud with contain...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	16.0 (Train)
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	z2
Target Release:	16.0 (Train on RHEL 8.1)
Assignee:	Francesco Pantano
QA Contact:	Yogev Rabl
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-01-08 23:30 UTC by Itzik Brown
Modified:	2020-05-14 12:15 UTC (History)
CC List:	12 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-11.3.2-0.20200315025718.033aae9.el8ost
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-05-14 12:15:29 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
OpenStack gerrit	702230	None	MERGED	Add swiftoperator role on ceph-rgw template	2020-11-09 11:40:03 UTC
OpenStack gerrit	703474	None	MERGED	Add swiftoperator role on ceph-rgw template	2020-11-09 11:40:03 UTC
OpenStack gerrit	708627	None	MERGED	Add swiftoperator role on ceph-rgw template	2020-11-09 11:40:22 UTC
Red Hat Product Errata	RHBA-2020:2114	None	None	None	2020-05-14 12:15:55 UTC

Description Itzik Brown 2020-01-08 23:30:51 UTC

Description of problem:
When deploying Overcloud with Swift a role named swiftoperator is created.
When deploying an overcloud with containerized Redhat Ceph and enabling the Ceph Object Gateway ,swiftoperator role should be created as well as it's replacement of Swift.

Version-Release number of selected component (if applicable):
openstack-tripleo-heat-templates-11.3.1-0.20191212200219.5ca908c.el8ost.noarch

How reproducible:


Steps to Reproduce:
1. Follow the instructions at https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.0-beta/html-single/deploying_an_overcloud_with_containerized_red_hat_ceph/index#ceph-rgw
2.
3.

Actual results:


Expected results:


Additional info:

Comment 3 August Simonelli 2020-01-13 19:49:40 UTC

RGW doesn't use the swiftoperator role. That's for swift only.
Instead RGW requires the member role and sets it up correctly.
So we shouldn't need the swiftoperator role for RGW deployments and can instead use the member role.
Also see: https://bugzilla.redhat.com/show_bug.cgi?id=1767593

Comment 4 Ramon Acedo 2020-01-14 09:19:24 UTC

Should this be a documentation update at https://docs.openshift.com/container-platform/4.2/installing/installing_openstack/installing-openstack-installer-custom.html#installation-osp-enabling-swift_installing-openstack-installer-custom ?

I.e. add a note to the "Procedure" saying that if you are using Ceph RGW the the 2 steps to create "swiftoperator" and to add the Temp URL aren't required.

Comment 8 August Simonelli 2020-01-22 20:56:46 UTC

(In reply to Ramon Acedo from comment #4)
> Should this be a documentation update at
> https://docs.openshift.com/container-platform/4.2/installing/
> installing_openstack/installing-openstack-installer-custom.html#installation-
> osp-enabling-swift_installing-openstack-installer-custom ?
> 
> I.e. add a note to the "Procedure" saying that if you are using Ceph RGW the
> the 2 steps to create "swiftoperator" and to add the Temp URL aren't
> required.

At this point, prior to this BZ (ie OSP 13,14,15) the role required is either Member or admin as is defined in ceph.conf with rgw_keystone_accepted_roles = Member, admin

Comment 9 Giulio Fidente 2020-01-23 11:37:17 UTC

(In reply to August Simonelli from comment #8)
> (In reply to Ramon Acedo from comment #4)
> > Should this be a documentation update at
> > https://docs.openshift.com/container-platform/4.2/installing/
> > installing_openstack/installing-openstack-installer-custom.html#installation-
> > osp-enabling-swift_installing-openstack-installer-custom ?
> > 
> > I.e. add a note to the "Procedure" saying that if you are using Ceph RGW the
> > the 2 steps to create "swiftoperator" and to add the Temp URL aren't
> > required.
> 
> At this point, prior to this BZ (ie OSP 13,14,15) the role required is
> either Member or admin as is defined in ceph.conf with
> rgw_keystone_accepted_roles = Member, admin

note that RGW *operators* are defined by the accepted_admin_roles , that list used to include only "ResellerAdmin" role in OSP13 ; we added to that list the "swiftoperator" role in OSP16

Comment 15 Yogev Rabl 2020-02-12 21:22:33 UTC

verification failed
overcloud) [stack@undercloud-0 ~]$ openstack role list
+----------------------------------+-----------------+
| ID                               | Name            |
+----------------------------------+-----------------+
| 384df1fb7b0142ae8225ef5646d80b1e | heat_stack_user |
| 65d4e62324a6490ea0ff666e39a5f1e5 | service         |
| b09dfa7d2ec241d79dafb24b11fea677 | admin           |
| b598146f3c144eb992809f99fb5b0519 | _member_        |
| cd392b454cfd4cd69f59fe187ef8644e | member          |
| fc0c0ee288ea43b980e6bb568510010f | reader          |
+----------------------------------+-----------------+
(overcloud) [stack@undercloud-0 ~]$ openstack user list
+----------------------------------+-------------------------+
| ID                               | Name                    |
+----------------------------------+-------------------------+
| 0b7df4089aa64e08a0b851dd124d9352 | admin                   |
| e526d1f756f84c708d0ea40d375507c2 | heat_stack_domain_admin |
| 7a86c33891b04090b3ccb4a2b4990e6c | swift                   |
| a7022aa319f54e819911e9322130d374 | cinder                  |
| 7a27eb19cfde47e89ebc9f1f794c9ffc | glance                  |
| a17d8f6e0b1a44e3b78c1594daf03bc4 | heat                    |
| 8d239303c41b4a96acde2b8c8f1a6d6a | heat-cfn                |
| ff34744d2b1d4828afe7fcd9ecbf758b | neutron                 |
| f64455fe2167415d8727086a1766f0d5 | nova                    |
| 6cff775164ab4b9a91a08df981c4b3ad | placement               |
+----------------------------------+-------------------------+
(overcloud) [stack@undercloud-0 ~]$ rpm -qa | grep tripleo-heat-templates
openstack-tripleo-heat-templates-11.3.2-0.20200131125640.cc909b6.el8ost.noarch

Comment 23 errata-xmlrpc 2020-05-14 12:15:29 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2114

Note You need to log in before you can comment on or make changes to this bug.