Cedric,
I created this user as described on the official document
$ sudo radosgw-admin subuser create --uid=johndoe --subuser=johndoe:swift
--access=full
The subuser seems to have a full permission.
$ radosgw-admin user info --uid=admin
....
"swift_keys": [
{ "user": "admin:swift",
"secret_key": "RnelTPTJGc4rt6LlRjF4AnxfJhrLvu4J6+PTUl+s"}],
ps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"placement_tags": [],
"bucket_quota": { "enabled": false,
"max_size_kb": -1,
"max_objects": -1}}
Thank you for your help anyway,
Seowon
--
Seowon Jung
Systems Administrator
College of Education
University of Hawaii at Manoa
(808) 956-7939
On Mon, Apr 28, 2014 at 12:12 PM, Cedric Lemarchand <[email protected]>wrote:
> Hello,
>
> Le 28/04/2014 23:29, Seowon Jung a écrit :
>
> Thank you so much for your quick reply. I created a subuser for Swift,
> but it got the authorization error. Is it related to the same problem?
>
> In the way bucket access via subdomain is specific to S3 and you are now
> using Swift, I don't think so.
>
> $ swift --verbose -V 1.0 -A http://lab0.coe.hawaii.edu/auth -U
> admin:swift -K RnelTPTJGc4rt6LlRjF4AnxfJhrLvu4J6+PTUl+s post test
> Container PUT failed: http://lab0.coe.hawaii.edu:80/swift/v1/test 401
> Authorization Required AccessDenied
>
> I would first try to check if the subuser has rights to create a bucket.
> ("permissions" field)
>
> Cheers
>
>
> Thank you!
>
> --
> Seowon Jung
> Systems Administrator
>
> College of Education
> University of Hawaii at Manoa
> (808) 956-7939
>
>
> On Mon, Apr 28, 2014 at 11:10 AM, Yehuda Sadeh <[email protected]> wrote:
>
>> This could happen if your client is uses the bucket through subdomain
>> scheme, but the rgw is not resolving it correctly (either rgw_dns_name is
>> misconfigured, or you were accessing it through different host name).
>>
>> Yehuda
>>
>>
>> On Mon, Apr 28, 2014 at 2:02 PM, Seowon Jung <[email protected]> wrote:
>>
>>> Hello,
>>>
>>> I've installed Ceph Emperor on my Ubuntu 12.04 server to test many
>>> things. Everything was pretty good so far, but now I got a problem (403,
>>> AccessDenied) when I try to create a bucket through S3-compatible API.
>>> Please read the following information.
>>>
>>> *Client Information*
>>> Computer: Ubuntu 12.04 64bit Desktop
>>> S3 Client: Dragon Disk 1.05
>>>
>>>
>>> *Server Information*
>>> Server Hardware: 2 servers, 2 storage array (12 OSDs each, total 24 OSDs)
>>> OS: Ubuntu 12.04 64bit
>>> Ceph: Emperor, Health OK, all OSDs UP
>>>
>>>
>>> *Configurations:*
>>>
>>> ceph.conf
>>> [global]
>>> fsid = 2606e43d-6ca3-4aeb-b760-507a97e06190
>>> mon_initial_members = lab0, lab1
>>> mon_host = 172.17.1.250,172.17.1.251
>>> auth_cluster_required = cephx
>>> auth_service_required = cephx
>>> auth_client_required = cephx
>>> filestore_xattr_use_omap = true
>>> osd_max_attr_size = 655360
>>> osd pool default size = 3
>>> osd pool default min size = 1
>>> osd pool default pg num = 800
>>> osd pool default pgp num = 800
>>>
>>> [client.radosgw.gateway]
>>> host = lab0
>>> keyring = /etc/ceph/keyring.radosgw.gateway
>>> rgw socket path = /tmp/radosgw.sock
>>> log file = /var/log/ceph/radosgw.log
>>> rgw data = /var/lib/ceph/radosgw
>>> rgw dns name = lab0.coe.hawaii.edu
>>> rgw print continue = false
>>>
>>>
>>> Apache
>>> /etc/apache2/sites-enabled/rgw
>>> <VirtualHost *:80>
>>> FastCgiExternalServer /var/www/s3gw.fcgi -socket /tmp/radosgw.sock
>>> ServerName lab0.coe.hawaii.edu
>>> ServerAdmin webmaster@localhost
>>> DocumentRoot /var/www
>>>
>>> RewriteEngine On
>>> RewriteRule ^/([a-zA-Z0-9-_.]*)([/]?.*)
>>> /s3gw.fcgi?page=$1¶ms=$2&%{QUERY_STRING} [E=HTTP_AUTHORIZATION:%{
>>> HTTP:Authorization},L]
>>>
>>> <IfModule mod_fastcgi.c>
>>> <Directory /var/www/>
>>> Options +ExecCGI
>>> AllowOverride All
>>> SetHandler fastcgi-script
>>> Order allow,deny
>>> allow from all
>>> AuthBasicAuthoritative Off
>>> </Directory>
>>> </IfModule>
>>>
>>> AllowEncodedSlashes On
>>> ErrorLog ${APACHE_LOG_DIR}/error.log
>>> CustomLog ${APACHE_LOG_DIR}/access.log combined
>>> ServerSignature Off
>>> </VirtualHost>
>>>
>>>
>>> User Info:
>>> # radosgw-admin user info --uid=admin
>>> { "user_id": "admin",
>>> "display_name": "Admin",
>>> "email": "",
>>> "suspended": 0,
>>> "max_buckets": 1000,
>>> "auid": 0,
>>> "subusers": [],
>>> "keys": [
>>> { "user": "admin",
>>> "access_key": "A3R0CEF3140MLIZIXN4X",
>>> "secret_key": "K8TRyfK8ArRjGRnSRvd4N5gY4TdeK1wK\/1iGCcGO"}],
>>> "swift_keys": [],
>>> "caps": [],
>>> "op_mask": "read, write, delete",
>>> "default_placement": "",
>>> "placement_tags": [],
>>> "bucket_quota": { "enabled": false,
>>> "max_size_kb": -1,
>>> "max_objects": -1}}
>>>
>>>
>>> /var/log/ceph/radosgw.log:
>>> 2014-04-28 10:44:42.206681 7fc9b9feb700 15 calculated
>>> digest=6JGkEimcy2pBN3Ty6mfYh6SudcA=
>>> 2014-04-28 10:44:42.206685 7fc9b9feb700 15
>>> auth_sign=6JGkEimcy2pBN3Ty6mfYh6SudcA=
>>> 2014-04-28 10:44:42.206686 7fc9b9feb700 15 compare=0
>>> 2014-04-28 10:44:42.206691 7fc9b9feb700 2 req
>>> 20:0.000456:s3:PUT/:create_bucket:reading permissions
>>> 2014-04-28 10:44:42.206697 7fc9b9feb700 2 req
>>> 20:0.000463:s3:PUT/:create_bucket:init op
>>> 2014-04-28 10:44:42.206701 7fc9b9feb700 2 req
>>> 20:0.000467:s3:PUT/:create_bucket:verifying op mask
>>> 2014-04-28 10:44:42.206704 7fc9b9feb700 20 required_mask= 2
>>> user.op_mask=7
>>> 2014-04-28 10:44:42.206706 7fc9b9feb700 2 req
>>> 20:0.000472:s3:PUT/:create_bucket:verifying op permissions
>>> 2014-04-28 10:44:42.209718 7fc9b9feb700 2 req
>>> 20:0.003483:s3:PUT/:create_bucket:verifying op params
>>> 2014-04-28 10:44:42.209742 7fc9b9feb700 2 req
>>> 20:0.003508:s3:PUT/:create_bucket:executing
>>> 2014-04-28 10:44:42.209776 7fc9b9feb700 20 get_obj_state:
>>> rctx=0x7fc928009bd0 obj=.rgw:test state=0x7fc92800cfd8 s->prefetch_data=0
>>> 2014-04-28 10:44:42.209790 7fc9b9feb700 10 moving .rgw+test to cache LRU
>>> end
>>> 2014-04-28 10:44:42.209793 7fc9b9feb700 10 cache get: name=.rgw+test :
>>> type miss (requested=22, cached=0)
>>> 2014-04-28 10:44:42.211397 7fc9b9feb700 10 cache put: name=.rgw+test
>>> 2014-04-28 10:44:42.211417 7fc9b9feb700 10 moving .rgw+test to cache LRU
>>> end
>>> 2014-04-28 10:44:42.212563 7fc9b9feb700 20 rgw_create_bucket returned
>>> ret=-1 bucket=test(@{i=.rgw.buckets.index}.rgw.buckets[default.5154.9])
>>> 2014-04-28 10:44:42.212629 7fc9b9feb700 2 req
>>> 20:0.006394:s3:PUT/:create_bucket:http status=403
>>> 2014-04-28 10:44:42.212749 7fc9b9feb700 1 ====== req done req=0x1f20f30
>>> http_status=403 ======
>>>
>>>
>>> I tried to use the secret key both
>>> K8TRyfK8ArRjGRnSRvd4N5gY4TdeK1wK\/1iGCcGO
>>> and K8TRyfK8ArRjGRnSRvd4N5gY4TdeK1wK/1iGCcGO
>>>
>>> Thank you for your help!
>>> Seowon
>>>
>>> --
>>> Seowon Jung
>>> Systems Administrator
>>>
>>> College of Education
>>> University of Hawaii at Manoa
>>> (808) 956-7939 <%28808%29%20956-7939>
>>>
>>> _______________________________________________
>>> ceph-users mailing list
>>> [email protected]
>>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>>>
>>>
>>
>
>
> _______________________________________________
> ceph-users mailing
> [email protected]http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
>
> --
> Cédric
>
>
> _______________________________________________
> ceph-users mailing list
> [email protected]
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
>
_______________________________________________
ceph-users mailing list
[email protected]
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
