| 2024-02-19 11:53:09 |
Roman Krček |
description |
After enabling swift in globals.yml with enable_swift: "yes" the horizon Object storage dashboard fails to load with error "Error: Unable to fetch policies"
This is due to the fact, that swift_proxy_server is set up in way that endpoint openstack_ip:8080/info requires authentication. However, the underlying python-swiftclient that horizon uses doesnt use authentication to retrieve data from the /info endpoint.
The /info endpoint requires authentication because delay_auth_decision is by default set to False in proxy-server.conf The fact that it should be set to True is mentioned on the swift documentation https://docs.openstack.org/swift/latest/overview_auth.html
I belive that swift_delay_auth_decision should be by default set to True, not only when using the S3 API in https://github.com/openstack/kolla-ansible/blob/master/ansible/roles/swift/defaults/main.yml#L63 |
After enabling swift in globals.yml with enable_swift: "yes" the horizon Object storage dashboard fails to load with error "Error: Unable to fetch security policies"
When looking at horizon-error.log, I saw errors when horizon was fetching openstack_ip:8080/info. It returned 401: Unauthorized. The underlying python-swiftclient that horizon uses doesnt use authentication to retrieve data from the /info endpoint.
I traced this back to the fact, that swift_proxy_server is set up in way that endpoint openstack_ip:8080/info requires authentication.
The /info endpoint requires authentication because delay_auth_decision is by default set to False in proxy-server.conf Documentation mentions that when set to False, the public access (that the python-swiftclient expects) is broken. https://docs.openstack.org/swift/latest/overview_auth.html (see the first Note)
swift_delay_auth_decision is set to True when using the S3 API, however in the documentation it is not mentioned that its required to get Swift working. https://github.com/openstack/kolla-ansible/blob/master/ansible/roles/swift/defaults/main.yml#L63 |
|
