Juju Charms Collection
swift-proxy package

swift-proxy configuration uses v3 project domain and project but uses 'default' domain for user

Bug #1646765 reported by Frode Nordahl
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Swift Proxy Charm
Fix Released
High
Frode Nordahl
OpenStack Swift Proxy Charm 17.02
swift-proxy (Juju Charms Collection)
Invalid
High
Frode Nordahl
Juju Charms Collection 17.01

Bug Description

From templates/kilo/proxy-server.conf:
{% if api_version == '3' -%}
auth_plugin = password
auth_url = {{ auth_protocol }}://{{ keystone_host }}:{{ auth_port }}
username = {{ service_user }}
password = {{ service_password }}
user_domain_name = default
project_id = {{ service_tenant_id }}
project_domain_id = {{ admin_domain_id }}

This probably dates from early Keystone v3 implementations and must be updated along the lines of something like this to work:
user_domain_name = {{ admin_domain_name }}
project_domain_name = {{ admin_domain_name }}
project_name = {{ admin_tenant_name }}

Suggest to refresh configuration for Mitaka and newer and update the Keystone v3 settings.

Tags: openstack sts
Frode Nordahl (fnordahl)
affects: charms → swift-proxy (Juju Charms Collection)
Frode Nordahl (fnordahl)
Changed in swift-proxy (Juju Charms Collection):
assignee: nobody → Frode Nordahl (fnordahl)
Frode Nordahl (fnordahl)
tags: added: sts
summary: - swift-proxy configuration uses v3 project domain and project but is hard
- coded to 'default' domain for user
+ swift-proxy configuration uses v3 project domain and project but uses
+ 'default' domain for user
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-swift-proxy (master)

Fix proposed to branch: master
Review: https://review.openstack.org/406070

Changed in swift-proxy (Juju Charms Collection):
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-swift-proxy (master)

Reviewed: https://review.openstack.org/406070
Committed: https://git.openstack.org/cgit/openstack/charm-swift-proxy/commit/?id=7c24ae81283710c830ab03f240ec9cc10dccd975
Submitter: Jenkins
Branch: master

commit 7c24ae81283710c830ab03f240ec9cc10dccd975
Author: Frode Nordahl <email address hidden>
Date: Fri Dec 2 12:08:04 2016 +0100

    Fix Keystone v3 auth for swift-proxy

    No need for refresh of proxy-server.conf template for Mitaka. Update
    template for Kilo and later to make use of domain_name and project_name
    parameters instead of domain_id and project_id parameters.

    The current template sets up auth to user in default domain
    but project in service domain. This does not work with service
    domain layout.

    Do not request configured operator_roles roles from Keystone. From
    which roles swift-proxy should accept requests are still configured
    in proxy-server.conf, but requesting and setting up these roles for
    the s3_swift user in Keystone is incorrect behaviour.

    Register required relation data for identity-service immediatelly when
    relation to 'identity-service' exists. Do not postpone registration
    until context is complete which may cause the swift-proxy unit marking
    itself ready while still being in a unconfigured state.

    Add tests to verify configuration and operation of swift-proxy when
    using Keystone v3 auth.

    Change-Id: I8bf182a9256f96af50e4cc37505d9c0ca3d62e47
    Closes-Bug: 1646765

Changed in swift-proxy (Juju Charms Collection):
status: In Progress → Fix Committed
Edward Hope-Morley (hopem)
Changed in swift-proxy (Juju Charms Collection):
milestone: none → 17.01
tags: added: openstack
Liam Young (gnuoy)
Changed in swift-proxy (Juju Charms Collection):
importance: Undecided → High
James Page (james-page)
Changed in charm-swift-proxy:
assignee: nobody → Frode Nordahl (fnordahl)
importance: Undecided → High
status: New → Fix Committed
Changed in swift-proxy (Juju Charms Collection):
status: Fix Committed → Invalid
James Page (james-page)
Changed in charm-swift-proxy:
milestone: none → 17.02
James Page (james-page)
Changed in charm-swift-proxy:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.