keystone and RGW Multi-tenancy (rgw implicit tenants=true) like a s3

asked 2017-12-20 01:48:50 -0500

jammarra gravatar image

Hello, I have radosgw multi-tenancy (rgw implicit tenants=true) and Openstack, i need give access to user for rgw using ec2 key. ec2api installed, he works. But if i generate aws_access_key_id and aws_secret_access_key (openstack ec2 credentials create) and and connect to rgw 8080 use the key. Rgw find backet for owner "d0a35a9035b44d3c98570e73c8945bb0" but not "d0a35a9035b44d3c98570e73c8945bb0$d0a35a9035b44d3c98570e73c8945bb0"

How to do it, that he would work with "owner": "d0a35a9035b44d3c98570e73c8945bb0$d0a35a9035b44d3c98570e73c8945bb0" ?

ceph config rgw keystone api version = 3 rgw keystone url = xxx rgw keystone admin user = xxx rgw keystone admin password = xxx rgw keystone admin domain = default rgw keystone admin project = service rgw keystone admin tenant = service rgw keystone accepted roles = user,admin rgw keystone implicit tenants = true rgw keystone make new tenants = true rgw s3 auth use keystone = true nss db path = /var/ceph/nss rgw keystone verify ssl = false rgw swift account in url = true rgw enable usage log = true rgw dns name = xxx rgw resolve cname = true

keystone-paste.ini config

[filter:s3_extension] use = egg:keystone#s3_extension

[pipeline:admin_api] pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension s3_extension admin_service

[pipeline:api_v3] pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3

edit retag flag offensive close merge delete