object: remove default value us-east-1 as region from s3 client

[thotz]

Currently s3 client apis sets default value as us-east-1. This patch
removes that, region need to map with zonegroup in the RGW server so we
set that accordingly

Signed-off-by: Jiffin Tony Thottan thottanjiffin@gmail.com

Description of your changes:

Which issue is resolved by this Pull Request:
Resolves #

Checklist:

• Commit Message Formatting: Commit titles and messages follow guidelines in the developer guide.
• Skip Tests for Docs: Add the flag for skipping the build if this is only a documentation change. See here for the flag.
• Skip Unrelated Tests: Add a flag to run tests for a specific storage provider. See test options.
• Reviewed the developer guide on Submitting a Pull Request
• Documentation has been updated, if necessary.
• Unit tests have been added, if necessary.
• Integration tests have been added, if necessary.
• Pending release notes updated with breaking and/or notable changes, if necessary.
• Upgrade from previous release is tested and upgrade user guide is updated, if necessary.
• Code generation (make codegen) has been run to update object specifications, if necessary.

[leseb]

This change is not passing CI.

[travisn]

us-east-1 is still used in the integration tests in ceph_base_object_test.go. How about changing that to something else so we can see the non-default works?

[travisn]

If a different region is specified in the storage class, will this client connection work with the store name? Or does it need to match the storage class?

[thotz]

@travisn : I wondered magic behind us-east-1 as region value. The actual value for s3 client needs to storeName and ideally we should have filled same value for storage class. The us-east-1 works for RGW, I am guessing it skips checks(or maybe bug)

[thotz]

@travisn : [Another update]: us-east-1 as a region no longer valid in master, it works with pacific though. So IMO we might see a similar issue when we start using new ceph versions

[travisn]

So if we remove region from the default examples in rook, it will work with ceph pacific and master? Or will we need different examples for pacific vs quincy? And to be clear, does the ceph master change also affect quincy, or just post-quincy?

[thotz]

Yeah, it will work, this fills internal by Rook. Earlier we are using us-east-1 from this patch we add the actual zone of the rgw server that's the difference.
The us-east-1 worked in quincy as well, but I don't see much code difference in that path for master and Quincy. Need to have a bit of time to understand that

[travisn]

The documented examples we are working on in the other comments only apply to Quincy and newer, correct? So what is the behavior for region in Pacific? The docs need to give that detail, especially since Pacific is still the default version with Rook.

[thotz]

@travisn : Sorry if I created confusion before for RGW in any versions, region is the zone group but (again true for all versions) if we give region as us-east-1 it will bypass some checks in RGW and request succeed. I felt it is kind of a hack. But without knowing much about this context Rook was setting us-east-1 for the internal aws s3 SDK and this was working fine for our use case. But this may create confusion for users when they use us-east-1 works but other region's requests are failing. By this PR we are avoiding hack and using the required value

[travisn]

I'm still confused about how users can understand the region. If us-east-1 is a workaround and a hack, maybe we should just keep that for the simple, local rgw case. What does the user gain by using a different region? Seems like it should only be important for external or multi-site where we need the region name in order to connect. But if it's just the local cluster, can we hide the region from the user so they don't need to worry about it?

[travisn]

Let's find a time to discuss this next week since I'm having such a hard time. :)

[thotz]

@travisn: Sure :). Sounds good to me

[BlaineEXE]

If this needs to match with the zone group, perhaps we should add documentation here in the example and also in the official docs to help users set this value correctly.

[thotz]

@BlaineEXE : I will try to add #9556 with this change

[travisn]

@thotz Since the default is us-east-1, should we just leave this default uncommented?

Suggested change

	# region: us-east-1
	region: us-east-1

[thotz]

us-east-1 is still used in the integration tests in ceph_base_object_test.go. How about changing that to something else so we can see the non-default works?

@travisn : do u want to check whether with regions and see s3 client works or not right? It's more or like s3 client kind of test, but I can definitely add those

[travisn]

us-east-1 is still used in the integration tests in ceph_base_object_test.go. How about changing that to something else so we can see the non-default works?

@travisn : do u want to check whether with regions and see s3 client works or not right? It's more or like s3 client kind of test, but I can definitely add those

Yes sounds to add some testing for this.

[thotz]

us-east-1 is still used in the integration tests in ceph_base_object_test.go. How about changing that to something else so we can see the non-default works?

@travisn : do u want to check whether with regions and see s3 client works or not right? It's more or like s3 client kind of test, but I can definitely add those

Yes sounds to add some testing for this.

The only create bucket request needs the correct region value, all the objects operation works fine with the
invalid region for s3 client. So I guess I need to add a test case for cephobjectstoreuser by creating a bucket to test this out

[travisn]

So if we remove region from the default examples in rook, it will work with ceph pacific and master? Or will we need different examples for pacific vs quincy? And to be clear, does the ceph master change also affect quincy, or just post-quincy?

[travisn]

The documented examples we are working on in the other comments only apply to Quincy and newer, correct? So what is the behavior for region in Pacific? The docs need to give that detail, especially since Pacific is still the default version with Rook.

[travisn]

Shall we mention the default here? Otherwise, I'm not sure what it means for Rook to "fill this value".

Suggested change

	1. `region`(optional) defines the region in which the bucket should be created. For RGW, this maps to [zonegroup](https://docs.ceph.com/en/latest/radosgw/multisite/#zone-groups) of the server. If user does not define `region`, Rook will fill this value accordingly. Please check example at the end of the doc.
	1. `region`(optional) defines the region in which the bucket should be created. For RGW, this maps to [zonegroup](https://docs.ceph.com/en/latest/radosgw/multisite/#zone-groups) of the server. If user does not define `region`, the default is `us-east-1`. Please check example at the end of the doc.

[thotz]

@travisn : I don't what I missed earlier if the user does not define the region, Rook will fill it from Zonegroup from ceph object store context and don't use us-east-1 at all(at least that was my first intention of PR).

us-east-1 is not the default value from RGW(at least not in RGW code base). It is a value that always works mysteriously. Maybe because a lot of s3 clients use this as default for region, but again not defined as default by RGW

[travisn]

Ok, does that mean rook can just take care of this internally? Why do we need to expose the region setting at all?

[thotz]

@travisn : The region defined in storage class of libbucket provisioner. Not sure whether Rook can hide it from user, maybe we can ignore the value. But this was available earlier release not sure whether it right to remove the variable. AFAIR I have sent #8766 as per request from the user, he wants to set the custom region for his use case.

[travisn]

@thotz Since the default is us-east-1, should we just leave this default uncommented?

Suggested change

	# region: us-east-1
	region: us-east-1

[travisn]

Suggested change

	# region: us-east-1
	region: us-east-1

[travisn]

Why is the storeName used here, but the zonegroup is used in the example for using a different region? Shouldn't this use the zonegroup as well? Or in the test, the storeName and zonegroup are the same anyway?

[thotz]

Yeah this should be zone group, since we testing only internal ceph cluster without multisite, I just set directly storeName which is value of zonegroup as well

[travisn]

Suggested change

	If user is providing the `region` value other than `us-east-1` then additional CRDs for zonegroup/zone/realm need to be created. For example, here user is providing `region` value as `us-west-1`. So make sure following [multisite related CRDs](ceph-object-multisite-crd.md) are defined as well. The Rook Operator will create required `zonegroup` for RGW server.
	To specify a `region` other than `us-east-1`, a custom zone group must be created that matches the desired region name. In the following example, the `region` is set to `us-west-1`. For more details, see the [related multisite CRDs](ceph-object-multisite-crd.md).

[BlaineEXE]

I'm a little bit confused. What is the point of overriding region if the default is mapped to ZoneGroup and if the user has to create a ZoneGroup resource if they want to override region? Would it be simpler to just remove this parameter and rely on users to create a ZoneGroup instead?

Is this only useful if there are multiple zone groups? What happens in the case where there are multiple zone groups? Then what is the default?

[thotz]

@BlaineEXE : region is an optional value for storage-class. If it is not defined then we need to fill up with Zonegroup from object store context, This value changes in different scenarios:
1.) normal cluster, it is name of object store
2.) external cluster it is default
3.) if multiple zones are configured then it depends on value set in object-store CR.

If the user wants to use a custom region then he defines Zonegroup that's different scenario. Hope this avoids the confusion

[BlaineEXE]

In all three of those cases, I don't think we need to have the region parameter.

1. If external cluster with no zone group defined, use default
2. If external cluster with external zone group defined, use the zone group
3. If internal cluster with no zone group defined, use name of object store
4. If internal cluster with zone group defined, use the zone group

Is this not correct? Are there any cases missing?

[thotz]

@BlaineEXE : Please see #9754 (comment) why the region is needed.
Above cases are right, but please note 2.) is not support in Rook atm

[BlaineEXE]

If we can fill in a default value for "region" from the zone group, is region even a valid parameter?

[BlaineEXE]

Suggested change

	1. `region`(optional) defines the region in which the bucket should be created. For RGW, this maps to [zonegroup](https://docs.ceph.com/en/latest/radosgw/multisite/#zone-groups) of the server. If user does not define `region`, Rook will fill this value accordingly. Please check example at the end of the doc.
	1. `region`(optional) defines the region in which the bucket should be created. For RGW, this maps to the [zone group](https://docs.ceph.com/en/latest/radosgw/multisite/#zone-groups) of the server. If user does not define `region`, Rook will fill this value accordingly. Please check example at the end of the doc.

[BlaineEXE]

This is still not very clear. What is the region set to if the user doesn't define it? "Accordingly" isn't clear enough.

[thotz]

@BlaineEXE : earlier version was Rook Operato fill this value from object store context internally. But @travisn suggested it better not to give internal code details for the end-user. Hence changed like this. I can revert back the change

[BlaineEXE]

Even the text "fill this value from object store context internally" doesn't explain to the user what the value will be. In order for the user to understand when they need to modify the value, they must understand what the default value is. In words good for a user, what value will be the default?

This is also assuming that region is even a necessary parameter to have still.

[thotz]

Okay will update it again next push

[BlaineEXE]

Please add a link to the example in the doc for users.

[BlaineEXE]

Do users need to create all of the resources, or only zone group?

[thotz]

If I understand correctly zonegroup is not an independent resource. Rooks mandates to have realm for zonegroup and in RGW does not make sense to have zonegroup without zones (zonegroup is collection of zones and zone is collection of RGW servers in short)

[alimaredia]

@thotz I was taking at glance at this PR and I don't quite understand the use case/problem this is trying to solve, even after reading the doc changes. Could you summarize what the object-store/obc's couldn't do before this PR was written and what the PR solves?

[thotz]

@thotz I was taking at glance at this PR and I don't quite understand the use case/problem this is trying to solve, even after reading the doc changes. Could you summarize what the object-store/obc's couldn't do before this PR was written and what the PR solves?
@alimaredia : Please refer #9754 (comment) for details

[thotz]

@BlaineEXE @travisn : I have minor nits need to address in this PR. But before refreshing the PR I want to make sure everyone is on the same page

[BlaineEXE]

@BlaineEXE @travisn : I have minor nits need to address in this PR. But before refreshing the PR I want to make sure everyone is on the same page

It is still unclear what is wrong currently. The description in #9754 (comment) isn't quite enough for me to understand. Please be very clear about whether behavior is broken or not. Is there broken behavior? Can you make a test case that causes any failures? If yes, outline the failing case.
If we can't make a failing test case, then why are we making the code more complex? Wouldn't that mean the parameter is just unnecessary?

Once we understand what is wrong, we can do a much better job of reviewing the PR for behavior and usability and not merely code.

[thotz]

@BlaineEXE @travisn : I have minor nits need to address in this PR. But before refreshing the PR I want to make sure everyone is on the same page

It is still unclear what is wrong currently. The description in #9754 (comment) isn't quite enough for me to understand. Please be very clear about whether behavior is broken or not. Is there broken behavior? Can you make a test case that causes any failures? If yes, outline the failing case. If we can't make a failing test case, then why are we making the code more complex? Wouldn't that mean the parameter is just unnecessary?

Once we understand what is wrong, we can do a much better job of reviewing the PR for behavior and usability and not merely code.
@BlaineEXE : there are two commits in this PR :

• replacing instance of us-east-1 with zone group of RGW server
• document how to use custom region in storage class of OBC for the user

The second part is clear I guess. The reason for the why region is needed is explained in earlier replies

Now talking about the first part, most of the cases will work with current(i.e using us-east-1) but it is semantically correct to use zone-group instead.It is based on @cbodley's suggestion.
I have added a test case with the invalid region for the s3 client https://github.com/rook/rook/pull/9754/files#diff-5f2c0f5640c927aba71e73e05b71d0f3116c972f7e0f99a40c6e2b1a986b0431R210. EIther zonegroup or us-east-1 as the region for s3 client the request will succeed, so not sure whether it requires to have test cases based on it, If need I can add those as well

[BlaineEXE]

@BlaineEXE @travisn : I have minor nits need to address in this PR. But before refreshing the PR I want to make sure everyone is on the same page

It is still unclear what is wrong currently. The description in #9857 isn't quite enough for me to understand. Please be very clear about whether behavior is broken or not. Is there broken behavior? Can you make a test case that causes any failures? If yes, outline the failing case. If we can't make a failing test case, then why are we making the code more complex? Wouldn't that mean the parameter is just unnecessary?
Once we understand what is wrong, we can do a much better job of reviewing the PR for behavior and usability and not merely code.
@BlaineEXE : there are two commits in this PR :

• replacing instance of us-east-1 with zone group of RGW server
• document how to use custom region in storage class of OBC for the user

The second part is clear I guess. The reason for the why region is needed is explained in earlier replies

@thotz as I explained in the message you replied to, it is not clear to those of us trying to understand what is going on. Please summarize again, and be thorough. Several of us have concerns about this approach, and we need better information to make sure we are applying the correct fix for this.

Now talking about the first part, most of the cases will work with current(i.e using us-east-1) but it is semantically correct to use zone-group instead. It is based on @cbodley's suggestion.

From that discussion, it has become clear to me that there is something wrong with the region setting, but I am not confident that the current proposed changes are the best solution. I still want some sort of proof that simply removing the field as a configurable option isn't a better solution.

I have added a test case with the invalid region for the s3 client https://github.com/rook/rook/pull/9754/files#diff-5f2c0f5640c927aba71e73e05b71d0f3116c972f7e0f99a40c6e2b1a986b0431R210. EIther zonegroup or us-east-1 as the region for s3 client the request will succeed, so not sure whether it requires to have test cases based on it, If need I can add those as well

I should have been more clear. I am not interested in seeing a unit test. Unit tests cannot show the actual behavior of a running RGW. I want to see the details for creating an end-to-end scenario where there is a failure.

From the discussion linked, it seems that we are be able to induce some failure by setting region to some value other than us-east-1. If changing this value is the only way to induce a failure, then the right solution is probably to ignore the region option in Rook.

In order to determine if we need changes other than removing the value entirely, we want to need to have a failing scenario with region left unspecified (it gets its default value). If we can make this failing scenario, then we need better defaults (but we still may not need the region option).

Once we have better defaults, the question becomes: can we make another failing scenario (internal or external ceph cluster) such that we can't compute the default ourselves? If we can, then users will need an option to override region. If we can't then the updated computation is all we needed, and we can ignore the region setting.

[BlaineEXE]

This documentation for RHCS 3 states that the RGW now uses the terminology "zone-group" instead of "region". https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/3/html/object_gateway_guide_for_red_hat_enterprise_linux/rgw-multisite-rgw

Since Rook now has multisite configs zone/zonegroup/realm, I think we probably no longer need the "realm" option in the OBC storageclass. I think it's probably vestigial. I think that we likely only need to figure out what the zone group is and use that value.

My best guess at what a failing scenario would be is to :

1. Create a ceph cluster (cluster A) with an RGW using a non-"default" zone group
2. Create a Rook cluster in external mode (cluster B) whose CephObjectStore references cluster A, and do not set zone/zonegroup info.

I suspect this scenario will cause a failure because the S3 client in cluster B won't be able to connect properly to the RGW in cluster A since the zone group in cluster A is not "default". (This PR did some related work recently: #9751)

From the information I have, I think the most appropriate fix for this would be to make sure that creating a zone and zone group that reference the external cluster are created in cluster B. And we must also update docs and examples to remove the "realm" config.

@alimaredia has an open PR to better allow configuring zone/zonegroup endpoints for external clusters. I'm not sure if that PR is directly related to this discussion. #9622

@alimaredia does this breakdown make some sense to you?

[thotz]

After discussing with developers from Rook and RGW planning to close this PR infavour of #9906