9dbdf71de0
In order to make rgw a better drop-in replacement for Swift, this patch does two things: * Configure rgw to include the Swift account in its URL * Update the Keystone catalog entry so that the rgw endpoints include the AUTH_%(tenant_id)s suffix (just like the os_swift role does) Both of the above are necessary to make both public read ACLs and temp URLs work with rgw, the way they do with native Swift. In addition, the patch also: * Removes the rgw_s3_auth_use_keystone config override, which is useless in the default configuration that does not enable the S3 API. * Enables rgw_keystone_implicit_tenants to properly enable Swift multi-tenancy in rgw. Reference: http://docs.ceph.com/docs/mimic/radosgw/multitenancy/ * Enables rgw_swift_versioning_enabled to support Swift's object versioning feature (and the default for the os_swift role's swift_allow_versions variable). A limitation applies here, which is that radosgw currently does support setting the X-Versions-Location header on a container, but does not understand X-History-Location. * Adds documentation to the users guide, about using rgw as a Swift replacement. * Adds a release note detailing possible upgrade issues, and the object versioning limitation. Closes-Bug: #1800637 Change-Id: Iacd8f32f100f283ff590e063854d06b2c7c98cc2
15 lines
669 B
YAML
15 lines
669 B
YAML
---
|
|
ceph_conf_overrides_rgw:
|
|
"client.rgw.{{ hostvars[inventory_hostname]['ansible_hostname'] }}":
|
|
# OpenStack integration with Keystone
|
|
rgw_keystone_url: "{{ keystone_service_adminuri }}"
|
|
rgw_keystone_api_version: 3
|
|
rgw_keystone_admin_user: "{{ radosgw_admin_user }}"
|
|
rgw_keystone_admin_password: "{{ radosgw_admin_password }}"
|
|
rgw_keystone_admin_tenant: "{{ radosgw_admin_tenant }}"
|
|
rgw_keystone_admin_domain: default
|
|
rgw_keystone_accepted_roles: 'member, _member_, admin, swiftoperator'
|
|
rgw_keystone_implicit_tenants: 'true'
|
|
rgw_enable_apis: swift
|
|
rgw_swift_account_in_url: 'true'
|
|
rgw_swift_versioning_enabled: 'true' |