On Fri, Sep 10, 2021 at 9:33 AM Michel Niyoyita <micou12@gmail.com> wrote:
Hello EugenThank you for your continuous support. now The dashboard is stable is not dsconnected as before , unfotunately I am not able to create containers and see the list of created one using openstack CLI or ceph side. you will find the image at the end.below is my ceph.conf :[client.rgw.ceph-osd3]
rgw frontends = "beast port=8080"
rgw dns name = ceph-osd3
rgw enable usage log = true
rgw thread pool size = 512
rgw keystone api version = 3
rgw keystone url = http://kolla-open1:5000
rgw keystone admin user = rgw
rgw keystone admin password = c8igBKQqEon8jXaG68TkcWgNI4E77m2K3bJD7fCU
rgw keystone admin domain = default
rgw keystone admin project = service
rgw keystone accepted roles = admin,Member,_member_,member,swiftoperator
rgw keystone verify ssl = false
rgw s3 auth use keystone = true
rgw keystone revocation interval = 0
[client.rgw.ceph-osd3.rgw0]
host = ceph-osd3
keyring = /var/lib/ceph/radosgw/ceph-rgw.ceph-osd3.rgw0/keyring
log file = /var/log/ceph/ceph-rgw-ceph-osd3.rgw0.log
rgw frontends = beast endpoint=ceph-osd3:8080
rgw thread pool size = 512openstack role assignment lis --names output:(kolla-open1) stack@kolla-open1:~$ openstack role assignment list --names +------------------+------------------------------------+-------+-----------------+-------- ----------+--------+-----------+
| Role | User | Group | Project | Domain | System | Inherited |
+------------------+------------------------------------+-------+-----------------+-------- ----------+--------+-----------+
| swiftoperator | operator:swift@Default | | service@Default | | | False |
| admin | rgw@Default | | service@Default | | | False |
| member | rgw@Default | | service@Default | | | False |
| admin | cinder@Default | | service@Default | | | False |
| admin | neutron@Default | | service@Default | | | False |
| admin | placement@Default | | service@Default | | | False |
| admin | nova@Default | | service@Default | | | False |
| admin | admin@Default | | admin@Default | | | False |
| heat_stack_owner | admin@Default | | admin@Default | | | False |
| admin | admin@Default | | service@Default | | | False |
| member | admin@Default | | service@Default | | | False |
| admin | glance@Default | | service@Default | | | False |
| member | operator@Default | | service@Default | | | False |
| _member_ | operator@Default | | service@Default | | | False |
| admin | heat@Default | | service@Default | | | False |
| admin | heat_domain_admin@heat_user_domain | | | heat_us er_domain | | False |
| admin | admin@Default | | | | all | False |
+------------------+------------------------------------+-------+-----------------+--------MichelOn Thu, Sep 9, 2021 at 2:15 PM Eugen Block <eblock@nde.ag> wrote:Hi,
I could reproduce this in my lab environment. The issue must be either
in your ceph.conf on the RGW host(s) or your openstack role
assigments. I have a dedicated user for my setup as you can see in my
previous response. The user "rgw" gets then assigned the "member" role
to the "service" project. If I login to Horizon dashboard with this
user I can see the object-storage panel and see existing containers
for that user. If I login as admin and try to see the container panel
I get logged out, too. If I replace "rgw" with "admin" in the
ceph.conf and restart the RGW it works. But note that in this case the
admin user has to have the proper role assignment, too.
So to achieve this you need to add a matching role (from "rgw keystone
accepted roles") for your admin user in the respective project, like
this:
# replace rgw with admin in your case, PROJECT_ID is "service" in my case
openstack role add --user rgw --project <PROJECT_ID> member
# check with
openstack role assignment list --names
To make it easier to follow, please share your current ceph.conf and
the openstack role assignment output.
Regards,
Eugen
Zitat von Michel Niyoyita <micou12@gmail.com>:
> Hello team ,
>
> I am facing an issue when I am trying to connect to the object store
> containers on the horizon dashboad . Once click on containers it
> automatically disconnect. please find below logs I am getting and help for
> further analysis.
>
> [Thu Sep 09 06:35:22.185771 2021] [wsgi:error] [pid 167:tid
> 139887608641280] [remote 10.10.29.150:55130] Attempted scope to domain
> Default failed, will attempt to scope to another domain.
> [Thu Sep 09 06:35:22.572522 2021] [wsgi:error] [pid 167:tid
> 139887608641280] [remote 10.10.29.150:55130] Login successful for user
> "admin" using domain "Default", remote address 10.10.29.150.
> [Thu Sep 09 06:35:51.494815 2021] [wsgi:error] [pid 166:tid
> 139887608641280] [remote 10.10.29.150:55806] REQ: curl -i
> http://ceph-mon2:8080/swift/v1?format=json&limit=1001 -X GET -H
> "X-Auth-Token: gAAAAABhOasqHFyB..." -H "Accept-Encoding: gzip"
> [Thu Sep 09 06:35:51.495140 2021] [wsgi:error] [pid 166:tid
> 139887608641280] [remote 10.10.29.150:55806] RESP STATUS: 401 Unauthorized
> [Thu Sep 09 06:35:51.495541 2021] [wsgi:error] [pid 166:tid
> 139887608641280] [remote 10.10.29.150:55806] RESP HEADERS:
> {'Content-Length': '119', 'X-Trans-Id':
> 'tx00000000000000000000f-006139ab44-9fc1a-default',
> 'X-Openstack-Request-Id':
> 'tx00000000000000000000f-006139ab44-9fc1a-default', 'Accept-Ranges':
> 'bytes', 'Content-Type': 'application/json; charset=utf-8', 'Date': 'Thu,
> 09 Sep 2021 06:35:51 GMT', 'Connection': 'Keep-Alive'}
> [Thu Sep 09 06:35:51.495792 2021] [wsgi:error] [pid 166:tid
> 139887608641280] [remote 10.10.29.150:55806] RESP BODY:
> b'{"Code":"AccessDenied","RequestId":"tx00000000000000000000f-006139ab44-9fc1a-default","HostId":"9fc1a-default-default"}'
> [Thu Sep 09 06:35:51.498743 2021] [wsgi:error] [pid 166:tid
> 139887608641280] [remote 10.10.29.150:55806] Unauthorized:
> /api/swift/containers/
> [Thu Sep 09 06:35:52.924169 2021] [wsgi:error] [pid 166:tid
> 139887608641280] [remote 10.10.29.150:55806] REQ: curl -i
> http://ceph-mon2:8080/swift/v1?format=json&limit=1001 -X GET -H
> "X-Auth-Token: gAAAAABhOasqHFyB..." -H "Accept-Encoding: gzip"
> [Thu Sep 09 06:35:52.924520 2021] [wsgi:error] [pid 166:tid
> 139887608641280] [remote 10.10.29.150:55806] RESP STATUS: 401 Unauthorized
> [Thu Sep 09 06:35:52.924789 2021] [wsgi:error] [pid 166:tid
> 139887608641280] [remote 10.10.29.150:55806] RESP HEADERS:
> {'Content-Length': '119', 'X-Trans-Id':
> 'tx000000000000000000010-006139ab48-9fc1a-default',
> 'X-Openstack-Request-Id':
> 'tx000000000000000000010-006139ab48-9fc1a-default', 'Accept-Ranges':
> 'bytes', 'Content-Type': 'application/json; charset=utf-8', 'Date': 'Thu,
> 09 Sep 2021 06:35:52 GMT', 'Connection': 'Keep-Alive'}
> [Thu Sep 09 06:35:52.925034 2021] [wsgi:error] [pid 166:tid
> 139887608641280] [remote 10.10.29.150:55806] RESP BODY:
> b'{"Code":"AccessDenied","RequestId":"tx000000000000000000010-006139ab48-9fc1a-default","HostId":"9fc1a-default-default"}'
> [Thu Sep 09 06:35:52.929398 2021] [wsgi:error] [pid 166:tid
> 139887608641280] [remote 10.10.29.150:55806] Unauthorized:
> /api/swift/containers/
> [Thu Sep 09 06:35:52.935799 2021] [wsgi:error] [pid 166:tid
> 139887608641280] [remote 10.10.29.150:56016] Logging out user "admin".
> [Thu Sep 09 06:35:53.061489 2021] [wsgi:error] [pid 166:tid
> 139887608641280] [remote 10.10.29.150:55806] Logging out user "".
> [Thu Sep 09 06:35:54.541593 2021] [wsgi:error] [pid 165:tid
> 139887608641280] [remote 10.10.29.150:55852] The request's session was
> deleted before the request completed. The user may have logged out in a
> concurrent request, for example.
> [Thu Sep 09 06:35:54.542896 2021] [wsgi:error] [pid 165:tid
> 139887608641280] [remote 10.10.29.150:55852] Bad Request:
> /api/swift/policies/
> [Thu Sep 09 06:35:54.566055 2021] [wsgi:error] [pid 167:tid
> 139887608641280] [remote 10.10.29.150:55860] The request's session was
> deleted before the request completed. The user may have logged out in a
> concurrent request, for example.
> [Thu Sep 09 06:35:54.567130 2021] [wsgi:error] [pid 167:tid
> 139887608641280] [remote 10.10.29.150:55860] Bad Request: /api/swift/info/
> (kolla-open1) stack@kolla-open1
> :/var/lib/docker/volumes/kolla_logs/_data/horizon$
>
> Michel