https://tracker.ceph.com/
https://tracker.ceph.com/favicon.ico
2017-12-05T09:36:38Z
Ceph
rgw - Bug #22312: ERROR: keystone revocation processing returned error r=-22 on keystone v3 openstack ocata
https://tracker.ceph.com/issues/22312?journal_id=103238
2017-12-05T09:36:38Z
hoan nv
<ul></ul><p>I found: start from ocata openstack</p>
<p>PKI token deprecated and not supported in Ocata</p>
<blockquote>
<p><a class="external" href="https://docs.openstack.org/security-guide/identity/tokens.html">https://docs.openstack.org/security-guide/identity/tokens.html</a></p>
</blockquote>
<p>in rgw_keystone.cc file, rgw call to v3/auth/tokens/OS-PKI/revoked url if use openstack identify ver3.</p>
<blockquote>
<p>const auto keystone_version = config.get_api_version();<br />if (keystone_version rgw::keystone::ApiVersion::VER_2) {<br />url.append("v2.0/tokens/revoked");<br />} else if (keystone_version rgw::keystone::ApiVersion::VER_3) {<br />url.append("v3/auth/tokens/OS-PKI/revoked");<br />}</p>
<p>req.set_send_length(0);<br />int ret = req.process(url.c_str());<br />if (ret < 0) {<br />return ret;<br />}</p>
<p>bl.append((char)0); // NULL terminate for debug output</p>
<p>ldout(cct, 10) << "request returned " << bl.c_str() << dendl;</p>
<p>JSONParser parser;</p>
<p>if (!parser.parse(bl.c_str(), bl.length())) {<br />ldout(cct, 0) << "malformed json" << dendl;<br />return -EINVAL;<br />}</p>
<p>JSONObjIter iter = parser.find_first("signed");<br />if (iter.end()) {<br />ldout(cct, 0) << "revoked tokens response is missing signed section" << dendl;<br />return -EINVAL;<br />}</p>
</blockquote>
<p>Thanks</p>
rgw - Bug #22312: ERROR: keystone revocation processing returned error r=-22 on keystone v3 openstack ocata
https://tracker.ceph.com/issues/22312?journal_id=104253
2018-01-04T18:54:47Z
Matt Benjamin
mbenjamin@redhat.com
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>In Progress</i></li><li><strong>Assignee</strong> set to <i>Marcus Watts</i></li></ul><p>@marcus, could you take a look when able?</p>
rgw - Bug #22312: ERROR: keystone revocation processing returned error r=-22 on keystone v3 openstack ocata
https://tracker.ceph.com/issues/22312?journal_id=108529
2018-03-05T19:22:33Z
Yehuda Sadeh
yehuda@redhat.com
<ul></ul><p>@marcus ping</p>