Hi all, As you might know, we've been having issues with configuring radosgw to work in the federated mode - it seems that the solution to this is not clear within the project. The essence of the problem lies in the fact that radosgw config requires a specific auth token and not a username/pw combination - the documentation states that the auth token should be the main auth token for the keystone (which we do not know). We managed to get it working such that we can list containers, upload files, download files etc. Here is what we had to do: - get Alvaro to make changes on the keystone -- note that for us, we had to use the endpoint http://zurich.cloud.lab.fiware.org:8080/swift/v1 (note the presence of 'swift' in the endpoint which is not present if vanilla swift is used, iiuc) - modify the ceph.conf file as follows: -- rgw_keystone_url = http://cloud.lab.fiware.org:4731 -- rgw_keystone_auth_token = (to a valid token obtained with the service credentials - can be obtained with keystone token-get) -- we also modified rgw_keystone_accepted_roles to community, admin, owner Once this was set up we were able to use swift to create containers and store things in the containers using the command line interface. IMPORTANT NOTE: the design of radosgw is such that there is a single global namespace over all tenants. This means that if user1 creates a container called Test, user2 will not be able to create a container called Test (she will not be able to access the Test container obviously due to ACL rules). This is as S3 was designed so operators are happy to go with this solution on this premise; however, it is different from vanilla swift and it could cause some issues for unsuspecting users who start off by creating a test bucket. It also means that there will be inconsistent behaviour between the nodes. Another point which we had to address was that the validity of the auth token is only 24 hr - this means that we need to modify ceph.conf on all of our controllers every 24 hr with a new token to enable everything to continue to work via a cron job - it's not ideal, but that's the best we can do right now. Hope this is of use to someone - happy to have comments/feedback input on this matter. (Thanks to our new partner Saverio from Switch in cc who had some experience with radosgw and answered a q around the namespace issue and gave us the bad news that there is no solution to providing seperate namespaces per tenant at present ;-) BR, Seán. -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/fiware-lab-federation-nodes/attachments/20160310/df02f48e/attachment.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy