git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[stein][cinder][backup][swift] issue


Tim, as always, has hit the nail on the head. By default rgw doesn't use
explicit tenants.
if you want to use RGW and explicit tenants.. ie no global container
namespace, then you need to add:

  rgw keystone implicit tenants = true

To you rgw client configuration in ceph.conf.

See:
https://docs.ceph.com/docs/master/radosgw/multitenancy/#swift-with-keystone

Not sure what happens to existing containers when you enable this option,
because I think my default things are considered to be in the 'default'
tenant.

matt

On Thu, Jan 2, 2020 at 5:40 PM Ignazio Cassano <ignaziocassano at gmail.com>
wrote:

> Many Thanks, Tim
> Ignazio
>
> Il giorno gio 2 gen 2020 alle ore 07:10 Tim Burke <tim at swiftstack.com> ha
> scritto:
>
>> Hi Ignazio,
>>
>> That's expected behavior with rados gateway. They follow S3's lead and
>> have a unified namespace for containers across all tenants. From their
>> documentation [0]:
>>
>>     If a container with the same name already exists, and the user is
>>     the container owner then the operation will succeed. Otherwise the
>>     operation will fail.
>>
>> FWIW, that's very much a Ceph-ism -- Swift proper allows each tenant
>> full and independent control over their namespace.
>>
>> Tim
>>
>> [0]
>> https://docs.ceph.com/docs/mimic/radosgw/swift/containerops/#http-response
>>
>> On Mon, 2019-12-30 at 15:48 +0100, Ignazio Cassano wrote:
>> > Hello All,
>> > I configured openstack stein on centos 7 witch ceph.
>> > Cinder works fine and object storage on ceph seems to work fine: I
>> > can clreate containers, volume etc .....
>> >
>> > I configured cinder backup on swift (but swift is using ceph rados
>> > gateway) :
>> >
>> > backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver
>> > swift_catalog_info = object-store:swift:publicURL
>> > backup_swift_enable_progress_timer = True
>> > #backup_swift_url = http://10.102.184.190:8080/v1/AUTH_
>> > backup_swift_auth_url = http://10.102.184.190:5000/v3
>> > backup_swift_auth = per_user
>> > backup_swift_auth_version = 1
>> > backup_swift_user = admin
>> > backup_swift_user_domain = default
>> > #backup_swift_key = <None>
>> > #backup_swift_container = volumebackups
>> > backup_swift_object_size = 52428800
>> > #backup_swift_project = <None>
>> > #backup_swift_project_domain = <None>
>> > backup_swift_retry_attempts = 3
>> > backup_swift_retry_backoff = 2
>> > backup_compression_algorithm = zlib
>> >
>> > If I run a backup as user admin, it creates a container named
>> > "volumebackups".
>> > If I run a backup as user demo and I do not specify a container name,
>> > it tires to write on volumebackups and gives some errors:
>> >
>> > ClientException: Container PUT failed:
>> >
>> http://10.102.184.190:8080/swift/v1/AUTH_964f343cf5164028a803db91488bdb01/volumebackups
>> > 409 Conflict   BucketAlreadyExists
>> >
>> >
>> > Does it mean I cannot use the same containers name on differents
>> > projects ?
>> >
>> > My ceph.conf is configured for using keystone:
>> > [client.rgw.tst2-osctrl01]
>> > rgw_frontends = "civetweb port=10.102.184.190:8080"
>> > # Keystone information
>> > rgw keystone api version = 3
>> > rgw keystone url = http://10.102.184.190:5000
>> > rgw keystone admin user = admin
>> > rgw keystone admin password = password
>> > rgw keystone admin domain = default
>> > rgw keystone admin project = admin
>> > rgw swift account in url = true
>> > rgw keystone implicit tenants = true
>> >
>> >
>> >
>> > Any help, please ?
>> > Best Regards
>> > Ignazio
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20200103/35bb01ef/attachment.html>