OpenStack Compute (nova)

set bucket acl in nova-objectstore

Asked by Bryan Walker

Hi, I'm setting up a puppet cluster in openstack Bexar using the following module for guidance (http://ubuntumathiaz.wordpress.com/2010/03/25/using-puppet-in-uecec2-automating-the-signing-process/). In short, this module stores certificates in buckets and then has the puppetmaster read the bucket (by opening the bucket's url) to sign them automatically. I'm having trouble setting a bucket's acl to 'public-read'. I've noticed that setting the acl is a PUT call through the API and that I get a 403 Forbidden response (even if I created the bucket) when I try to set the bucket's acl through boto.s3.

I've read that nova-objectstore will be deprecated, but is this action currently possible in openstack nova, or will I need to code a work-around (possibly using swift) to get the puppetmaster to read the certificates? Thanks!

-Bryan

Question information

Language:
English Edit question
Status:
Solved
For:
OpenStack Compute (nova) Edit question
Assignee:
No assignee Edit question
Solved by:
Vish Ishaya
Solved:
Last query:
Last reply:
Revision history for this message
Best Vish Ishaya (vishvananda) said : 		#1

nova-objectstore is very naive and only supports the features necessary to allow images to be uploaded and registered. It is definitely not intended to be general purpose object storage. You'll probably need to use swift or some other storage system.

Vish

On Feb 10, 2011, at 10:03 AM, Bryan Walker wrote:

> New question #144876 on OpenStack Compute (nova):
> https://answers.launchpad.net/nova/+question/144876
>
> Hi, I'm setting up a puppet cluster in openstack Bexar using the following module for guidance (http://ubuntumathiaz.wordpress.com/2010/03/25/using-puppet-in-uecec2-automating-the-signing-process/). In short, this module stores certificates in buckets and then has the puppetmaster read the bucket (by opening the bucket's url) to sign them automatically. I'm having trouble setting a bucket's acl to 'public-read'. I've noticed that setting the acl is a PUT call through the API and that I get a 403 Forbidden response (even if I created the bucket) when I try to set the bucket's acl through boto.s3.
>
> I've read that nova-objectstore will be deprecated, but is this action currently possible in openstack nova, or will I need to code a work-around (possibly using swift) to get the puppetmaster to read the certificates? Thanks!
>
> -Bryan
>
> --
> You received this question notification because you are a member of Nova
> Core, which is an answer contact for OpenStack Compute (nova).

Revision history for this message
Bryan Walker (bwalker7125) said : 		#2

Thanks Vish Ishaya, that solved my question.