<div dir="ltr"> Hello Eugen<div><br></div><div>Thank you for your continuous support. now The dashboard is stable is not dsconnected as before , unfotunately I am not able to create containers and see the list of created one using openstack CLI or ceph side. </div><div><br></div><div>below is my ceph.conf :</div><div><br></div><div>[client.rgw.ceph-osd3]<br>rgw frontends = "beast port=8080"<br>rgw dns name = ceph-osd3<br>rgw enable usage log = true<br><br>rgw thread pool size = 512<br>rgw keystone api version = 3<br>rgw keystone url = <a href="http://kolla-open1:5000/" target="_blank">http://kolla-open1:5000</a><br><br>rgw keystone admin user = rgw<br>rgw keystone admin password = c8igBKQqEon8jXaG68TkcWgNI4E77m2K3bJD7fCU<br>rgw keystone admin domain = default<br>rgw keystone admin project = service<br>rgw keystone accepted roles = admin,Member,_member_,member,swiftoperator<br>rgw keystone verify ssl = false<br>rgw s3 auth use keystone = true<br>rgw keystone revocation interval = 0<br><br><br>[client.rgw.ceph-osd3.rgw0]<br>host = ceph-osd3<br>keyring = /var/lib/ceph/radosgw/ceph-rgw.ceph-osd3.rgw0/keyring<br>log file = /var/log/ceph/ceph-rgw-ceph-osd3.rgw0.log<br>rgw frontends = beast endpoint=ceph-osd3:8080<br>rgw thread pool size = 512<br></div><div><br></div><div>openstack role assignment lis --names output:</div><div><br></div><div><br></div><div>(kolla-open1) stack@kolla-open1:~$ openstack role assignment list --names +------------------+------------------------------------+-------+-----------------+-------- ----------+--------+-----------+<br>| Role | User | Group | Project | Domain | System | Inherited |<br>+------------------+------------------------------------+-------+-----------------+-------- ----------+--------+-----------+<br>| swiftoperator | operator:swift@Default | | service@Default | | | False |<br>| admin | rgw@Default | | service@Default | | | False |<br>| member | rgw@Default | | service@Default | | | False |<br>| admin | cinder@Default | | service@Default | | | False |<br>| admin | neutron@Default | | service@Default | | | False |<br>| admin | placement@Default | | service@Default | | | False |<br>| admin | nova@Default | | service@Default | | | False |<br>| admin | admin@Default | | admin@Default | | | False |<br>| heat_stack_owner | admin@Default | | admin@Default | | | False |<br>| admin | admin@Default | | service@Default | | | False |<br>| member | admin@Default | | service@Default | | | False |<br>| admin | glance@Default | | service@Default | | | False |<br>| member | operator@Default | | service@Default | | | False |<br>| _member_ | operator@Default | | service@Default | | | False |<br>| admin | heat@Default | | service@Default | | | False |<br>| admin | heat_domain_admin@heat_user_domain | | | heat_us er_domain | | False |<br>| admin | admin@Default | | | | all | False |<br>+------------------+------------------------------------+-------+-----------------+--------<br></div><div><br></div><div>Michel</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Sep 10, 2021 at 9:33 AM Michel Niyoyita <<a href="mailto:micou12@gmail.com">micou12@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hello Eugen<div><br></div><div>Thank you for your continuous support. now The dashboard is stable is not dsconnected as before , unfotunately I am not able to create containers and see the list of created one using openstack CLI or ceph side. you will find the image at the end.</div><div><br></div><div>below is my ceph.conf :</div><div><br></div><div>[client.rgw.ceph-osd3]<br>rgw frontends = "beast port=8080"<br>rgw dns name = ceph-osd3<br>rgw enable usage log = true<br><br>rgw thread pool size = 512<br>rgw keystone api version = 3<br>rgw keystone url = <a href="http://kolla-open1:5000" target="_blank">http://kolla-open1:5000</a><br><br>rgw keystone admin user = rgw<br>rgw keystone admin password = c8igBKQqEon8jXaG68TkcWgNI4E77m2K3bJD7fCU<br>rgw keystone admin domain = default<br>rgw keystone admin project = service<br>rgw keystone accepted roles = admin,Member,_member_,member,swiftoperator<br>rgw keystone verify ssl = false<br>rgw s3 auth use keystone = true<br>rgw keystone revocation interval = 0<br><br><br>[client.rgw.ceph-osd3.rgw0]<br>host = ceph-osd3<br>keyring = /var/lib/ceph/radosgw/ceph-rgw.ceph-osd3.rgw0/keyring<br>log file = /var/log/ceph/ceph-rgw-ceph-osd3.rgw0.log<br>rgw frontends = beast endpoint=ceph-osd3:8080<br>rgw thread pool size = 512<br></div><div><br></div><div>openstack role assignment lis --names output:</div><div><br></div><div><br></div><div>(kolla-open1) stack@kolla-open1:~$ openstack role assignment list --names +------------------+------------------------------------+-------+-----------------+-------- ----------+--------+-----------+<br>| Role | User | Group | Project | Domain | System | Inherited |<br>+------------------+------------------------------------+-------+-----------------+-------- ----------+--------+-----------+<br>| swiftoperator | operator:swift@Default | | service@Default | | | False |<br>| admin | rgw@Default | | service@Default | | | False |<br>| member | rgw@Default | | service@Default | | | False |<br>| admin | cinder@Default | | service@Default | | | False |<br>| admin | neutron@Default | | service@Default | | | False |<br>| admin | placement@Default | | service@Default | | | False |<br>| admin | nova@Default | | service@Default | | | False |<br>| admin | admin@Default | | admin@Default | | | False |<br>| heat_stack_owner | admin@Default | | admin@Default | | | False |<br>| admin | admin@Default | | service@Default | | | False |<br>| member | admin@Default | | service@Default | | | False |<br>| admin | glance@Default | | service@Default | | | False |<br>| member | operator@Default | | service@Default | | | False |<br>| _member_ | operator@Default | | service@Default | | | False |<br>| admin | heat@Default | | service@Default | | | False |<br>| admin | heat_domain_admin@heat_user_domain | | | heat_us er_domain | | False |<br>| admin | admin@Default | | | | all | False |<br>+------------------+------------------------------------+-------+-----------------+--------<br></div><div><br></div><div><img src="cid:ii_kte1l0fk0" alt="image.png" width="472" height="150"><br></div><div><br></div><div>Michel</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Sep 9, 2021 at 2:15 PM Eugen Block <<a href="mailto:eblock@nde.ag" target="_blank">eblock@nde.ag</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br>
<br>
I could reproduce this in my lab environment. The issue must be either <br>
in your ceph.conf on the RGW host(s) or your openstack role <br>
assigments. I have a dedicated user for my setup as you can see in my <br>
previous response. The user "rgw" gets then assigned the "member" role <br>
to the "service" project. If I login to Horizon dashboard with this <br>
user I can see the object-storage panel and see existing containers <br>
for that user. If I login as admin and try to see the container panel <br>
I get logged out, too. If I replace "rgw" with "admin" in the <br>
ceph.conf and restart the RGW it works. But note that in this case the <br>
admin user has to have the proper role assignment, too.<br>
<br>
So to achieve this you need to add a matching role (from "rgw keystone <br>
accepted roles") for your admin user in the respective project, like <br>
this:<br>
<br>
# replace rgw with admin in your case, PROJECT_ID is "service" in my case<br>
openstack role add --user rgw --project <PROJECT_ID> member<br>
<br>
# check with<br>
openstack role assignment list --names<br>
<br>
To make it easier to follow, please share your current ceph.conf and <br>
the openstack role assignment output.<br>
<br>
Regards,<br>
Eugen<br>
<br>
<br>
<br>
Zitat von Michel Niyoyita <<a href="mailto:micou12@gmail.com" target="_blank">micou12@gmail.com</a>>:<br>
<br>
> Hello team ,<br>
><br>
> I am facing an issue when I am trying to connect to the object store<br>
> containers on the horizon dashboad . Once click on containers it<br>
> automatically disconnect. please find below logs I am getting and help for<br>
> further analysis.<br>
><br>
> [Thu Sep 09 06:35:22.185771 2021] [wsgi:error] [pid 167:tid<br>
> 139887608641280] [remote <a href="http://10.10.29.150:55130" rel="noreferrer" target="_blank">10.10.29.150:55130</a>] Attempted scope to domain<br>
> Default failed, will attempt to scope to another domain.<br>
> [Thu Sep 09 06:35:22.572522 2021] [wsgi:error] [pid 167:tid<br>
> 139887608641280] [remote <a href="http://10.10.29.150:55130" rel="noreferrer" target="_blank">10.10.29.150:55130</a>] Login successful for user<br>
> "admin" using domain "Default", remote address 10.10.29.150.<br>
> [Thu Sep 09 06:35:51.494815 2021] [wsgi:error] [pid 166:tid<br>
> 139887608641280] [remote <a href="http://10.10.29.150:55806" rel="noreferrer" target="_blank">10.10.29.150:55806</a>] REQ: curl -i<br>
> <a href="http://ceph-mon2:8080/swift/v1?format=json&limit=1001" rel="noreferrer" target="_blank">http://ceph-mon2:8080/swift/v1?format=json&limit=1001</a> -X GET -H<br>
> "X-Auth-Token: gAAAAABhOasqHFyB..." -H "Accept-Encoding: gzip"<br>
> [Thu Sep 09 06:35:51.495140 2021] [wsgi:error] [pid 166:tid<br>
> 139887608641280] [remote <a href="http://10.10.29.150:55806" rel="noreferrer" target="_blank">10.10.29.150:55806</a>] RESP STATUS: 401 Unauthorized<br>
> [Thu Sep 09 06:35:51.495541 2021] [wsgi:error] [pid 166:tid<br>
> 139887608641280] [remote <a href="http://10.10.29.150:55806" rel="noreferrer" target="_blank">10.10.29.150:55806</a>] RESP HEADERS:<br>
> {'Content-Length': '119', 'X-Trans-Id':<br>
> 'tx00000000000000000000f-006139ab44-9fc1a-default',<br>
> 'X-Openstack-Request-Id':<br>
> 'tx00000000000000000000f-006139ab44-9fc1a-default', 'Accept-Ranges':<br>
> 'bytes', 'Content-Type': 'application/json; charset=utf-8', 'Date': 'Thu,<br>
> 09 Sep 2021 06:35:51 GMT', 'Connection': 'Keep-Alive'}<br>
> [Thu Sep 09 06:35:51.495792 2021] [wsgi:error] [pid 166:tid<br>
> 139887608641280] [remote <a href="http://10.10.29.150:55806" rel="noreferrer" target="_blank">10.10.29.150:55806</a>] RESP BODY:<br>
> b'{"Code":"AccessDenied","RequestId":"tx00000000000000000000f-006139ab44-9fc1a-default","HostId":"9fc1a-default-default"}'<br>
> [Thu Sep 09 06:35:51.498743 2021] [wsgi:error] [pid 166:tid<br>
> 139887608641280] [remote <a href="http://10.10.29.150:55806" rel="noreferrer" target="_blank">10.10.29.150:55806</a>] Unauthorized:<br>
> /api/swift/containers/<br>
> [Thu Sep 09 06:35:52.924169 2021] [wsgi:error] [pid 166:tid<br>
> 139887608641280] [remote <a href="http://10.10.29.150:55806" rel="noreferrer" target="_blank">10.10.29.150:55806</a>] REQ: curl -i<br>
> <a href="http://ceph-mon2:8080/swift/v1?format=json&limit=1001" rel="noreferrer" target="_blank">http://ceph-mon2:8080/swift/v1?format=json&limit=1001</a> -X GET -H<br>
> "X-Auth-Token: gAAAAABhOasqHFyB..." -H "Accept-Encoding: gzip"<br>
> [Thu Sep 09 06:35:52.924520 2021] [wsgi:error] [pid 166:tid<br>
> 139887608641280] [remote <a href="http://10.10.29.150:55806" rel="noreferrer" target="_blank">10.10.29.150:55806</a>] RESP STATUS: 401 Unauthorized<br>
> [Thu Sep 09 06:35:52.924789 2021] [wsgi:error] [pid 166:tid<br>
> 139887608641280] [remote <a href="http://10.10.29.150:55806" rel="noreferrer" target="_blank">10.10.29.150:55806</a>] RESP HEADERS:<br>
> {'Content-Length': '119', 'X-Trans-Id':<br>
> 'tx000000000000000000010-006139ab48-9fc1a-default',<br>
> 'X-Openstack-Request-Id':<br>
> 'tx000000000000000000010-006139ab48-9fc1a-default', 'Accept-Ranges':<br>
> 'bytes', 'Content-Type': 'application/json; charset=utf-8', 'Date': 'Thu,<br>
> 09 Sep 2021 06:35:52 GMT', 'Connection': 'Keep-Alive'}<br>
> [Thu Sep 09 06:35:52.925034 2021] [wsgi:error] [pid 166:tid<br>
> 139887608641280] [remote <a href="http://10.10.29.150:55806" rel="noreferrer" target="_blank">10.10.29.150:55806</a>] RESP BODY:<br>
> b'{"Code":"AccessDenied","RequestId":"tx000000000000000000010-006139ab48-9fc1a-default","HostId":"9fc1a-default-default"}'<br>
> [Thu Sep 09 06:35:52.929398 2021] [wsgi:error] [pid 166:tid<br>
> 139887608641280] [remote <a href="http://10.10.29.150:55806" rel="noreferrer" target="_blank">10.10.29.150:55806</a>] Unauthorized:<br>
> /api/swift/containers/<br>
> [Thu Sep 09 06:35:52.935799 2021] [wsgi:error] [pid 166:tid<br>
> 139887608641280] [remote <a href="http://10.10.29.150:56016" rel="noreferrer" target="_blank">10.10.29.150:56016</a>] Logging out user "admin".<br>
> [Thu Sep 09 06:35:53.061489 2021] [wsgi:error] [pid 166:tid<br>
> 139887608641280] [remote <a href="http://10.10.29.150:55806" rel="noreferrer" target="_blank">10.10.29.150:55806</a>] Logging out user "".<br>
> [Thu Sep 09 06:35:54.541593 2021] [wsgi:error] [pid 165:tid<br>
> 139887608641280] [remote <a href="http://10.10.29.150:55852" rel="noreferrer" target="_blank">10.10.29.150:55852</a>] The request's session was<br>
> deleted before the request completed. The user may have logged out in a<br>
> concurrent request, for example.<br>
> [Thu Sep 09 06:35:54.542896 2021] [wsgi:error] [pid 165:tid<br>
> 139887608641280] [remote <a href="http://10.10.29.150:55852" rel="noreferrer" target="_blank">10.10.29.150:55852</a>] Bad Request:<br>
> /api/swift/policies/<br>
> [Thu Sep 09 06:35:54.566055 2021] [wsgi:error] [pid 167:tid<br>
> 139887608641280] [remote <a href="http://10.10.29.150:55860" rel="noreferrer" target="_blank">10.10.29.150:55860</a>] The request's session was<br>
> deleted before the request completed. The user may have logged out in a<br>
> concurrent request, for example.<br>
> [Thu Sep 09 06:35:54.567130 2021] [wsgi:error] [pid 167:tid<br>
> 139887608641280] [remote <a href="http://10.10.29.150:55860" rel="noreferrer" target="_blank">10.10.29.150:55860</a>] Bad Request: /api/swift/info/<br>
> (kolla-open1) stack@kolla-open1<br>
> :/var/lib/docker/volumes/kolla_logs/_data/horizon$<br>
><br>
> Michel<br>
<br>
<br>
<br>
<br>
</blockquote></div>
</blockquote></div>