AW: RadosGW S3 Api

[Jäger , Philipp]

Hello,

thank you very very much, it works in general now ☺

Can you say something about how to limit the rights of the user I created like 
in the manual?
We want to create an account, which has no rights to create buckets. cannot 
find a fitting manual for that.

Thank you very much

Regards
Philipp

Von: John Axel Eriksson [mailto:j...@insane.se] 
Gesendet: Donnerstag, 31. Januar 2013 00:11
An: Jäger, Philipp
Cc: Yehuda Sadeh; ceph-devel@vger.kernel.org
Betreff: Re: RadosGW S3 Api

This is the config we're using:

FastCgiExternalServer /tmp/radosgw.fcgi -socket /var/run/ceph/rgw.sock

LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %O \"%{Referer}i\" 
\"%{User-Agent}i\"" proxy_combined
LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" 
\"%{User-Agent}i\"" proxy_debug

<VirtualHost *:443>
  ServerName <ourservername>
  ServerAlias *
  ServerAdmin admin@<ourservername>
  DocumentRoot /var/www

  KeepAlive off

  SSLEngine on
  SSLCertificateFile /etc/apache2/ssl.cert
  SSLCertificateKeyFile /etc/apache2/ssl.key
  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

  RewriteEngine On
  RewriteRule             ^/(.*) /radosgw.fcgi?%{QUERY_STRING} 
[E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

  <IfModule mod_fastcgi.c>
    <Directory /var/www/>
      Options +ExecCGI
      AllowOverride All
      SetHandler fastcgi-script
      Order allow,deny
      Allow from all
      AuthBasicAuthoritative Off
    </Directory>
  </IfModule>

  AllowEncodedSlashes On

  ErrorLog /var/log/apache2/error.log
  CustomLog /var/log/apache2/rgw-access.log proxy_combined
  ServerSignature Off
</VirtualHost>

Hope it helps!

John

On Wed, Jan 30, 2013 at 10:13 AM, Jäger, Philipp <philipp.jae...@cgm.com> wrote:
Yeah, therefore i ask about an example apache config with ssl support, its not 
described in the ceph manual, only you have to active the ssl module, but not 
how the conf must look.
I tested the freeware "s3 browser", but it makes also errors...

Do you somebody know who has knowledge about using radosgw with ssl?


-----Ursprüngliche Nachricht-----
Von: yehud...@gmail.com [mailto:yehud...@gmail.com] Im Auftrag von Yehuda Sadeh
Gesendet: Mittwoch, 30. Januar 2013 18:54
An: Jäger, Philipp
Cc: ceph-devel@vger.kernel.org
Betreff: Re: RadosGW S3 Api

On Wed, Jan 30, 2013 at 9:34 AM, Jäger, Philipp <philipp.jae...@cgm.com> wrote:
> Hello, thanks for the answer.
> I don't know, the programmer say the api (s3 api java) wants to connect per 
> https. When you know a possibility to  (de)actiate ssl, I would be happy you 
> can tell:) than im sure its not a ssl problem.
>
>
> Do you know the error message "peer not authenticated"?
> I think its not a rados error message, because when you google for it, you 
> can see that it's common ssl error in java.

Then it's probably ssl error. Radosgw doesn't generate such an error.

> But it can be an inherited error because of rados misconfiguration I think.
>
>
> How do I know if the gateway can be reached?
> Nothing special in the logs..
>
> Have you looked into the confs in the zip file I added to the mail?

Yeah. there's not much there.

> Im very unsure about the apache ssl configuration, when I set the fastcgi 
> virtual host section also to 443, I get an error message, but I donk think 
> its right to leave it on 80.


> Don't you ever set up radosgw with ssl ?

that's really orthogonal to radosgw, more of the web server (apache) issue.

Try using some out of the box s3 client before using the api to help with 
diagnosing the issue. It looks to me like some issues with your apache 
configuration (ssl, fastcgi).


Yehuda
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

N�����r��y����b�X��ǧv�^�)޺{.n�+���z�]z���{ay�ʇڙ�,j��f���h���z��w���
���j:+v���w�j�m��������zZ+�����ݢj"��!�i