rook: Ceph object store dashboard cannot be enabled

Is this a bug report or feature request? BUG

  • Bug Report

Deviation from expected behavior: No matter what I try I cannot make the object storage part in the dashboard work. The Object Gateway seems to be working properly, buckets, files etc. The other parts in the dashboard also work properly.

I am getting, 500 - Internal Server Error RGW rest api failed request with status code 403

Expected behavior: It should present object, buckets etc.

How to reproduce it (minimal and precise):

We are using Rook Ceph v0.9.3 (Ceph image: v13.2.4-20190109) on kubernetes v1.13.5 Ubuntu 18.4

Start the dashboard, follow dashboard conf http://docs.ceph.com/docs/mimic/mgr/dashboard/ and try it out

Environment:

  • OS (e.g. from /etc/os-release): Ubuntu 18.4 LTS

  • Kernel (e.g. uname -a): Linux master1 4.15.0-1029-gcp #31-Ubuntu SMP Thu Mar 21 09:40:28 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

  • Cloud provider or hardware configuration: GCP/ Local hardware - the same issue Local hardware, 30Cores+64GB RAM

  • Rook version (use rook version inside of a Rook Pod): 0.9.3 [root@node1 /]# rook version rook: v0.9.3

  • Kubernetes version (use kubectl version): 13.05 14.01

  • Kubernetes cluster type (e.g. Tectonic, GKE, OpenShift): Native

  • Storage backend status (e.g. for Ceph use ceph health in the Rook Ceph toolbox): [root@node1 /]# ceph health HEALTH_OK

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 4
  • Comments: 16 (6 by maintainers)

Most upvoted comments

[Resolved] Kubernets:

NAME             STATUS   ROLES    AGE   VERSION
ceph-k8s-node1   Ready    master   18d   v1.15.3
ceph-k8s-node2   Ready    <none>   18d   v1.15.3
ceph-k8s-node3   Ready    <none>   18d   v1.15.3

Rook:

v1.1.0-beta.1
rook/ceph:v1.1.0-beta.1

Ceph Image:

ceph/ceph:v14.2.2-20190826

I changed the dashboard config ssl to false and port to 7000, and created the rook ceph cluster as order:

  1. kubectl create -f common.yaml
  2. kubectl create -f operator.yaml
  3. kubectl create -f cluster.yaml
  4. kubectl create -f dashboard-external-http.yaml
  5. kubectl create -f object.yaml
  6. kubectl create -f object-user.yaml
  7. kubectl create -f rgw-external.yaml
  8. kubectl create -f toolbox.yaml

And then I executed the commands

# Access toolbox CLI:
kubectl -n rook-ceph exec -it $(kubectl -n rook-ceph get pod -l "app=rook-ceph-tools" -o jsonpath='{.items[0].metadata.name}') bash

# Enable system flag on the user:
radosgw-admin user modify --uid=my-user --system

# Provide the user credentials:
ceph dashboard set-rgw-api-user-id my-user
ceph dashboard set-rgw-api-access-key <access-key>
ceph dashboard set-rgw-api-secret-key <secret-key>

The log of ceph dashboard set-rgw-api-*

debug 2019-09-09 06:31:46.350 7f0a8275e700 0 log_channel(audit) log [DBG] : from=‘client.7260 -’ entity=‘client.admin’ cmd=[{“prefix”: “dashboard set-rgw-api-user-id”, “target”: [“mgr”, “”], “value”: “my-user”}]: dispatch

debug 2019-09-09 06:32:03.146 7f0a8275e700 0 log_channel(audit) log [DBG] : from=‘client.7269 -’ entity=‘client.admin’ cmd=[{“prefix”: “dashboard set-rgw-api-access-key”, “target”: [“mgr”, “”], “value”: “178GT1BC5CP6FYKNM02K”}]: dispatch

debug 2019-09-09 06:32:24.710 7f0a8275e700 0 log_channel(audit) log [DBG] : from=‘client.7296 -’ entity=‘client.admin’ cmd=[{“prefix”: “dashboard set-rgw-api-secret-key”, “target”: [“mgr”, “”], “value”: “hcFuuMBQnPSL2AAqClunQLzvSJY4COoYjJFA15Ed”}]: dispatch

re-login dashboard and click Object Gateway --> Daemons

The response was

Information No RGW found Please consult the documentation on how to configure and enable the Object Gateway management functionality.

Would you help to point where I was wrong?

After restart dashboard by command

$ ceph mgr module disable dashboard
$ ceph mgr module enable dashboard

The web page of Object Gateway can be accessed.

+6
colilo on Sep 9, 2019

After futzing around for a while, I kept getting max-recursion errors when accessing the object gateway section of the dashboard. Fixing it for me was a matter of running every ceph dashboard reset-rgw-* command to clean up, then starting over. Here is a handy shortcut:

From my ceph-tools container:

ceph dashboard --help | grep reset-rgw | awk '{print $2}' | xargs -n 1 ceph dashboard
ceph dashboard set-rgw-api-user-id <your-user>
ceph dashboard set-rgw-api-access-key <your-access-key>
ceph dashboard set-rgw-api-secret-key <your-secret-key>

Logging out and back into the web UI seemed to be necessary.

At the time of this writing, the commands run by the first line:

ceph dashboard --help | grep reset-rgw | awk '{print $2}' | xargs -n 1 echo ceph dashboard 
ceph dashboard reset-rgw-api-access-key
ceph dashboard reset-rgw-api-admin-resource
ceph dashboard reset-rgw-api-host
ceph dashboard reset-rgw-api-port
ceph dashboard reset-rgw-api-scheme
ceph dashboard reset-rgw-api-secret-key
ceph dashboard reset-rgw-api-ssl-verify
ceph dashboard reset-rgw-api-user-id
+2
ctrahey on Aug 9, 2020

@meirhazonAnyVision The steps in #3255 worked for me. Could you also verify?

I would suggest the following to automate this when rook configures an object store:

  • Create a system object user (call it rook-system-<store>, for example rook-system-my-store)
  • Configure the dashboard module with the needed variables:
ceph dashboard set-rgw-api-user-id rook-system-my-store
ceph dashboard set-rgw-api-access-key <access-key>
ceph dashboard set-rgw-api-secret-key <secret-key>
+2
travisn on Jun 10, 2019
Read more comments on GitHub
← rook: Ceph monitors in crash loop
rook: Ceph: ObjectStoreUser failures on update to 1.6 →