From 787e692ea0888a5f7dd973b674b0e70155972cdc Mon Sep 17 00:00:00 2001 From: "Ritchie, Frank (fr801x)" Date: Wed, 23 Jun 2021 08:56:12 -0500 Subject: [PATCH] Use local auth before keystone for s3 This change is to have RGW use local authentication before Keystone when both are enabled. This can improve performance: https://cloudblog.switch.ch/2020/02/10/radosgw-keystone-integration-performance-issues-finally-solved/ Given that we do not duplicate local users in keystone with different passwords this should be a safe change. Change-Id: I976a47a5d68884ffb54a0ddd8ab802d69cecbf44 --- ceph-rgw/Chart.yaml | 2 +- ceph-rgw/values.yaml | 1 + releasenotes/notes/ceph-rgw.yaml | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ceph-rgw/Chart.yaml b/ceph-rgw/Chart.yaml index ede3cce8..15b2c280 100644 --- a/ceph-rgw/Chart.yaml +++ b/ceph-rgw/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Ceph RadosGW name: ceph-rgw -version: 0.1.10 +version: 0.1.11 home: https://github.com/ceph/ceph ... diff --git a/ceph-rgw/values.yaml b/ceph-rgw/values.yaml index d5e25656..a5147856 100644 --- a/ceph-rgw/values.yaml +++ b/ceph-rgw/values.yaml @@ -430,6 +430,7 @@ conf: rgw_keystone_implicit_tenants: true rgw_keystone_make_new_tenants: true rgw_s3_auth_use_keystone: true + rgw_s3_auth_order: "local, external, sts" rgw_swift_account_in_url: true rgw_swift_url: null rgw_s3: diff --git a/releasenotes/notes/ceph-rgw.yaml b/releasenotes/notes/ceph-rgw.yaml index 95e6ebe9..cb8d6d23 100644 --- a/releasenotes/notes/ceph-rgw.yaml +++ b/releasenotes/notes/ceph-rgw.yaml @@ -11,4 +11,5 @@ ceph-rgw: - 0.1.8 Add placement target delete support to RGW - 0.1.9 Use full image ref for docker official images - 0.1.10 Fix a bug in placement target deletion for new targets + - 0.1.11 Change s3 auth order to use local before external ...