Skip to content

Commit d72865e

Browse files
ednxzumnasiadka
authored andcommitted
docs: warn about password resets in ceph RGW doc
Keeping this value to true with external RGW as object storage endpoints can cause outages that are annoying to recover from. We should warn operators about this. Change-Id: I37965382bed6b9762782ec3f9ec3103143d738cc Signed-off-by: Bertrand Lanson <bertrand.lanson@infomaniak.com> (cherry picked from commit 8510b76)
1 parent f8c8f6a commit d72865e

1 file changed

Lines changed: 9 additions & 0 deletions

File tree

doc/source/reference/storage/external-ceph-guide.rst

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -555,6 +555,15 @@ This prevents cross-project and public object access. This can be resolved by
555555
setting ``ceph_rgw_swift_account_in_url`` to ``true``. This should match the
556556
``rgw_swift_account_in_url`` configuration option in Ceph RadosGW.
557557

558+
.. warning::
559+
560+
When using an external Ceph RadosGW for object storage endpoints
561+
(when ``enable_ceph_rgw: true``), operators are advised to set
562+
``update_keystone_service_user_passwords: false`` in``globals.yml``.
563+
Leaving this option enabled causes the service user password to be reset
564+
on every reconfigure, which invalidates existing tokens and can cause
565+
unforeseen outages for object storage consumers.
566+
558567
Load balancing
559568
==============
560569

0 commit comments

Comments
 (0)