radosgw-cannot-find-keystone-domain-users
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Mirantis OpenStack | Status tracked in 10.0.x | |||||
10.0.x |
Confirmed
|
Wishlist
|
Radoslaw Zarzynski | |||
6.1.x |
Won't Fix
|
Medium
|
MOS Maintenance | |||
7.0.x |
Won't Fix
|
High
|
Alexey Stupnikov | |||
8.0.x |
Won't Fix
|
Wishlist
|
Radoslaw Zarzynski |
Bug Description
build_id: 2015-06-19_13-02-31
build_number: '525'
feature_groups:
- mirantis
fuel-library_sha: 2e7a08ad9792c70
fuel-ostf_sha: 8fefcf7c4649370
fuelmain_sha: a3998372183468f
nailgun_sha: dbd54158812033d
openstack_version: 2014.2.2-6.1
production: docker
python-
release: '6.1'
release_versions:
2014.2.2-6.1:
VERSION:
api: '1.0'
astute_sha: 1ea8017fe888941
build_id: 2015-06-19_13-02-31
build_number: '525'
feature_
- mirantis
fuel-
fuel-
fuelmain_sha: a3998372183468f
nailgun_sha: dbd54158812033d
openstack
production: docker
python-
Radosgw can only find users on the keystone default sql backed domain, - steps to reproduce:
Deploy MOS 6.1 with Ceph for object storage
verify the users in the default domain can use the swift API and create objects in horizon
Configure Keystone for Domain users with: domain_
add an ldap domain in /etc/keystone/
configure horizon to use identity api version 3
observe domain users can log in and use all services, glance, cinder, nova, neutron
observe domain users cannot list containers in horizon with error message 'ERROR unable to retrieve container list'
error message from swift cli: "unable to find user "username""
radosgw needs to support searching for users in a domain and project.
domain user are not returned with keystone user-list, presumably ceph will need to release support for keystone v3 domain scoped tokens
https:/
tags: | added: enhancement |
Changed in mos: | |
milestone: | 8.0 → 9.0 |
tags: | added: wontfix-feature |
the original error report submitted by me is invalid, my user was not in an ldap group - so Unable to find user 'username' is a perfectly valid error.
The error is in fact
2015-09-28 12:59:38 WARNING Authorization failed. Non-default domain is not supported (Disable debug mode to suppress these details.) (Disable debug mode to suppress these details.) from 172.25.60.2
2015-09-28 12:59:38 WARNING : Bypassing authorization
2015-09-28 12:59:37 WARNING Authorization failed. Non-default domain is not supported (Disable debug mode to suppress these details.) (Disable debug mode to suppress these details.) from 172.25.60.2
ceph radosgw is hardcoded to use /v2.0 in keystone url