tripleo

ceph-rgw should not use the keystone admin token

Bug #1642524 reported by Giulio Fidente
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
High
Emilien Macchi
tripleo ocata-2 "ocata-2"

Bug Description

Currently the ceph-rgw service is given access to keystone via admin token, this is insecure and will be deprecated. We should migrate the ceph-rgw config to use keystone v3 instead.

Giulio Fidente (gfidente)
Changed in tripleo:
milestone: none → ocata-2
Giulio Fidente (gfidente)
Changed in tripleo:
assignee: nobody → Keith Schincke (keith-schincke)
Revision history for this message
Keith Schincke (keith-schincke) wrote :

puppet-ceph provides needed support for this request.
tht and puppet-tripleo need to be updated to provide support for new feature.

OpenStack Infra (hudson-openstack)
Changed in tripleo:
assignee: Keith Schincke (keith-schincke) → Emilien Macchi (emilienm)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.openstack.org/405429
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=f33475840c871f4fc6f638577e25733d60dba94a
Submitter: Jenkins
Branch: master

commit f33475840c871f4fc6f638577e25733d60dba94a
Author: Emilien Macchi <email address hidden>
Date: Thu Dec 1 10:00:18 2016 -0500

    ceph-rgw: add missing user parameter

    'user' is required or puppet-ceph will complain that the Keystone_user
    has no title:
    Evaluation Error: Missing title. The title expression resulted in undef
    at /etc/puppet/modules/ceph/manifests/rgw/keystone/auth.pp

    The value is set to Swift, as we use the same credentials as Swift
    service.

    Closes-Bug: #1642524
    Change-Id: Ib4a7c07086b0b3354c8e589612f330ecdffdc637

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 6.0.0.0b2

This issue was fixed in the openstack/tripleo-heat-templates 6.0.0.0b2 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/423526

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/newton)

Reviewed: https://review.openstack.org/423526
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=c705c5fa9b0b8136e1129ccd8815e0dcfc0b1e22
Submitter: Jenkins
Branch: stable/newton

commit c705c5fa9b0b8136e1129ccd8815e0dcfc0b1e22
Author: Emilien Macchi <email address hidden>
Date: Thu Dec 1 10:00:18 2016 -0500

    ceph-rgw: add missing user parameter

    'user' is required or puppet-ceph will complain that the Keystone_user
    has no title:
    Evaluation Error: Missing title. The title expression resulted in undef
    at /etc/puppet/modules/ceph/manifests/rgw/keystone/auth.pp

    The value is set to Swift, as we use the same credentials as Swift
    service.

    Closes-Bug: #1642524
    Change-Id: Ib4a7c07086b0b3354c8e589612f330ecdffdc637
    (cherry picked from commit f33475840c871f4fc6f638577e25733d60dba94a)

tags: added: in-stable-newton
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 5.3.0

This issue was fixed in the openstack/tripleo-heat-templates 5.3.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.