Ceph RADOS Gateway Charm

Project member is unable to create a container

Bug #1904183 reported by Przemyslaw Hausman
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ceph RADOS Gateway Charm
Fix Released
Undecided
Unassigned
Ceph RADOS Gateway Charm 21.04

Bug Description

- focal-ussuri, 20.10
- python3-swiftclient 1:3.9.0-0ubuntu1.1 from focal-proposed installed in openstack-dashboard units.
- swift is not deployed
- ceph-radosgw is deployed

A user with a role 'member' (note lowercase 'm') assigned in the project in not able to create a container.

Probably related to: https://bugs.launchpad.net/charm-ceph-radosgw/+bug/1902944

$ openstack container create my-container
Unauthorized (HTTP 401) (Request-ID: tx0000000000000000004cb-005fae64e4-435e-default)

In the Horizon GUI, a user with 'member' role in the project is not able to access "Object Store -> Containers" tab at all. As soon as I click "Containers", I'm being logged out and dropped to login page.

The log from ceph-radosgw unit.

2020-11-13T10:35:57.420+0000 7f8eb1ffb700 1 ====== starting new request req=0x7f8eb1ff45c0 =====
2020-11-13T10:35:57.732+0000 7f8eb1ffb700 0 req 4 0.311998666s swift:create_bucket user does not hold a matching role; required roles: Member
2020-11-13T10:35:57.732+0000 7f8eb1ffb700 1 op->ERRORHANDLER: err_no=-1 new_err_no=-1
2020-11-13T10:35:57.732+0000 7f8eb1ffb700 1 ====== req done req=0x7f8eb1ff45c0 op status=0 http_status=401 latency=0.311998666s ======
2020-11-13T10:35:57.732+0000 7f8eb1ffb700 1 civetweb: 0x7f8f884e8010: 127.0.0.1 - - [13/Nov/2020:10:35:57 +0000] "PUT /swift/v1/AUTH_73152ea5aba64729a406147301a1118b/mycontainer HTTP/1.1" 401 321 - openstacksdk/0.36.0 keystoneauth1/3.17.1 python-requests/2.22.0 CPython/3.6.8

$ env | grep OS_
OS_USER_DOMAIN_ID=9a87cc9d77b846ffaa2b7fd9c5f6c515
OS_AUTH_URL=https://keystone.example.com:5000/v3
OS_PROJECT_DOMAIN_ID=9a87cc9d77b846ffaa2b7fd9c5f6c515
OS_DOMAIN_ID=9a87cc9d77b846ffaa2b7fd9c5f6c515
OS_REGION_NAME=RegionOne
OS_PROJECT_NAME=test-workload-project
OS_IDENTITY_API_VERSION=3
OS_AUTH_TYPE=password
OS_INTERFACE=public
OS_PASSWORD=redacted
OS_USERNAME=project-member

$ juju ssh openstack-dashboard/0 "dpkg -l python3-swiftclient | grep python"
ii python3-swiftclient 1:3.9.0-0ubuntu1.1 all Client library for Openstack Swift API - Python 3.x

Revision history for this message
Przemyslaw Hausman (phausman) wrote :

Adding field-critical because the object store service is not available for the users. And it is a customer deployment.

Revision history for this message
Przemyslaw Hausman (phausman) wrote :

Workaround: configure option operator-roles="Member,member" for ceph-radosgw charm.

Big thanks to @chris.macnaughton for a solution!

Removing field-critical as there's a workaround and the service in available.

Revision history for this message
Aurelien Lourot (aurelien-lourot) wrote :

https://review.opendev.org/c/openstack/charm-ceph-radosgw/+/762662

Changed in charm-ceph-radosgw:
status: In Progress → Fix Committed
milestone: none → 21.04
Alex Kavanagh (ajkavanagh)
Changed in charm-ceph-radosgw:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.