Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1882278

Summary: proxy-server.conf has unused options for old authentication mechanisms like auth_host
Product: Red Hat OpenStack Reporter: Takashi Kajinami <tkajinam>
Component: openstack-swiftAssignee: Pete Zaitcev <zaitcev>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact: RHOS Documentation Team <rhos-docs>
Priority: medium    
Version: 16.2 (Train)CC: amoralej, cschwede, derekh, gfidente, zaitcev
Target Milestone: z2Keywords: Triaged
Target Release: 16.2 (Train on RHEL 8.4)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-swift-2.23.4-2.20211217184841.2bffa1e.el8ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-03-23 22:10:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Takashi Kajinami 2020-09-24 08:44:11 UTC 
Description of problem:

Currently we have the following parameters described in filter:authtoken section of proxy-server.conf .

/var/lib/config-data/puppet-generated/swift/etc/swift/proxy-server.conf
~~~
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
project_name = service
username = swift
password = <password>
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
signing_dir = /var/cache/swift
log_name=swift
www_authenticate_uri=http://172.17.1.49:5000
auth_url=http://172.17.1.49:5000
auth_plugin=password
project_domain_id=default
user_domain_id=default
delay_auth_decision=1
cache=swift.cache
include_service_catalog=False
~~~


However, the following 3 parameters have no effect in fact, since it is only used for old authentication mechanism with admin token.
 - admin_host
 - admin_port
 - admin_protocol

It seems that these settings come from the default conf file included in rpm file, and it would be better to remove these lines to avoid confusing content.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Deploy overcloud/undercloud
2. See proxy-server.conf

Actual results:
The .conf file includes some unused options (auth_host, auth_port and auth_protocol)

Expected results:
The .conf file doesn't include unused options (auth_host, auth_port and auth_protocol)

Additional info:
Comment 2 Pete Zaitcev 2021-03-22 20:57:10 UTC 
Change to RDO was merged 03/22/2021.
Comment 4 Alfredo Moralejo 2021-09-28 07:41:09 UTC 
I've sent the backport up to train:

https://review.rdoproject.org/r/c/openstack/swift-distgit/+/35674
https://review.rdoproject.org/r/c/openstack/swift-distgit/+/35675
https://review.rdoproject.org/r/c/openstack/swift-distgit/+/35676
Comment 14 errata-xmlrpc 2022-03-23 22:10:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 16.2.2), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:1001