Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

ceph-rgw: endpoints incorrectly set when https protocol used

See original GitHub issue

Bug Report

What happened: Zone endpoints are incorrectly set in zone_endpoint_pairs list to use IP addresses instead of FQDN when HTTPS protocol is set:

rgw_multisite_proto: https

What you expected to happen: endpoint value of zone_endpoint_pairs list should contain URL with FQDN instead of IP address when https protocol is used.

How to reproduce it (minimal and precise):

Adding couple of debug tasks demonstrates it clearly that task create a list of zones and all their endpoints substitutes proper endpoint value from rgw_instances_all to endpoint value with IP address in zone_endpoint_pairs list:

diff --git a/roles/ceph-rgw/tasks/multisite/create_realm_zonegroup_zone_lists.yml b/roles/ceph-rgw/tasks/multisite/create_realm_zonegroup_zone_lists.yml
index 03e37b30..d94fbefa 100644
--- a/roles/ceph-rgw/tasks/multisite/create_realm_zonegroup_zone_lists.yml
+++ b/roles/ceph-rgw/tasks/multisite/create_realm_zonegroup_zone_lists.yml
@@ -5,6 +5,10 @@
   loop: "{{ rgw_instances_all }}"
   run_once: true
 
+- debug: var=realms
+
+- debug: var=rgw_instances_all
+
 - name: create list secondary_realms
   set_fact:
     secondary_realms: "{{ secondary_realms | default([]) | union([{ 'realm': item.rgw_realm, 'endpoint': item.endpoint, 'system_access_key': item.system_access_key, 'system_secret_key': item.system_secret_key, 'is_master': hostvars[item.host]['rgw_zonemaster'] }]) }}"
@@ -26,14 +30,22 @@
   loop: "{{ rgw_instances_all }}"
   run_once: true
 
+- debug: var=rgw_instances_all
+
 - name: create a list of dicts with each rgw endpoint and it's zone
   set_fact:
     zone_endpoint_pairs: "{{ zone_endpoint_pairs | default([]) | union([{ 'endpoint': hostvars[item.host]['rgw_multisite_proto'] + '://' + item.radosgw_address + ':' + item.radosgw_frontend_port | string, 'rgw_zone': item.rgw_zone, 'rgw_realm': item.rgw_realm, 'rgw_zonegroup': item.rgw_zonegroup, 'rgw_zonemaster': hostvars[item.host]['rgw_zonemaster']}]) }}"
   loop: "{{ rgw_instances_all }}"
   run_once: true
 
+- debug: var=zone_endpoint_pairs
+
 - name: create a list of zones and all their endpoints
   set_fact:
     zone_endpoints_list: "{{ zone_endpoints_list | default([]) | union([{'zone': item.rgw_zone, 'zonegroup': item.rgw_zonegroup, 'realm': item.rgw_realm, 'is_master': item.rgw_zonemaster, 'endpoints': ','.join(zone_endpoint_pairs | selectattr('rgw_zone','==',item.rgw_zone) | selectattr('rgw_realm','==',item.rgw_realm) | selectattr('rgw_zonegroup', '==', item.rgw_zonegroup) | map(attribute='endpoint'))}]) }}"
   loop: "{{ zone_endpoint_pairs }}"
   run_once: true
+
+- debug: var=zone_endpoints_list
+
+- fail:

Produces following output:

TASK [ceph-rgw : create list zones] *********************************************************************************************
Thursday 19 March 2020  09:43:24 +0100 (0:00:00.297)       0:05:15.845 ******** 
ok: [ceph2a] => (item={'instance_name': 'rgw0', 'radosgw_address': '172.16.xx.135', 'radosgw_frontend_port': 443, 'rgw_realm': 'ceph', 'rgw_zonegroup': 'aaa', 'rgw_zone': 'xxx', 'system_access_key': '6kWkikvapSnHyE22P7nO', 'system_secret_key': 'MGecsMrWtKZgngOHZdrd6d3JxGO5CPWgT2lcnpSt', 'rgw_zone_user': 'zone_user', 'rgw_zone_user_display_name': 'Zone User', 'endpoint': 'https://ceph1.example.com:443', 'host': 'ceph2a'})
ok: [ceph2a] => (item={'instance_name': 'rgw0', 'radosgw_address': '172.16.xx.135', 'radosgw_frontend_port': 443, 'rgw_realm': 'ceph', 'rgw_zonegroup': 'aaa', 'rgw_zone': 'xxx', 'system_access_key': '6kWkikvapSnHyE22P7nO', 'system_secret_key': 'MGecsMrWtKZgngOHZdrd6d3JxGO5CPWgT2lcnpSt', 'rgw_zone_user': 'zone_user', 'rgw_zone_user_display_name': 'Zone User', 'endpoint': 'https://ceph1.example.com:443', 'host': 'ceph2b'})
ok: [ceph2a] => (item={'instance_name': 'rgw0', 'radosgw_address': '172.16.xx.135', 'radosgw_frontend_port': 443, 'rgw_realm': 'ceph', 'rgw_zonegroup': 'aaa', 'rgw_zone': 'xxx', 'system_access_key': '6kWkikvapSnHyE22P7nO', 'system_secret_key': 'MGecsMrWtKZgngOHZdrd6d3JxGO5CPWgT2lcnpSt', 'rgw_zone_user': 'zone_user', 'rgw_zone_user_display_name': 'Zone User', 'endpoint': 'https://ceph1.example.com:443', 'host': 'ceph2c'})

TASK [ceph-rgw : debug] *********************************************************************************************************
Thursday 19 March 2020  09:43:24 +0100 (0:00:00.371)       0:05:16.216 ******** 
ok: [ceph2a] => 
  rgw_instances_all:
  - endpoint: https://ceph1.example.com:443
    host: ceph2a
    instance_name: rgw0
    radosgw_address: 172.16.xx.135
    radosgw_frontend_port: 443
    rgw_realm: ceph
    rgw_zone: xxx
    rgw_zone_user: zone_user
    rgw_zone_user_display_name: Zone User
    rgw_zonegroup: aaa
    system_access_key: 6kWkikvapSnHyE22P7nO
    system_secret_key: MGecsMrWtKZgngOHZdrd6d3JxGO5CPWgT2lcnpSt
  - endpoint: https://ceph1.example.com:443
    host: ceph2b
    instance_name: rgw0
    radosgw_address: 172.16.xx.135
    radosgw_frontend_port: 443
    rgw_realm: ceph
    rgw_zone: xxx
    rgw_zone_user: zone_user
    rgw_zone_user_display_name: Zone User
    rgw_zonegroup: aaa
    system_access_key: 6kWkikvapSnHyE22P7nO
    system_secret_key: MGecsMrWtKZgngOHZdrd6d3JxGO5CPWgT2lcnpSt
  - endpoint: https://ceph1.example.com:443
    host: ceph2c
    instance_name: rgw0
    radosgw_address: 172.16.xx.135
    radosgw_frontend_port: 443
    rgw_realm: ceph
    rgw_zone: xxx
    rgw_zone_user: zone_user
    rgw_zone_user_display_name: Zone User
    rgw_zonegroup: aaa
    system_access_key: 6kWkikvapSnHyE22P7nO
    system_secret_key: MGecsMrWtKZgngOHZdrd6d3JxGO5CPWgT2lcnpSt
[snip]

TASK [ceph-rgw : create a list of dicts with each rgw endpoint and it's zone] ***************************************************
Thursday 19 March 2020  09:43:24 +0100 (0:00:00.320)       0:05:16.537 ******** 
ok: [ceph2a] => (item={'instance_name': 'rgw0', 'radosgw_address': '172.16.xx.135', 'radosgw_frontend_port': 443, 'rgw_realm': 'ceph', 'rgw_zonegroup': 'aaa', 'rgw_zone': 'xxx', 'system_access_key': '6kWkikvapSnHyE22P7nO', 'system_secret_key': 'MGecsMrWtKZgngOHZdrd6d3JxGO5CPWgT2lcnpSt', 'rgw_zone_user': 'zone_user', 'rgw_zone_user_display_name': 'Zone User', 'endpoint': 'https://ceph1.example.com:443', 'host': 'ceph2a'})
ok: [ceph2a] => (item={'instance_name': 'rgw0', 'radosgw_address': '172.16.xx.135', 'radosgw_frontend_port': 443, 'rgw_realm': 'ceph', 'rgw_zonegroup': 'aaa', 'rgw_zone': 'xxx', 'system_access_key': '6kWkikvapSnHyE22P7nO', 'system_secret_key': 'MGecsMrWtKZgngOHZdrd6d3JxGO5CPWgT2lcnpSt', 'rgw_zone_user': 'zone_user', 'rgw_zone_user_display_name': 'Zone User', 'endpoint': 'https://ceph1.example.com:443', 'host': 'ceph2b'})
ok: [ceph2a] => (item={'instance_name': 'rgw0', 'radosgw_address': '172.16.xx.135', 'radosgw_frontend_port': 443, 'rgw_realm': 'ceph', 'rgw_zonegroup': 'aaa', 'rgw_zone': 'xxx', 'system_access_key': '6kWkikvapSnHyE22P7nO', 'system_secret_key': 'MGecsMrWtKZgngOHZdrd6d3JxGO5CPWgT2lcnpSt', 'rgw_zone_user': 'zone_user', 'rgw_zone_user_display_name': 'Zone User', 'endpoint': 'https://ceph1.example.com:443', 'host': 'ceph2c'})

TASK [ceph-rgw : debug] *********************************************************************************************************
Thursday 19 March 2020  09:43:25 +0100 (0:00:00.472)       0:05:17.009 ******** 
ok: [ceph2a] => 
  zone_endpoint_pairs:
  - endpoint: https://172.16.xx.135:443
    rgw_realm: ceph
    rgw_zone: xxx
    rgw_zonegroup: aaa
    rgw_zonemaster: false
ok: [ceph2b] => 
  zone_endpoint_pairs:
  - endpoint: https://172.16.xx.135:443
    rgw_realm: ceph
    rgw_zone: xxx
    rgw_zonegroup: aaa
    rgw_zonemaster: false
ok: [ceph2c] => 
  zone_endpoint_pairs:
  - endpoint: https://172.16.xx.135:443
    rgw_realm: ceph
    rgw_zone: xxx
    rgw_zonegroup: aaa
    rgw_zonemaster: false

TASK [ceph-rgw : create a list of zones and all their endpoints] ****************************************************************
Thursday 19 March 2020  09:43:25 +0100 (0:00:00.316)       0:05:17.326 ******** 
ok: [ceph2a] => (item={'endpoint': 'https://172.16.xx.135:443', 'rgw_zone': 'xxx', 'rgw_realm': 'ceph', 'rgw_zonegroup': 'aaa', 'rgw_zonemaster': False})

TASK [ceph-rgw : debug] *********************************************************************************************************
Thursday 19 March 2020  09:43:25 +0100 (0:00:00.176)       0:05:17.502 ******** 
ok: [ceph2a] => 
  zone_endpoints_list:
  - endpoints: https://172.16.xx.135:443
    is_master: false
    realm: ceph
    zone: xxx
    zonegroup: aaa
ok: [ceph2b] => 
  zone_endpoints_list:
  - endpoints: https://172.16.xx.135:443
    is_master: false
    realm: ceph
    zone: xxx
    zonegroup: aaa
ok: [ceph2c] => 
  zone_endpoints_list:
  - endpoints: https://172.16.xx.135:443
    is_master: false
    realm: ceph
    zone: xxx
    zonegroup: aaa

In consequent tasks, connections to these endpoints fail, since HTTPS connection to IP address fails.

Share your group_vars files, inventory:

[xxx]
ceph2a
ceph2b
ceph2c
 
[mons:children]
xxx
 
[mgrs:children]
xxx
 
[rgws:children]
xxx

group_vars/all.yml:

radosgw_address: "{{ ansible_default_ipv4.address }}"
radosgw_num_instances: 1
radosgw_frontend_ssl_certificate: "/etc/ceph/ceph1.example.com.pem"
radosgw_frontend_port: 443

#############
# MULTISITE #
#############
rgw_multisite: True
rgw_multisite_proto: "https"

rgw_zonegroup: "aaa"
rgw_zone_user: "zone_user"
rgw_zone_user_display_name: "Zone User"
rgw_realm: "ceph"
system_access_key: "{{ lookup('env','CEPH_SYSTEM_ACCESS_KEY') }}"
system_secret_key: "{{ lookup('env','CEPH_SYSTEM_SECRET_KEY') }}"

group_vars/xxx.yml:

rgw_zone: "aaa"
rgw_zonemaster: False
rgw_zonesecondary: True
rgw_zonegroupmaster: False

rgw_pull_proto: "{{ rgw_multisite_proto }}"
rgw_pull_port: 443
rgw_pullhost: "ceph1.example.com"

cluster_network: "172.16.yy.0/24"

Environment:

OpenBSD on Ansible controller, CentOS 7.7 on CEPH nodes.
ansible-playbook 2.9.5
ceph-ansible version 4-stable
ceph version 14.2.8 (2d095e947a02261ce61424021bb43bd3022d35cb) nautilus (stable)

Issue Analytics

State:
Created 4 years ago
Comments:8 (6 by maintainers)

Top GitHub Comments

1reaction

alimarediacommented, Mar 19, 2020

@dsavineau @p37ruh4: What if instead of radosgw_address in that we set a variable for each instance called rgw_multisite_host that defaults to the conditions @p37ruh4 laid out?

This way that value could be changed instance by instance.

0reactions

stale[bot]commented, Apr 23, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

Top Results From Across the Web

Chapter 2. Configuration Red Hat Ceph Storage 3

If the Ceph configuration file does not include the rgw frontends = civetweb line, the Ceph Object Gateway listens on port 7480 ....

Ceph rgw & dashboard problem - ceph-users - Mailing Lists

Hi, Using Ceph Octopus installed with cephadm here. Version running currently is 15.2.6. There are 3 machines running the cluster.

SES 7 | Ceph Object Gateway - SUSE Documentation

This chapter introduces details about administration tasks related to Object Gateway, such as checking status of the service, managing accounts, mult…

Troubleshooting - Ceph Documentation

If there is a 500 error, that usually indicates a problem communicating with the radosgw daemon. Ensure the daemon is running, its socket...

1.6.2 Multisite Ceph Object Gateway

The following naming conventions are used in the example configuration: Realm: gold. Master Zonegroup: us. Master Zone: us-east-1.