Skip to content

Commit 3082ed5

Browse files
ednxzumnasiadka
authored andcommitted
docs: warn about password resets in ceph RGW doc
Keeping this value to true with external RGW as object storage endpoints can cause outages that are annoying to recover from. We should warn operators about this. Change-Id: I37965382bed6b9762782ec3f9ec3103143d738cc Signed-off-by: Bertrand Lanson <bertrand.lanson@infomaniak.com> (cherry picked from commit 8510b76)
1 parent b3f7c6c commit 3082ed5

1 file changed

Lines changed: 9 additions & 0 deletions

File tree

doc/source/reference/storage/external-ceph-guide.rst

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -537,6 +537,15 @@ This prevents cross-project and public object access. This can be resolved by
537537
setting ``ceph_rgw_swift_account_in_url`` to ``true``. This should match the
538538
``rgw_swift_account_in_url`` configuration option in Ceph RadosGW.
539539

540+
.. warning::
541+
542+
When using an external Ceph RadosGW for object storage endpoints
543+
(when ``enable_ceph_rgw: true``), operators are advised to set
544+
``update_keystone_service_user_passwords: false`` in``globals.yml``.
545+
Leaving this option enabled causes the service user password to be reset
546+
on every reconfigure, which invalidates existing tokens and can cause
547+
unforeseen outages for object storage consumers.
548+
540549
Load balancing
541550
==============
542551

0 commit comments

Comments
 (0)