This file documents how to configure RGW to use Apache/FastCGI, so rename
the file and modify the title and intro to make that clear.
Also, add a note that CGI can pose a security risk - e.g. http://httpoxy.org
Signed-off-by: Nathan Cutler <ncutler@suse.com>
This patch brings a small fix for broken formatting around
two configurables in doc/radosgw/config-ref.rst. Those are:
* rgw keystone admin user,
* rgw keystone admin password.
Signed-off-by: Radoslaw Zarzynski <rzarzynski@mirantis.com>
This patch allows RadosGW to pass the RefStack with an accuracy
to the RFC7230 violation issue which is clearly a Tempest bug.
Fixes: http://tracker.ceph.com/issues/15925
Signed-off-by: Radoslaw Zarzynski <rzarzynski@mirantis.com>
S3 doc update.
The bucket request payment feature is available in Jewel
commits:
899d7754fe461bd7fa08
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Adding the short descriptions of the keystone admin tenant, user and
password options to the config reference as well. Also adding a note
that this applies to only v2 of Openstack Identity API
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
Explain the configuration of `rgw keystone admin user`, tenant and
password which avoids the need for setting the keystone admin token
shared secret in ceph configuration, since this token is recommended to
be disabled in production environments.
Fixes: #13066, #13519
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
`Pool Configuration` was mentioned previously but didn't contain any
info, adding this section and minor cosmetic changes to a few headings
after looking at the html view.
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
Adding basic documentation for new multisite features, with an example
showing 3 zones in a zonegroup.
Fixes: http://tracker.ceph.com/issues/15247
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
Specify that uid is a required param for GET /admin/user requests
Fixes: http://tracker.ceph.com/issues/15455
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
This, unfortunately, introduces possible double lookups, but
they should be cached. Also, the logic appears somewhat convoluted,
although the intent is quite simple: if you're an OpenStack user
with a Keystone authentication, we allow an implicit tenant of
the same name as the user.
Signed-off-by: Pete Zaitcev <zaitcev@redhat.com>
Conflicts:
src/rgw/rgw_swift.cc
In most public clouds OpenStack Swift URL is based on the tree
root, like:
https://swift.domain.com/v1/AUTH_tenant
Our convention is to have a path, like:
https://domain.com/swift/v1/AUTH_tenant
The path is configurable, but even if someone manages to set
an empty prefix, we print headers with %s/%s/v1 where the extra
slash is baked in. In addition, the empty prefix means "use the
/swift default".
To provide compatibility, this patch uses a trick. The empty
prefix remains to mean "/swift", but then we use "/" (one slash)
to create the needed empty prefix.
Signed-off-by: Pete Zaitcev <zaitcev@redhat.com>
Adding info about `rgw keystone verify ssl` to configuration reference,
also adding a note in rgw keystone to explain the usage.
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
