openATTIC authentication failure after creating multisite configuration

This document (7023787) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Enterprise Storage 5

Situation

Configure Multisite Object Gateways per SUSE documentation at:
https://www.suse.com/documentation/suse-enterprise-storage-5/book_storage_admin/data/ceph_rgw_fed.html

The default zone group was removed as instructed with:
cephadm:~ # radosgw-admin zonegroup delete --rgw-zonegroup=default
cephadm:~ # radosgw-admin user list
[
    "zone.user"
]

It was noticed that under settings in the openATTIC dashboard, the Object Gateway API  will no longer connect with the admin user. It only connects if given the user that was created as part of the multisite gateway setup.

The openATTIC Object Gateway API shows the following error:
Object Gateway - Authentication failed
This module cannot be loaded due to an authentication problem while connecting to the RGW S3 API
Please verify that:
* Object Gateway Access Key, Secret Key and Admin User setting are defined correctly
* Alternatively check that DeepSea is return the correct RGW information by running the following command on the Salt master: #salt-run ui_rgw.credentials

salt-master:~ # salt-run ui_rgw.credentials
access_key:
    <ADMIN_ACCESS_KEY removed>
secret_key:
    <ADMIN_SECRET_KEY removed>
success:
    True
urls:
    - http://rgw1:80/admin
    - http://rgw2:80/admin
user_id:
    admin

NFS Ganesha providing access to object buckets doesn't work because it defaults to using the admin account as well.

Resolution

1. Retrieve the current rgw object gateway admin credentials
cephadm:~ # KEYS=$(salt-run ui_rgw.credentials | grep -A1 _key)
cephadm:~ # ADMIN_ACCESS_KEY=$(awk '{print $2}' <<< $KEYS)
cephadm:~ # ADMIN_SECRET_KEY=$(awk '{print $4}' <<< $KEYS)

2. Recreate the rgw object gateway admin user with the retrieved credentials
cephadm:~ # radosgw-admin user create --uid=admin --display-name='Admin User' --admin --system --access-key=$ADMIN_ACCESS_KEY --secret=$ADMIN_SECRET_KEY
cephadm:~ # radosgw-admin user list
[
    "zone.user",
    "admin"
]

Cause

The object gateway admin user was removed during the multisite configuration and needs to be recreated.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7023787
  • Creation Date: 21-Mar-2019
  • Modified Date:03-Mar-2020
    • SUSE Enterprise Storage

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center