1947556 – [RFE][TestOnly] Barbican support for RadosGW with external Ceph

This bug has been migrated to another issue tracking site. It has been closed here and may no longer be being monitored.

If you would like to get updates for this issue, or to participate in it, you may do so at Red Hat Issue Tracker .

Bug 1947556 - [RFE][TestOnly] Barbican support for RadosGW with external Ceph

Summary: [RFE][TestOnly] Barbican support for RadosGW with external Ceph

Keywords:
Status:	CLOSED MIGRATED
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	17.0 (Wallaby)
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	Alpha
Target Release:	---
Assignee:	Giulio Fidente
QA Contact:	Yogev Rabl
Docs Contact:
URL:
Whiteboard:
Depends On:	1643715 1701416
Blocks:
TreeView+	depends on / blocked

Reported:	2021-04-08 17:15 UTC by Gregory Charot
Modified:	2024-01-26 23:27 UTC (History)
CC List:	13 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:	1643715
Environment:
Last Closed:	2024-01-18 23:23:20 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	OSP-2074	0	None	None	None	2021-12-02 14:37:34 UTC
Red Hat Issue Tracker	OSPRH-848	0	None	None	None	2024-01-26 23:27:36 UTC

Description Gregory Charot 2021-04-08 17:15:45 UTC

Test RGW encryption with Barbican when ceph is external.


+++ This bug was initially created as a clone of Bug #1643715 +++

Description of problem:
At this moment is possible to use Barbican for Swift but not when RadosGW is used as Object Storage

Version-Release number of selected component (if applicable): OpenStack 13 and Ceph 3

Additional Information:

Ceph RadosGW allows to use Barbican to encrypt on server level:
http://docs.ceph.com/docs/mimic/radosgw/barbican/

--- Additional comment from Alberto Gonzalez on 2018-10-27 21:47:33 CEST ---

I created a document how to configure manually, https://docs.google.com/document/d/1m9j_6NsHHYTmtKfinB35eE2_9J_r47U3n4e9jefvH60/edit

The idea of this RFE is to integrate it with TripleO to configure the ceph.conf  file automatically.

--- Additional comment from John Fulton on 2018-10-31 14:24:33 CET ---

Hi Sean,

What priority would you give this RFE? If it's important, do you know
which version of OSP it should be in?

 https://bugzilla.redhat.com/show_bug.cgi?id=1643715

Thanks,
  John

http://post-office.corp.redhat.com/archives/rhos-dfg-ceph/2018-October/msg00057.html

--- Additional comment from John Fulton on 2018-11-30 18:17:32 CET ---

We'll target OSP16 and we might need to depends-on a ceph test-only bug for RGW in this usecase.

--- Additional comment from Giulio Fidente on 2019-04-15 12:24:38 CEST ---

For the implementation also see the post from Gregory [1] and the existing implementation for Swift [2]

1. https://mojo.redhat.com/people/gcharot/blog/2019/03/04/server-side-encryption-with-rgw-and-barbican
2. https://github.com/openstack/tripleo-heat-templates/blob/master/deployment/swift/swift-proxy-container-puppet.yaml#L197-L206https://github.com/openstack/tripleo-heat-templates/blob/master/deployment/swift/swift-proxy-container-puppet.yaml#L197-L206

--- Additional comment from Gregory Charot on 2019-04-19 10:56:44 CEST ---

Setting to TP preview as it requires to have TLS enabled RGW first and we are not sure to have the capacity to delivery both for 16.

Options:
If dev work is done for 16GA then we will QE, Doc and promote it full support during a Zstream release.
If dev work is not done
- "Manual" configuration is feasible (see materials above) and subject to SE on a case per case basics
-  Target THT integration for the next release and backport the changes to 16.

--- Additional comment from Gregory Charot on 2019-06-05 14:51:47 CEST ---

setting as 17 given chances it lands is low

--- Additional comment from RHEL Program Management on 2019-06-05 14:51:51 CEST ---

This bugzilla has been removed from the release since it is missing the Triaged keyword or does not have an acked release flag. For details, see https://mojo.redhat.com/docs/DOC-1144661#jive_content_id_OSP_Release_Planning.

--- Additional comment from Gregory Charot on 2019-06-07 11:07:20 CEST ---

Customer request on 13:
Taiwan NCHC
SE: https://tools.apps.cee.redhat.com/support-exceptions/id/1218

Comment 2 Gregory Charot 2022-08-25 12:08:13 UTC

Removing the target milestone of this RFE due to low demands. If you have specific a customer demand, please feel free to reopen.

Note You need to log in before you can comment on or make changes to this bug.