2123335 – swift authentication fails with a "some" chance

Bug 2123335 - swift authentication fails with a "some" chance

Summary: swift authentication fails with a "some" chance

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	RGW
Sub Component:
Version:	5.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	5.3
Assignee:	Marcus Watts
QA Contact:	Hemanth Sai
Docs Contact:	Akash Raj
URL:
Whiteboard:
Duplicates (2):	2126064 2129026 (view as bug list)
Depends On:
Blocks:	2160009 2126049 2140014
TreeView+	depends on / blocked

Reported:	2022-09-01 12:23 UTC by Attila Fazekas
Modified:	2023-01-11 17:42 UTC (History)
CC List:	16 users (show)
Fixed In Version:	ceph-16.2.10-94.el8cp
Doc Type:	Bug Fix
Doc Text:	.Header processing no longer causes sporadic swift-protocol authentication failures Previously, a combination of incorrect HTTP header processing and timestamp handling logic would either cause an invalid Keystone admin token to be used for operations, or non-renewal of Keystone's admin token as required. Due to this, sporadic swift-protocol authentication failures would occur. With this fix, header processing is corrected and new diagnostics are added. The logic now works as expected.
Clone Of:
Clones:	2140014 (view as bug list)
Environment:
Last Closed:	2023-01-11 17:41:25 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHCEPH-5182	0	None	None	None	2022-09-01 12:27:36 UTC
Red Hat Product Errata	RHSA-2023:0076	0	None	None	None	2023-01-11 17:42:08 UTC

Comment 1 RHEL Program Management 2022-09-01 12:23:44 UTC

Please specify the severity of this bug. Severity is defined here:
https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.

Comment 18 Alan Pevec 2022-09-12 14:32:55 UTC

*** Bug 2126064 has been marked as a duplicate of this bug. ***

Comment 38 Marcus Watts 2022-09-20 20:02:18 UTC

tempurl/newer hashlib support coming to ceph:
 https://bugzilla.redhat.com/show_bug.cgi?id=2105950
 https://github.com/ceph/ceph/pull/47723

older swift (at least up to train) does not advertise supported hash functions, and no version of tempestconf that I know of (at least up to 3.3.0) has a way to use it.  Latest swift does appear to advertise what it supports.  If I can figure out what the output is supposed to look like, I will add this to ceph.  So far, my centos7 reference swift cluster has run out of steam (last available version train), need to move to el8.

Comment 39 Luigi Toscano 2022-09-22 11:27:08 UTC

*** Bug 2129026 has been marked as a duplicate of this bug. ***

Comment 66 errata-xmlrpc 2023-01-11 17:41:25 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat Ceph Storage 5.3 security update and Bug Fix), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:0076

Note You need to log in before you can comment on or make changes to this bug.