[stein][cinder][backup][swift] issue
Hello All, I configured openstack stein on centos 7 witch ceph. Cinder works fine and object storage on ceph seems to work fine: I can clreate containers, volume etc ..... I configured cinder backup on swift (but swift is using ceph rados gateway) : backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver swift_catalog_info = object-store:swift:publicURL backup_swift_enable_progress_timer = True #backup_swift_url = http://10.102.184.190:8080/v1/AUTH_ backup_swift_auth_url = http://10.102.184.190:5000/v3 backup_swift_auth = per_user backup_swift_auth_version = 1 backup_swift_user = admin backup_swift_user_domain = default #backup_swift_key = <None> #backup_swift_container = volumebackups backup_swift_object_size = 52428800 #backup_swift_project = <None> #backup_swift_project_domain = <None> backup_swift_retry_attempts = 3 backup_swift_retry_backoff = 2 backup_compression_algorithm = zlib If I run a backup as user admin, it creates a container named "volumebackups". If I run a backup as user demo and I do not specify a container name, it tires to write on volumebackups and gives some errors: ClientException: Container PUT failed: http://10.102.184.190:8080/swift/v1/AUTH_964f343cf5164028a803db91488bdb01/vo... 409 Conflict BucketAlreadyExists Does it mean I cannot use the same containers name on differents projects ? My ceph.conf is configured for using keystone: [client.rgw.tst2-osctrl01] rgw_frontends = "civetweb port=10.102.184.190:8080" # Keystone information rgw keystone api version = 3 rgw keystone url = http://10.102.184.190:5000 rgw keystone admin user = admin rgw keystone admin password = password rgw keystone admin domain = default rgw keystone admin project = admin rgw swift account in url = true rgw keystone implicit tenants = true Any help, please ? Best Regards Ignazio
Hi Ignazio, That's expected behavior with rados gateway. They follow S3's lead and have a unified namespace for containers across all tenants. From their documentation [0]: If a container with the same name already exists, and the user is the container owner then the operation will succeed. Otherwise the operation will fail. FWIW, that's very much a Ceph-ism -- Swift proper allows each tenant full and independent control over their namespace. Tim [0] https://docs.ceph.com/docs/mimic/radosgw/swift/containerops/#http-response On Mon, 2019-12-30 at 15:48 +0100, Ignazio Cassano wrote:
Hello All, I configured openstack stein on centos 7 witch ceph. Cinder works fine and object storage on ceph seems to work fine: I can clreate containers, volume etc .....
I configured cinder backup on swift (but swift is using ceph rados gateway) :
backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver swift_catalog_info = object-store:swift:publicURL backup_swift_enable_progress_timer = True #backup_swift_url = http://10.102.184.190:8080/v1/AUTH_ backup_swift_auth_url = http://10.102.184.190:5000/v3 backup_swift_auth = per_user backup_swift_auth_version = 1 backup_swift_user = admin backup_swift_user_domain = default #backup_swift_key = <None> #backup_swift_container = volumebackups backup_swift_object_size = 52428800 #backup_swift_project = <None> #backup_swift_project_domain = <None> backup_swift_retry_attempts = 3 backup_swift_retry_backoff = 2 backup_compression_algorithm = zlib
If I run a backup as user admin, it creates a container named "volumebackups". If I run a backup as user demo and I do not specify a container name, it tires to write on volumebackups and gives some errors:
ClientException: Container PUT failed: http://10.102.184.190:8080/swift/v1/AUTH_964f343cf5164028a803db91488bdb01/vo... 409 Conflict BucketAlreadyExists
Does it mean I cannot use the same containers name on differents projects ?
My ceph.conf is configured for using keystone: [client.rgw.tst2-osctrl01] rgw_frontends = "civetweb port=10.102.184.190:8080" # Keystone information rgw keystone api version = 3 rgw keystone url = http://10.102.184.190:5000 rgw keystone admin user = admin rgw keystone admin password = password rgw keystone admin domain = default rgw keystone admin project = admin rgw swift account in url = true rgw keystone implicit tenants = true
Any help, please ? Best Regards Ignazio
Many Thanks, Tim Ignazio Il giorno gio 2 gen 2020 alle ore 07:10 Tim Burke <tim@swiftstack.com> ha scritto:
Hi Ignazio,
That's expected behavior with rados gateway. They follow S3's lead and have a unified namespace for containers across all tenants. From their documentation [0]:
If a container with the same name already exists, and the user is the container owner then the operation will succeed. Otherwise the operation will fail.
FWIW, that's very much a Ceph-ism -- Swift proper allows each tenant full and independent control over their namespace.
Tim
[0] https://docs.ceph.com/docs/mimic/radosgw/swift/containerops/#http-response
On Mon, 2019-12-30 at 15:48 +0100, Ignazio Cassano wrote:
Hello All, I configured openstack stein on centos 7 witch ceph. Cinder works fine and object storage on ceph seems to work fine: I can clreate containers, volume etc .....
I configured cinder backup on swift (but swift is using ceph rados gateway) :
backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver swift_catalog_info = object-store:swift:publicURL backup_swift_enable_progress_timer = True #backup_swift_url = http://10.102.184.190:8080/v1/AUTH_ backup_swift_auth_url = http://10.102.184.190:5000/v3 backup_swift_auth = per_user backup_swift_auth_version = 1 backup_swift_user = admin backup_swift_user_domain = default #backup_swift_key = <None> #backup_swift_container = volumebackups backup_swift_object_size = 52428800 #backup_swift_project = <None> #backup_swift_project_domain = <None> backup_swift_retry_attempts = 3 backup_swift_retry_backoff = 2 backup_compression_algorithm = zlib
If I run a backup as user admin, it creates a container named "volumebackups". If I run a backup as user demo and I do not specify a container name, it tires to write on volumebackups and gives some errors:
ClientException: Container PUT failed:
http://10.102.184.190:8080/swift/v1/AUTH_964f343cf5164028a803db91488bdb01/vo...
409 Conflict BucketAlreadyExists
Does it mean I cannot use the same containers name on differents projects ?
My ceph.conf is configured for using keystone: [client.rgw.tst2-osctrl01] rgw_frontends = "civetweb port=10.102.184.190:8080" # Keystone information rgw keystone api version = 3 rgw keystone url = http://10.102.184.190:5000 rgw keystone admin user = admin rgw keystone admin password = password rgw keystone admin domain = default rgw keystone admin project = admin rgw swift account in url = true rgw keystone implicit tenants = true
Any help, please ? Best Regards Ignazio
Tim, as always, has hit the nail on the head. By default rgw doesn't use explicit tenants. if you want to use RGW and explicit tenants.. ie no global container namespace, then you need to add: rgw keystone implicit tenants = true To you rgw client configuration in ceph.conf. See: https://docs.ceph.com/docs/master/radosgw/multitenancy/#swift-with-keystone Not sure what happens to existing containers when you enable this option, because I think my default things are considered to be in the 'default' tenant. matt On Thu, Jan 2, 2020 at 5:40 PM Ignazio Cassano <ignaziocassano@gmail.com> wrote:
Many Thanks, Tim Ignazio
Il giorno gio 2 gen 2020 alle ore 07:10 Tim Burke <tim@swiftstack.com> ha scritto:
Hi Ignazio,
That's expected behavior with rados gateway. They follow S3's lead and have a unified namespace for containers across all tenants. From their documentation [0]:
If a container with the same name already exists, and the user is the container owner then the operation will succeed. Otherwise the operation will fail.
FWIW, that's very much a Ceph-ism -- Swift proper allows each tenant full and independent control over their namespace.
Tim
[0] https://docs.ceph.com/docs/mimic/radosgw/swift/containerops/#http-response
On Mon, 2019-12-30 at 15:48 +0100, Ignazio Cassano wrote:
Hello All, I configured openstack stein on centos 7 witch ceph. Cinder works fine and object storage on ceph seems to work fine: I can clreate containers, volume etc .....
I configured cinder backup on swift (but swift is using ceph rados gateway) :
backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver swift_catalog_info = object-store:swift:publicURL backup_swift_enable_progress_timer = True #backup_swift_url = http://10.102.184.190:8080/v1/AUTH_ backup_swift_auth_url = http://10.102.184.190:5000/v3 backup_swift_auth = per_user backup_swift_auth_version = 1 backup_swift_user = admin backup_swift_user_domain = default #backup_swift_key = <None> #backup_swift_container = volumebackups backup_swift_object_size = 52428800 #backup_swift_project = <None> #backup_swift_project_domain = <None> backup_swift_retry_attempts = 3 backup_swift_retry_backoff = 2 backup_compression_algorithm = zlib
If I run a backup as user admin, it creates a container named "volumebackups". If I run a backup as user demo and I do not specify a container name, it tires to write on volumebackups and gives some errors:
ClientException: Container PUT failed:
http://10.102.184.190:8080/swift/v1/AUTH_964f343cf5164028a803db91488bdb01/vo...
409 Conflict BucketAlreadyExists
Does it mean I cannot use the same containers name on differents projects ?
My ceph.conf is configured for using keystone: [client.rgw.tst2-osctrl01] rgw_frontends = "civetweb port=10.102.184.190:8080" # Keystone information rgw keystone api version = 3 rgw keystone url = http://10.102.184.190:5000 rgw keystone admin user = admin rgw keystone admin password = password rgw keystone admin domain = default rgw keystone admin project = admin rgw swift account in url = true rgw keystone implicit tenants = true
Any help, please ? Best Regards Ignazio
Thanks, Matt. When I add rgw keystone implicit tenants = true container are acreated with the project id/name. Regards Ignazio Il giorno gio 2 gen 2020 alle ore 23:32 Matthew Oliver <matt@oliver.net.au> ha scritto:
Tim, as always, has hit the nail on the head. By default rgw doesn't use explicit tenants. if you want to use RGW and explicit tenants.. ie no global container namespace, then you need to add:
rgw keystone implicit tenants = true
To you rgw client configuration in ceph.conf.
See: https://docs.ceph.com/docs/master/radosgw/multitenancy/#swift-with-keystone
Not sure what happens to existing containers when you enable this option, because I think my default things are considered to be in the 'default' tenant.
matt
On Thu, Jan 2, 2020 at 5:40 PM Ignazio Cassano <ignaziocassano@gmail.com> wrote:
Many Thanks, Tim Ignazio
Il giorno gio 2 gen 2020 alle ore 07:10 Tim Burke <tim@swiftstack.com> ha scritto:
Hi Ignazio,
That's expected behavior with rados gateway. They follow S3's lead and have a unified namespace for containers across all tenants. From their documentation [0]:
If a container with the same name already exists, and the user is the container owner then the operation will succeed. Otherwise the operation will fail.
FWIW, that's very much a Ceph-ism -- Swift proper allows each tenant full and independent control over their namespace.
Tim
[0]
https://docs.ceph.com/docs/mimic/radosgw/swift/containerops/#http-response
On Mon, 2019-12-30 at 15:48 +0100, Ignazio Cassano wrote:
Hello All, I configured openstack stein on centos 7 witch ceph. Cinder works fine and object storage on ceph seems to work fine: I can clreate containers, volume etc .....
I configured cinder backup on swift (but swift is using ceph rados gateway) :
backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver swift_catalog_info = object-store:swift:publicURL backup_swift_enable_progress_timer = True #backup_swift_url = http://10.102.184.190:8080/v1/AUTH_ backup_swift_auth_url = http://10.102.184.190:5000/v3 backup_swift_auth = per_user backup_swift_auth_version = 1 backup_swift_user = admin backup_swift_user_domain = default #backup_swift_key = <None> #backup_swift_container = volumebackups backup_swift_object_size = 52428800 #backup_swift_project = <None> #backup_swift_project_domain = <None> backup_swift_retry_attempts = 3 backup_swift_retry_backoff = 2 backup_compression_algorithm = zlib
If I run a backup as user admin, it creates a container named "volumebackups". If I run a backup as user demo and I do not specify a container name, it tires to write on volumebackups and gives some errors:
ClientException: Container PUT failed:
http://10.102.184.190:8080/swift/v1/AUTH_964f343cf5164028a803db91488bdb01/vo...
409 Conflict BucketAlreadyExists
Does it mean I cannot use the same containers name on differents projects ?
My ceph.conf is configured for using keystone: [client.rgw.tst2-osctrl01] rgw_frontends = "civetweb port=10.102.184.190:8080" # Keystone information rgw keystone api version = 3 rgw keystone url = http://10.102.184.190:5000 rgw keystone admin user = admin rgw keystone admin password = password rgw keystone admin domain = default rgw keystone admin project = admin rgw swift account in url = true rgw keystone implicit tenants = true
Any help, please ? Best Regards Ignazio
participants (3)
-
Ignazio Cassano
-
Matthew Oliver
-
Tim Burke