Hi Punit, Le 28 avr. 2014 à 11:55, Punit Dambiwal <[email protected] <mailto:[email protected]>> a écrit :
> Hi Yehuda, > > I am using the same above method to call the api and used the way > which described in the > http://ceph.com/docs/master/radosgw/s3/authentication/#access-control-lists-acls > for connection. The method in the > http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html > is for generating the hash of the header string and secret keys, since > these keys are created already and i think we don't need this method, > right ? No, there are difference between the aws_access_id and aws_secret_key (static, generated by radogw at the user creation) and the AWS Authentication header, which is dynamic. As of my understanding, the AWS signature header need to be regularly generated because of the parts it embeds, plus the time expiration period. I think you can safely regenerate the AWS Auth signature for each request. Cheers > I also tried one function to list out the bucket data as like > > curl -i 'http://gateway.3linux.com/test?format=json' -X GET -H > 'Authorization: AWS > KGXJJGKDM5G7G4CNKC7R:LC7S0twZdhtXA1XxthfMDsj5TgJpeKhZrloWa9WN' -H > 'Host: gateway.3linux.com <http://gateway.3linux.com>' -H 'Date: Mon, > 28 April 2014 07:25:00 GMT ' -H 'Content-Length: 0' > > but its also getting the access denied error. But i can view the > bucket details by directly entering > http://gateway.3linux.com/test?format=json in the browser. What do you > think ? what may be the reason ? I am able to connect and list buckets > etc using cyberduck ftp clients these access keys but unable to do > with the function calls. > > > > > On Sat, Apr 26, 2014 at 12:22 AM, Yehuda Sadeh <[email protected] > <mailto:[email protected]>> wrote: > > On Fri, Apr 25, 2014 at 1:03 AM, Punit Dambiwal <[email protected] > <mailto:[email protected]>> wrote: > > Hi Yehuda, > > > > Thanks for your help...that missing date error gone but still i > am getting > > the access denied error :- > > > > ----------------------------- > > 2014-04-25 15:52:56.988025 7f00d37c6700 1 ====== starting new > request > > req=0x237a090 ===== > > 2014-04-25 15:52:56.988072 7f00d37c6700 2 req 24:0.000046::GET > > /admin/usage::initializing > > 2014-04-25 15:52:56.988077 7f00d37c6700 10 > host=gateway.3linux.com <http://gateway.3linux.com> > > rgw_dns_name=gateway.3linux.com <http://gateway.3linux.com> > > 2014-04-25 15:52:56.988102 7f00d37c6700 20 FCGI_ROLE=RESPONDER > > 2014-04-25 15:52:56.988103 7f00d37c6700 20 SCRIPT_URL=/admin/usage > > 2014-04-25 15:52:56.988104 7f00d37c6700 20 > > SCRIPT_URI=http://gateway.3linux.com/admin/usage > > 2014-04-25 15:52:56.988105 7f00d37c6700 20 HTTP_AUTHORIZATION=AWS > > KGXJJGKDM5G7G4CNKC7R:LC7S0twZdhtXA1XxthfMDsj5TgJpeKhZrloWa9WN > > 2014-04-25 15:52:56.988107 7f00d37c6700 20 > HTTP_USER_AGENT=curl/7.22.0 > > (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 > <http://1.2.3.4> libidn/1.23 > > librtmp/2.3 > > 2014-04-25 15:52:56.988108 7f00d37c6700 20 HTTP_ACCEPT=*/* > > 2014-04-25 15:52:56.988109 7f00d37c6700 20 > HTTP_HOST=gateway.3linux.com <http://gateway.3linux.com> > > 2014-04-25 15:52:56.988110 7f00d37c6700 20 HTTP_DATE=Fri, 25 > April 2014 > > 07:50:00 GMT > > 2014-04-25 15:52:56.988111 7f00d37c6700 20 CONTENT_LENGTH=0 > > 2014-04-25 15:52:56.988112 7f00d37c6700 20 > PATH=/usr/local/bin:/usr/bin:/bin > > 2014-04-25 15:52:56.988113 7f00d37c6700 20 SERVER_SIGNATURE= > > 2014-04-25 15:52:56.988114 7f00d37c6700 20 > SERVER_SOFTWARE=Apache/2.2.22 > > (Ubuntu) > > 2014-04-25 15:52:56.988115 7f00d37c6700 20 > SERVER_NAME=gateway.3linux.com <http://gateway.3linux.com> > > 2014-04-25 15:52:56.988116 7f00d37c6700 20 SERVER_ADDR=117.18.79.110 > > 2014-04-25 15:52:56.988117 7f00d37c6700 20 SERVER_PORT=80 > > 2014-04-25 15:52:56.988117 7f00d37c6700 20 > REMOTE_ADDR=122.166.115.191 > > 2014-04-25 15:52:56.988118 7f00d37c6700 20 DOCUMENT_ROOT=/var/www > > 2014-04-25 15:52:56.988119 7f00d37c6700 20 > [email protected] <mailto:[email protected]> > > 2014-04-25 15:52:56.988120 7f00d37c6700 20 > > SCRIPT_FILENAME=/var/www/s3gw.fcgi > > 2014-04-25 15:52:56.988120 7f00d37c6700 20 REMOTE_PORT=28840 > > 2014-04-25 15:52:56.988121 7f00d37c6700 20 GATEWAY_INTERFACE=CGI/1.1 > > 2014-04-25 15:52:56.988122 7f00d37c6700 20 SERVER_PROTOCOL=HTTP/1.1 > > 2014-04-25 15:52:56.988123 7f00d37c6700 20 REQUEST_METHOD=GET > > 2014-04-25 15:52:56.988123 7f00d37c6700 20 > > QUERY_STRING=page=admin¶ms=/usage&format=json > > 2014-04-25 15:52:56.988124 7f00d37c6700 20 > > REQUEST_URI=/admin/usage?format=json > > 2014-04-25 15:52:56.988125 7f00d37c6700 20 SCRIPT_NAME=/admin/usage > > 2014-04-25 15:52:56.988126 7f00d37c6700 2 req 24:0.000101::GET > > /admin/usage::getting op > > 2014-04-25 15:52:56.988129 7f00d37c6700 2 req 24:0.000104::GET > > /admin/usage:get_usage:authorizing > > 2014-04-25 15:52:56.988141 7f00d37c6700 20 get_obj_state: > > rctx=0x7effbc004aa0 obj=.users:KGXJJGKDM5G7G4CNKC7R > state=0x7effbc00e718 > > s->prefetch_data=0 > > 2014-04-25 15:52:56.988148 7f00d37c6700 10 moving > > .users+KGXJJGKDM5G7G4CNKC7R to cache LRU end > > 2014-04-25 15:52:56.988150 7f00d37c6700 10 cache get: > > name=.users+KGXJJGKDM5G7G4CNKC7R : hit > > 2014-04-25 15:52:56.988155 7f00d37c6700 20 get_obj_state: > s->obj_tag was set > > empty > > 2014-04-25 15:52:56.988160 7f00d37c6700 10 moving > > .users+KGXJJGKDM5G7G4CNKC7R to cache LRU end > > 2014-04-25 15:52:56.988161 7f00d37c6700 10 cache get: > > name=.users+KGXJJGKDM5G7G4CNKC7R : hit > > 2014-04-25 15:52:56.988179 7f00d37c6700 20 get_obj_state: > > rctx=0x7effbc001ce0 obj=.users.uid:admin state=0x7effbc00ec58 > > s->prefetch_data=0 > > 2014-04-25 15:52:56.988185 7f00d37c6700 10 moving > .users.uid+admin to cache > > LRU end > > 2014-04-25 15:52:56.988186 7f00d37c6700 10 cache get: > name=.users.uid+admin > > : hit > > 2014-04-25 15:52:56.988190 7f00d37c6700 20 get_obj_state: > s->obj_tag was set > > empty > > 2014-04-25 15:52:56.988193 7f00d37c6700 10 moving > .users.uid+admin to cache > > LRU end > > 2014-04-25 15:52:56.988195 7f00d37c6700 10 cache get: > name=.users.uid+admin > > : hit > > 2014-04-25 15:52:56.988236 7f00d37c6700 10 get_canon_resource(): > > dest=/admin/usage > > 2014-04-25 15:52:56.988239 7f00d37c6700 10 auth_hdr: > > GET > > > > > > Fri, 25 April 2014 07:50:00 GMT > > /admin/usage > > 2014-04-25 15:52:56.988325 7f00d37c6700 15 calculated > > digest=nLKirQEEPeSS0Lzvr52NAB2phpA= > > 2014-04-25 15:52:56.988329 7f00d37c6700 15 > > auth_sign=LC7S0twZdhtXA1XxthfMDsj5TgJpeKhZrloWa9WN > > 2014-04-25 15:52:56.988330 7f00d37c6700 15 compare=-34 > > > Still signing issues. If you're manually constructing the auth header > you need to make it look like the above (copy pasted here): > > > 2014-04-25 15:52:56.988239 7f00d37c6700 10 auth_hdr: > > GET > > > > > > Fri, 25 April 2014 07:50:00 GMT > > /admin/usage > > Then you need to run hmac-sha1 on it, as described here: > > http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html > > If you have any backslash in the key then you need to remove it, it's > just an escape character for representing slashes in json. > > Yehuda > > > _______________________________________________ > ceph-users mailing list > [email protected] <mailto:[email protected]> > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
_______________________________________________ ceph-users mailing list [email protected] http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
