charm-ceph-radosgw/templates/ceph.conf
James Page 3e54b570b1 Switch auth order for s3 authentication
When deploying the RGW in multi-site configurations, communication
between sites is authenticated using S3 credentials managed within
RGW.  In the event that keystone authentication is in use this
generates a large number of s3 authentication attempts to keystone
which will always fail.

Switch the default order to check local auth first and then fallback
to external.

Change-Id: I7bfc016baf99188ba5a36f663145eeff465d25e8
2019-02-21 13:16:31 +00:00

67 lines
2.0 KiB
Plaintext

[global]
{% if old_auth %}
auth supported = {{ auth_supported }}
{% else %}
auth cluster required = {{ auth_supported }}
auth service required = {{ auth_supported }}
auth client required = {{ auth_supported }}
{% endif %}
mon host = {{ mon_hosts }}
log to syslog = {{ use_syslog }}
err to syslog = {{ use_syslog }}
clog to syslog = {{ use_syslog }}
debug rgw = {{ loglevel }}/5
{% if ipv6 -%}
ms bind ipv6 = true
{% endif %}
{% if global -%}
# The following are user-provided options provided via the config-flags charm option.
# User-provided [global] section config
{% for key in global -%}
{{ key }} = {{ global[key] }}
{% endfor %}
{% endif %}
{% if systemd_rgw -%}
[client.rgw.{{ hostname }}]
host = {{ hostname }}
{% else -%}
[client.radosgw.gateway]
keyring = /etc/ceph/keyring.rados.gateway
host = {{ hostname }}
rgw socket path = /tmp/radosgw.sock
log file = /var/log/ceph/radosgw.log
{% endif %}
{% if rgw_zone -%}
rgw_zone = {{ rgw_zone }}
{% endif %}
rgw init timeout = 1200
rgw frontends = civetweb port={{ port }}
{% if auth_type == 'keystone' %}
rgw keystone url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}/
{% if auth_keystone_v3_supported and api_version == '3' -%}
rgw keystone api version = 3
rgw keystone admin user = {{ admin_user }}
rgw keystone admin password = {{ admin_password }}
rgw keystone admin domain = {{ admin_domain_name }}
rgw keystone admin project = {{ admin_tenant_name }}
{% else -%}
rgw keystone admin token = {{ admin_token }}
{% endif -%}
rgw keystone accepted roles = {{ user_roles }}
rgw keystone token cache size = {{ cache_size }}
rgw s3 auth use keystone = true
rgw s3 auth order = local, external
{% else -%}
rgw swift url = http://{{ unit_public_ip }}
{% endif -%}
{% if client_radosgw_gateway -%}
# The following are user-provided options provided via the config-flags charm option.
# User-provided [client.radosgw.gateway] section config
{% for key in client_radosgw_gateway -%}
{{ key }} = {{ client_radosgw_gateway[key] }}
{% endfor %}
{% endif %}