<div dir="ltr">Actually from the CLI on both side I did not get any errors. containers are successfully created and added in ceph . The problem is to do it through the dashboard .<div><br></div><div>Michel</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Sep 10, 2021 at 9:47 AM Eugen Block <<a href="mailto:eblock@nde.ag">eblock@nde.ag</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Check the log files, the dashboard errors suggest that it could be a <br>
policy issue, the openstack-dashboard-error-logs should be more <br>
verbose. Then check keystone and rgw logs. What errors do you get when <br>
you try to create a container from CLI (add '--debug' flag to see <br>
more)? Did you source the correct openrc file?<br>
<br>
<br>
Zitat von Michel Niyoyita <<a href="mailto:micou12@gmail.com" target="_blank">micou12@gmail.com</a>>:<br>
<br>
> Hello Eugen<br>
><br>
> Thank you for your continuous support. now The dashboard is stable is not<br>
> dsconnected as before , unfotunately I am not able to create containers and<br>
> see the list of created one using openstack CLI or ceph side.<br>
><br>
> below is my ceph.conf :<br>
><br>
> [client.rgw.ceph-osd3]<br>
> rgw frontends = "beast port=8080"<br>
> rgw dns name = ceph-osd3<br>
> rgw enable usage log = true<br>
><br>
> rgw thread pool size = 512<br>
> rgw keystone api version = 3<br>
> rgw keystone url = <a href="http://kolla-open1:5000" rel="noreferrer" target="_blank">http://kolla-open1:5000</a><br>
><br>
> rgw keystone admin user = rgw<br>
> rgw keystone admin password = c8igBKQqEon8jXaG68TkcWgNI4E77m2K3bJD7fCU<br>
> rgw keystone admin domain = default<br>
> rgw keystone admin project = service<br>
> rgw keystone accepted roles = admin,Member,_member_,member,swiftoperator<br>
> rgw keystone verify ssl = false<br>
> rgw s3 auth use keystone = true<br>
> rgw keystone revocation interval = 0<br>
><br>
><br>
> [client.rgw.ceph-osd3.rgw0]<br>
> host = ceph-osd3<br>
> keyring = /var/lib/ceph/radosgw/ceph-rgw.ceph-osd3.rgw0/keyring<br>
> log file = /var/log/ceph/ceph-rgw-ceph-osd3.rgw0.log<br>
> rgw frontends = beast endpoint=ceph-osd3:8080<br>
> rgw thread pool size = 512<br>
><br>
> openstack role assignment lis --names output:<br>
><br>
><br>
> (kolla-open1) stack@kolla-open1:~$ openstack role assignment list --names<br>
><br>
> <br>
> +------------------+------------------------------------+-------+-----------------+--------<br>
> ----------+--------+-----------+<br>
> | Role | User | Group | Project<br>
> | Domain | System | Inherited |<br>
> +------------------+------------------------------------+-------+-----------------+--------<br>
> ----------+--------+-----------+<br>
> | swiftoperator | operator:swift@Default | |<br>
> service@Default | | | False |<br>
> | admin | rgw@Default | |<br>
> service@Default | | | False |<br>
> | member | rgw@Default | |<br>
> service@Default | | | False |<br>
> | admin | cinder@Default | |<br>
> service@Default | | | False |<br>
> | admin | neutron@Default | |<br>
> service@Default | | | False |<br>
> | admin | placement@Default | |<br>
> service@Default | | | False |<br>
> | admin | nova@Default | |<br>
> service@Default | | | False |<br>
> | admin | admin@Default | |<br>
> admin@Default | | | False |<br>
> | heat_stack_owner | admin@Default | |<br>
> admin@Default | | | False |<br>
> | admin | admin@Default | |<br>
> service@Default | | | False |<br>
> | member | admin@Default | |<br>
> service@Default | | | False |<br>
> | admin | glance@Default | |<br>
> service@Default | | | False |<br>
> | member | operator@Default | |<br>
> service@Default | | | False |<br>
> | _member_ | operator@Default | |<br>
> service@Default | | | False |<br>
> | admin | heat@Default | |<br>
> service@Default | | | False |<br>
> | admin | heat_domain_admin@heat_user_domain | |<br>
> | heat_us er_domain | | False |<br>
> | admin | admin@Default | |<br>
> | | all | False |<br>
> +------------------+------------------------------------+-------+-----------------+--------<br>
><br>
> Michel<br>
><br>
><br>
> On Fri, Sep 10, 2021 at 9:33 AM Michel Niyoyita <<a href="mailto:micou12@gmail.com" target="_blank">micou12@gmail.com</a>> wrote:<br>
><br>
>> Hello Eugen<br>
>><br>
>> Thank you for your continuous support. now The dashboard is stable is not<br>
>> dsconnected as before , unfotunately I am not able to create containers and<br>
>> see the list of created one using openstack CLI or ceph side. you will find<br>
>> the image at the end.<br>
>><br>
>> below is my ceph.conf :<br>
>><br>
>> [client.rgw.ceph-osd3]<br>
>> rgw frontends = "beast port=8080"<br>
>> rgw dns name = ceph-osd3<br>
>> rgw enable usage log = true<br>
>><br>
>> rgw thread pool size = 512<br>
>> rgw keystone api version = 3<br>
>> rgw keystone url = <a href="http://kolla-open1:5000" rel="noreferrer" target="_blank">http://kolla-open1:5000</a><br>
>><br>
>> rgw keystone admin user = rgw<br>
>> rgw keystone admin password = c8igBKQqEon8jXaG68TkcWgNI4E77m2K3bJD7fCU<br>
>> rgw keystone admin domain = default<br>
>> rgw keystone admin project = service<br>
>> rgw keystone accepted roles = admin,Member,_member_,member,swiftoperator<br>
>> rgw keystone verify ssl = false<br>
>> rgw s3 auth use keystone = true<br>
>> rgw keystone revocation interval = 0<br>
>><br>
>><br>
>> [client.rgw.ceph-osd3.rgw0]<br>
>> host = ceph-osd3<br>
>> keyring = /var/lib/ceph/radosgw/ceph-rgw.ceph-osd3.rgw0/keyring<br>
>> log file = /var/log/ceph/ceph-rgw-ceph-osd3.rgw0.log<br>
>> rgw frontends = beast endpoint=ceph-osd3:8080<br>
>> rgw thread pool size = 512<br>
>><br>
>> openstack role assignment lis --names output:<br>
>><br>
>><br>
>> (kolla-open1) stack@kolla-open1:~$ openstack role assignment list --names<br>
>><br>
>> <br>
>> +------------------+------------------------------------+-------+-----------------+--------<br>
>> ----------+--------+-----------+<br>
>> | Role | User | Group | Project<br>
>> | Domain | System | Inherited |<br>
>> +------------------+------------------------------------+-------+-----------------+--------<br>
>> ----------+--------+-----------+<br>
>> | swiftoperator | operator:swift@Default | |<br>
>> service@Default | | | False |<br>
>> | admin | rgw@Default | |<br>
>> service@Default | | | False |<br>
>> | member | rgw@Default | |<br>
>> service@Default | | | False |<br>
>> | admin | cinder@Default | |<br>
>> service@Default | | | False |<br>
>> | admin | neutron@Default | |<br>
>> service@Default | | | False |<br>
>> | admin | placement@Default | |<br>
>> service@Default | | | False |<br>
>> | admin | nova@Default | |<br>
>> service@Default | | | False |<br>
>> | admin | admin@Default | |<br>
>> admin@Default | | | False |<br>
>> | heat_stack_owner | admin@Default | |<br>
>> admin@Default | | | False |<br>
>> | admin | admin@Default | |<br>
>> service@Default | | | False |<br>
>> | member | admin@Default | |<br>
>> service@Default | | | False |<br>
>> | admin | glance@Default | |<br>
>> service@Default | | | False |<br>
>> | member | operator@Default | |<br>
>> service@Default | | | False |<br>
>> | _member_ | operator@Default | |<br>
>> service@Default | | | False |<br>
>> | admin | heat@Default | |<br>
>> service@Default | | | False |<br>
>> | admin | heat_domain_admin@heat_user_domain | |<br>
>> | heat_us er_domain | | False |<br>
>> | admin | admin@Default | |<br>
>> | | all | False |<br>
>><br>
>> +------------------+------------------------------------+-------+-----------------+--------<br>
>><br>
>> [image: image.png]<br>
>><br>
>> Michel<br>
>><br>
>><br>
>> On Thu, Sep 9, 2021 at 2:15 PM Eugen Block <<a href="mailto:eblock@nde.ag" target="_blank">eblock@nde.ag</a>> wrote:<br>
>><br>
>>> Hi,<br>
>>><br>
>>> I could reproduce this in my lab environment. The issue must be either<br>
>>> in your ceph.conf on the RGW host(s) or your openstack role<br>
>>> assigments. I have a dedicated user for my setup as you can see in my<br>
>>> previous response. The user "rgw" gets then assigned the "member" role<br>
>>> to the "service" project. If I login to Horizon dashboard with this<br>
>>> user I can see the object-storage panel and see existing containers<br>
>>> for that user. If I login as admin and try to see the container panel<br>
>>> I get logged out, too. If I replace "rgw" with "admin" in the<br>
>>> ceph.conf and restart the RGW it works. But note that in this case the<br>
>>> admin user has to have the proper role assignment, too.<br>
>>><br>
>>> So to achieve this you need to add a matching role (from "rgw keystone<br>
>>> accepted roles") for your admin user in the respective project, like<br>
>>> this:<br>
>>><br>
>>> # replace rgw with admin in your case, PROJECT_ID is "service" in my case<br>
>>> openstack role add --user rgw --project <PROJECT_ID> member<br>
>>><br>
>>> # check with<br>
>>> openstack role assignment list --names<br>
>>><br>
>>> To make it easier to follow, please share your current ceph.conf and<br>
>>> the openstack role assignment output.<br>
>>><br>
>>> Regards,<br>
>>> Eugen<br>
>>><br>
>>><br>
>>><br>
>>> Zitat von Michel Niyoyita <<a href="mailto:micou12@gmail.com" target="_blank">micou12@gmail.com</a>>:<br>
>>><br>
>>> > Hello team ,<br>
>>> ><br>
>>> > I am facing an issue when I am trying to connect to the object store<br>
>>> > containers on the horizon dashboad . Once click on containers it<br>
>>> > automatically disconnect. please find below logs I am getting and help<br>
>>> for<br>
>>> > further analysis.<br>
>>> ><br>
>>> > [Thu Sep 09 06:35:22.185771 2021] [wsgi:error] [pid 167:tid<br>
>>> > 139887608641280] [remote <a href="http://10.10.29.150:55130" rel="noreferrer" target="_blank">10.10.29.150:55130</a>] Attempted scope to domain<br>
>>> > Default failed, will attempt to scope to another domain.<br>
>>> > [Thu Sep 09 06:35:22.572522 2021] [wsgi:error] [pid 167:tid<br>
>>> > 139887608641280] [remote <a href="http://10.10.29.150:55130" rel="noreferrer" target="_blank">10.10.29.150:55130</a>] Login successful for user<br>
>>> > "admin" using domain "Default", remote address 10.10.29.150.<br>
>>> > [Thu Sep 09 06:35:51.494815 2021] [wsgi:error] [pid 166:tid<br>
>>> > 139887608641280] [remote <a href="http://10.10.29.150:55806" rel="noreferrer" target="_blank">10.10.29.150:55806</a>] REQ: curl -i<br>
>>> > <a href="http://ceph-mon2:8080/swift/v1?format=json&limit=1001" rel="noreferrer" target="_blank">http://ceph-mon2:8080/swift/v1?format=json&limit=1001</a> -X GET -H<br>
>>> > "X-Auth-Token: gAAAAABhOasqHFyB..." -H "Accept-Encoding: gzip"<br>
>>> > [Thu Sep 09 06:35:51.495140 2021] [wsgi:error] [pid 166:tid<br>
>>> > 139887608641280] [remote <a href="http://10.10.29.150:55806" rel="noreferrer" target="_blank">10.10.29.150:55806</a>] RESP STATUS: 401<br>
>>> Unauthorized<br>
>>> > [Thu Sep 09 06:35:51.495541 2021] [wsgi:error] [pid 166:tid<br>
>>> > 139887608641280] [remote <a href="http://10.10.29.150:55806" rel="noreferrer" target="_blank">10.10.29.150:55806</a>] RESP HEADERS:<br>
>>> > {'Content-Length': '119', 'X-Trans-Id':<br>
>>> > 'tx00000000000000000000f-006139ab44-9fc1a-default',<br>
>>> > 'X-Openstack-Request-Id':<br>
>>> > 'tx00000000000000000000f-006139ab44-9fc1a-default', 'Accept-Ranges':<br>
>>> > 'bytes', 'Content-Type': 'application/json; charset=utf-8', 'Date':<br>
>>> 'Thu,<br>
>>> > 09 Sep 2021 06:35:51 GMT', 'Connection': 'Keep-Alive'}<br>
>>> > [Thu Sep 09 06:35:51.495792 2021] [wsgi:error] [pid 166:tid<br>
>>> > 139887608641280] [remote <a href="http://10.10.29.150:55806" rel="noreferrer" target="_blank">10.10.29.150:55806</a>] RESP BODY:<br>
>>> ><br>
>>> b'{"Code":"AccessDenied","RequestId":"tx00000000000000000000f-006139ab44-9fc1a-default","HostId":"9fc1a-default-default"}'<br>
>>> > [Thu Sep 09 06:35:51.498743 2021] [wsgi:error] [pid 166:tid<br>
>>> > 139887608641280] [remote <a href="http://10.10.29.150:55806" rel="noreferrer" target="_blank">10.10.29.150:55806</a>] Unauthorized:<br>
>>> > /api/swift/containers/<br>
>>> > [Thu Sep 09 06:35:52.924169 2021] [wsgi:error] [pid 166:tid<br>
>>> > 139887608641280] [remote <a href="http://10.10.29.150:55806" rel="noreferrer" target="_blank">10.10.29.150:55806</a>] REQ: curl -i<br>
>>> > <a href="http://ceph-mon2:8080/swift/v1?format=json&limit=1001" rel="noreferrer" target="_blank">http://ceph-mon2:8080/swift/v1?format=json&limit=1001</a> -X GET -H<br>
>>> > "X-Auth-Token: gAAAAABhOasqHFyB..." -H "Accept-Encoding: gzip"<br>
>>> > [Thu Sep 09 06:35:52.924520 2021] [wsgi:error] [pid 166:tid<br>
>>> > 139887608641280] [remote <a href="http://10.10.29.150:55806" rel="noreferrer" target="_blank">10.10.29.150:55806</a>] RESP STATUS: 401<br>
>>> Unauthorized<br>
>>> > [Thu Sep 09 06:35:52.924789 2021] [wsgi:error] [pid 166:tid<br>
>>> > 139887608641280] [remote <a href="http://10.10.29.150:55806" rel="noreferrer" target="_blank">10.10.29.150:55806</a>] RESP HEADERS:<br>
>>> > {'Content-Length': '119', 'X-Trans-Id':<br>
>>> > 'tx000000000000000000010-006139ab48-9fc1a-default',<br>
>>> > 'X-Openstack-Request-Id':<br>
>>> > 'tx000000000000000000010-006139ab48-9fc1a-default', 'Accept-Ranges':<br>
>>> > 'bytes', 'Content-Type': 'application/json; charset=utf-8', 'Date':<br>
>>> 'Thu,<br>
>>> > 09 Sep 2021 06:35:52 GMT', 'Connection': 'Keep-Alive'}<br>
>>> > [Thu Sep 09 06:35:52.925034 2021] [wsgi:error] [pid 166:tid<br>
>>> > 139887608641280] [remote <a href="http://10.10.29.150:55806" rel="noreferrer" target="_blank">10.10.29.150:55806</a>] RESP BODY:<br>
>>> ><br>
>>> b'{"Code":"AccessDenied","RequestId":"tx000000000000000000010-006139ab48-9fc1a-default","HostId":"9fc1a-default-default"}'<br>
>>> > [Thu Sep 09 06:35:52.929398 2021] [wsgi:error] [pid 166:tid<br>
>>> > 139887608641280] [remote <a href="http://10.10.29.150:55806" rel="noreferrer" target="_blank">10.10.29.150:55806</a>] Unauthorized:<br>
>>> > /api/swift/containers/<br>
>>> > [Thu Sep 09 06:35:52.935799 2021] [wsgi:error] [pid 166:tid<br>
>>> > 139887608641280] [remote <a href="http://10.10.29.150:56016" rel="noreferrer" target="_blank">10.10.29.150:56016</a>] Logging out user "admin".<br>
>>> > [Thu Sep 09 06:35:53.061489 2021] [wsgi:error] [pid 166:tid<br>
>>> > 139887608641280] [remote <a href="http://10.10.29.150:55806" rel="noreferrer" target="_blank">10.10.29.150:55806</a>] Logging out user "".<br>
>>> > [Thu Sep 09 06:35:54.541593 2021] [wsgi:error] [pid 165:tid<br>
>>> > 139887608641280] [remote <a href="http://10.10.29.150:55852" rel="noreferrer" target="_blank">10.10.29.150:55852</a>] The request's session was<br>
>>> > deleted before the request completed. The user may have logged out in a<br>
>>> > concurrent request, for example.<br>
>>> > [Thu Sep 09 06:35:54.542896 2021] [wsgi:error] [pid 165:tid<br>
>>> > 139887608641280] [remote <a href="http://10.10.29.150:55852" rel="noreferrer" target="_blank">10.10.29.150:55852</a>] Bad Request:<br>
>>> > /api/swift/policies/<br>
>>> > [Thu Sep 09 06:35:54.566055 2021] [wsgi:error] [pid 167:tid<br>
>>> > 139887608641280] [remote <a href="http://10.10.29.150:55860" rel="noreferrer" target="_blank">10.10.29.150:55860</a>] The request's session was<br>
>>> > deleted before the request completed. The user may have logged out in a<br>
>>> > concurrent request, for example.<br>
>>> > [Thu Sep 09 06:35:54.567130 2021] [wsgi:error] [pid 167:tid<br>
>>> > 139887608641280] [remote <a href="http://10.10.29.150:55860" rel="noreferrer" target="_blank">10.10.29.150:55860</a>] Bad Request:<br>
>>> /api/swift/info/<br>
>>> > (kolla-open1) stack@kolla-open1<br>
>>> > :/var/lib/docker/volumes/kolla_logs/_data/horizon$<br>
>>> ><br>
>>> > Michel<br>
>>><br>
>>><br>
>>><br>
>>><br>
>>><br>
<br>
<br>
<br>
</blockquote></div>