[ceph-users] Re: radosgw SSE-C is not working (InvalidRequest)

Fri, 17 Mar 2023 05:13:51 -0700 

Ha, found the error and now I feel just a tiny bit stupid:
haproxy did not add the X-Forwarded-Proto header.

Am Fr., 17. März 2023 um 12:03 Uhr schrieb Boris Behrens <b...@kervyn.de>:

> Hi,
> I try to evaluate SSE-C (so customer provides keys) for our object
> storages.
> We do not provide a KMS server.
>
> I've added "Access-Control-Allow-Headers" to the haproxy frontend.
> rspadd Access-Control-Allow-Headers...
> x-amz-server-side-encryption-customer-algorithm,\
> x-amz-server-side-encryption-customer-key,\
> x-amz-server-side-encryption-customer-key-MD5
>
> I've also enabled "rgw_trust_forwarded_https = true" in the client
> section in the ceph.conf and restarted the RGW daemons.
>
> I now try to get it working, but I am not sure if I am doing it correctly.
>
> $ encKey=$(openssl rand -base64 32)
> $ md5Key=$(echo $encKey | md5sum | awk '{print $1}' | base64)
> $ aws s3api --endpoint=https://radosgw put-object \
>   --body ~/Downloads/TESTFILE \
>   --bucket test-bb-encryption \
>   --key TESTFILE \
>   --sse-customer-algorithm AES256 \
>   --sse-customer-key $encKey \
>   --sse-customer-key-md5 $md5Key
>
> This is what the RGW log gives me:
> 2023-03-17T10:55:55.465+0000 7f42bbe5f700  1 ====== starting new request
> req=0x7f448c185700 =====
> 2023-03-17T10:55:55.469+0000 7f434df83700  1 ====== req done
> req=0x7f448c185700 op status=-2021 http_status=400 latency=3999985ns ======
> 2023-03-17T10:55:55.469+0000 7f434df83700  1 beast: 0x7f448c185700: IPV6 -
> - [2023-03-17T10:55:55.469539+0000] "PUT /test-bb-encryption/TESTFILE
> HTTP/1.1" 400 221 - "aws-cli/2.4.18 Python/3.9.10 Darwin/22.3.0
> source/x86_64 prompt/off command/s3api.put-object" -
>
> Maybe someone got a wroking example and is willing to share it with me, or
> did also encounter this problem and knows what to do?
>
> It's and octopus cluster.
>
> Cheers
>  Boris
> --
> Die Selbsthilfegruppe "UTF-8-Probleme" trifft sich diesmal abweichend im
> groüen Saal.
>


-- 
Die Selbsthilfegruppe "UTF-8-Probleme" trifft sich diesmal abweichend im
groüen Saal.
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io

Reply via email to