1882278 – proxy-server.conf has unused options for old authentication mechanisms like auth_host

Bug 1882278 - proxy-server.conf has unused options for old authentication mechanisms like auth_host

Summary: proxy-server.conf has unused options for old authentication mechanisms like a...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-swift
Sub Component:
Version:	16.2 (Train)
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	z2
Target Release:	16.2 (Train on RHEL 8.4)
Assignee:	Pete Zaitcev
QA Contact:
Docs Contact:	RHOS Documentation Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-09-24 08:44 UTC by Takashi Kajinami
Modified:	2022-03-23 22:10 UTC (History)
CC List:	5 users (show)
Fixed In Version:	openstack-swift-2.23.4-2.20211217184841.2bffa1e.el8ost
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-03-23 22:10:09 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
RDO	29952	None	None	None	2020-10-07 21:03:41 UTC
RDO	35676	None	None	None	2021-09-28 08:46:40 UTC
Red Hat Issue Tracker	OSP-432	None	None	None	2022-02-01 11:04:32 UTC
Red Hat Product Errata	RHBA-2022:1001	None	None	None	2022-03-23 22:10:36 UTC

Description Takashi Kajinami 2020-09-24 08:44:11 UTC

Description of problem:

Currently we have the following parameters described in filter:authtoken section of proxy-server.conf .

/var/lib/config-data/puppet-generated/swift/etc/swift/proxy-server.conf
~~~
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
project_name = service
username = swift
password = <password>
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
signing_dir = /var/cache/swift
log_name=swift
www_authenticate_uri=http://172.17.1.49:5000
auth_url=http://172.17.1.49:5000
auth_plugin=password
project_domain_id=default
user_domain_id=default
delay_auth_decision=1
cache=swift.cache
include_service_catalog=False
~~~


However, the following 3 parameters have no effect in fact, since it is only used for old authentication mechanism with admin token.
 - admin_host
 - admin_port
 - admin_protocol

It seems that these settings come from the default conf file included in rpm file, and it would be better to remove these lines to avoid confusing content.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Deploy overcloud/undercloud
2. See proxy-server.conf

Actual results:
The .conf file includes some unused options (auth_host, auth_port and auth_protocol)

Expected results:
The .conf file doesn't include unused options (auth_host, auth_port and auth_protocol)

Additional info:

Comment 2 Pete Zaitcev 2021-03-22 20:57:10 UTC

Change to RDO was merged 03/22/2021.

Comment 4 Alfredo Moralejo 2021-09-28 07:41:09 UTC

I've sent the backport up to train:

https://review.rdoproject.org/r/c/openstack/swift-distgit/+/35674
https://review.rdoproject.org/r/c/openstack/swift-distgit/+/35675
https://review.rdoproject.org/r/c/openstack/swift-distgit/+/35676

Comment 14 errata-xmlrpc 2022-03-23 22:10:09 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 16.2.2), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:1001

Note You need to log in before you can comment on or make changes to this bug.