root@ceph-radosgw:~# radosgw-admin user create --uid="testuser"
--display-name="First User"
{ "user_id": "testuser",
"display_name": "First User",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [],
"keys": [
{ "user": "testuser",
"access_key": "1YKSB0M9BOJZ23BV2VKB",
"secret_key": "JUR2FBZyYbfITVfW+mtcqRzmV879OzSDkIgbjqQi"}],
"swift_keys": [],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"placement_tags": [],
"bucket_quota": { "enabled": false,
"max_size_kb": -1,
"max_objects": -1},
"user_quota": { "enabled": false,
"max_size_kb": -1,
"max_objects": -1},
"temp_url_keys": []}
root@ceph-radosgw:~# radosgw-admin subuser create --uid=testuser
--subuser=testuser:swf0001 --access=full
{ "user_id": "testuser",
"display_name": "First User",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [
{ "id": "testuser:swf0001",
"permissions": "full-control"}],
"keys": [
{ "user": "testuser",
"access_key": "1YKSB0M9BOJZ23BV2VKB",
"secret_key": "JUR2FBZyYbfITVfW+mtcqRzmV879OzSDkIgbjqQi"},
{ "user": "testuser:swf0001",
"access_key": "WL058L93OWMSB3XCM0TJ",
"secret_key": ""}],
"swift_keys": [],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"placement_tags": [],
"bucket_quota": { "enabled": false,
"max_size_kb": -1,
"max_objects": -1},
"user_quota": { "enabled": false,
"max_size_kb": -1,
"max_objects": -1},
"temp_url_keys": []}
root@ceph-radosgw:~# radosgw-admin key create --subuser=testuser:swf0001
--key-type=swift --gen-secret
could not create key: unable to add access key, unable to store user info
2014-08-12 02:21:04.463267 7f64b9e48780 0 WARNING: can't store user info,
swift id () already mapped to another user (testuser)
###
then i use another way to create key for testuser:swf0001 . can not
remove key
####
root@ceph-radosgw:~# radosgw-admin user rm --uid=testuser
root@ceph-radosgw:~# radosgw-admin user create --subuser=testuser:swf0001
--display-name="Test User One" --key-type=swift --access=full
{ "user_id": "testuser",
"display_name": "Test User One",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [],
"keys": [],
"swift_keys": [
{ "user": "testuser:swf0001",
"secret_key": "JOgJ+XKcD68Zozs7v2cAaCorRFnZEBG4SwdUnuo8"}],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"placement_tags": [],
"bucket_quota": { "enabled": false,
"max_size_kb": -1,
"max_objects": -1},
"user_quota": { "enabled": false,
"max_size_kb": -1,
"max_objects": -1},
"temp_url_keys": []}
root@ceph-radosgw:~# radosgw-admin key rm --uid=testuser:swf0001
could not remove key: unable to parse request, user info was not
populated
root@ceph-radosgw:~# radosgw-admin key create --subuser=testuser:swf0001
--key-type=swift --gen-secret
{ "user_id": "testuser",
"display_name": "Test User One",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [],
"keys": [],
"swift_keys": [
{ "user": "testuser:swf0001",
"secret_key": "r4sHbFyF0A5tE1mW+GSMYovwkNdoqS\/nP8rd1UGO"}],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"placement_tags": [],
"bucket_quota": { "enabled": false,
"max_size_kb": -1,
"max_objects": -1},
"user_quota": { "enabled": false,
"max_size_kb": -1,
"max_objects": -1},
"temp_url_keys": []}
2014-08-12 15:52 GMT+07:00 Karan Singh <[email protected]>:
>
> For your item number 3 , can you try :
>
>
> - Removing the keys for sub user ( testuser:swf0001 )
>
>
>
> - Once Key is removed for sub user , try recreating the key [ #
> radosgw-admin key create --subuser=testuser:swf0001 --key-type=swift
> --gen-secret ]
>
>
>
> - Karan -
>
> On 12 Aug 2014, at 11:26, debian Only <[email protected]> wrote:
>
> Dear all
>
> i have meet some issue when access radosgw.
> Fobidden 403 and fail to create subuser key when use radosgw
>
> ceph version 0.80.5(ceph osd, radosgw), OS Wheezy
>
> (1) Reference of installation
> http://ceph.com/docs/master/radosgw/config/#configuring-print-continue
>
> (2) Config File
> root@ceph-radosgw:~# more /etc/ceph/ceph.conf
> [global]
> fsid = ae3da4d2-eef0-47cf-a872-24df8f2c8df4
> mon_initial_members = ceph01-vm
> mon_host = 192.168.123.251
> auth_cluster_required = cephx
> auth_service_required = cephx
> auth_client_required = cephx
> filestore_xattr_use_omap = true
>
> rgw print continue = false
> rgw dns name = ceph-radosgw
> debug rgw = 20
>
>
> [client.radosgw.gateway]
> host = ceph-radosgw
> keyring = /etc/ceph/ceph.client.radosgw.keyring
> rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
> log file = /var/log/ceph/client.radosgw.gateway.log
>
> root@ceph-admin:~# rados lspools
> data
> metadata
> rbd
> testpool
> iscsi
> pool-A
> pool-B
> iscsi_pool
> .rgw.root
> .rgw.control
> .rgw
> .rgw.gc
> .users.uid
> .users
> .users.swift
> .users.email
> .rgw.buckets
> .rgw.buckets.index
> .log
> .intent-log
> .usage
>
> when access radosgw http://192.168.123.191, seam ok
> <ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/
> ">
> <Owner>
> <ID>anonymous</ID>
> <DisplayName/>
> </Owner>
> <Buckets/>
> </ListAllMyBucketsResult>
>
>
> (3) error meet when create radosgw user(swift) and gen-key
>
> root@ceph-radosgw:~# radosgw-admin user create --uid="testuser"
> --display-nameFirst User"
> { "user_id": "testuser",
> "display_name": "First User",
> "email": "",
> "suspended": 0,
> "max_buckets": 1000,
> "auid": 0,
> "subusers": [],
> "keys": [
> { "user": "testuser",
> "access_key": "SU3L3KCDXQ31KJ6BZ04B",
> "secret_key": "nhA2XNsqwJN8bZlkOEd2UyexMADC9THOhc7UmW4l"}],
> "swift_keys": [],
> "caps": [],
> "op_mask": "read, write, delete",
> "default_placement": "",
> "placement_tags": [],
> "bucket_quota": { "enabled": false,
> "max_size_kb": -1,
> "max_objects": -1},
> "user_quota": { "enabled": false,
> "max_size_kb": -1,
> "max_objects": -1},
> "temp_url_keys": []}
> root@ceph-radosgw:~# radosgw-admin usage show --show-log-entries=false
> { "summary": []}root@ceph-radosgw:~# radosgw-admin user create
> --uid="testuser" First User"^Ce="F
> root@ceph-radosgw:~# radosgw-admin subuser create --uid=testuser
> --subuser=testuser:swf0001 --access=full
> { "user_id": "testuser",
> "display_name": "First User",
> "email": "",
> "suspended": 0,
> "max_buckets": 1000,
> "auid": 0,
> "subusers": [
> { "id": "testuser:swf0001",
> "permissions": "full-control"}],
> "keys": [
> { "user": "testuser:swf0001",
> "access_key": "9IN7P6HA6K4JCDO61N67",
> "secret_key": ""},
> { "user": "testuser",
> "access_key": "SU3L3KCDXQ31KJ6BZ04B",
> "secret_key": "nhA2XNsqwJN8bZlkOEd2UyexMADC9THOhc7UmW4l"}],
> "swift_keys": [],
> "caps": [],
> "op_mask": "read, write, delete",
> "default_placement": "",
> "placement_tags": [],
> "bucket_quota": { "enabled": false,
> "max_size_kb": -1,
> "max_objects": -1},
> "user_quota": { "enabled": false,
> "max_size_kb": -1,
> "max_objects": -1},
> "temp_url_keys": []}
> root@ceph-radosgw:~# radosgw-admin key create
> --subuser=testuser:swf0001 --key-type=swift --gen-secret
> could not create key: unable to add access key, unable to store user
> info
> 2014-08-11 19:56:35.834507 7f4c4f1af780 0 WARNING: can't store user
> info, swift id () already mapped to another user (testuser)
>
> (find it maybe bug , http://tracker.ceph.com/issues/9002)
>
>
> root@ceph-radosgw:~# radosgw-admin user create
> --subuser=testuser:swf0001 --display-name="Test User One" --key-type=swift
> --access=full
> could not create user: unable to create user, user: testuser exists
> root@ceph-radosgw:~# radosgw-admin user create
> --subuser=testuser:swf0001 --display-name="Test User One" --key-type=swift
> --access=full
> could not create user: unable to create user, user: testuser exists
> root@ceph-radosgw:~# radosgw-admin user rm --uid=testuser
>
> root@ceph-radosgw:~# radosgw-admin user create
> --subuser=testuser:swf0001 --display-name="Test User One" --key-type=swift
> --access=full
> { "user_id": "testuser",
> "display_name": "Test User One",
> "email": "",
> "suspended": 0,
> "max_buckets": 1000,
> "auid": 0,
> "subusers": [],
> "keys": [],
> "swift_keys": [
> { "user": "testuser:swf0001",
> "secret_key": "W\/zZ8T09VPFoPKxnVAJocsmNALoPxEYPmjOwytCj"}],
> "caps": [],
> "op_mask": "read, write, delete",
> "default_placement": "",
> "placement_tags": [],
> "bucket_quota": { "enabled": false,
> "max_size_kb": -1,
> "max_objects": -1},
> "user_quota": { "enabled": false,
> "max_size_kb": -1,
> "max_objects": -1},
> "temp_url_keys": []}
>
> (4) Fobidden when access radosgw api
>
> root@ceph-radosgw:~# curl -v -i
> http://192.168.123.191/auer:testuser:swf0001"; -H
> "X-Auth-Key:W\/zZ8T09VPFoPKxnVAJocsmNALoPxEYPmjOwytCj"
> * About to connect() to 192.168.123.191 port 80 (#0)
> * Trying 192.168.123.191...
> * Connected to 192.168.123.191 (192.168.123.191) port 80 (#0)
> > GET /auth HTTP/1.1
> > User-Agent: curl/7.29.0
> > Host: 192.168.123.191
> > Accept: */*
> > X-Auth-User:testuser:swf0001
> > X-Auth-Key:W\/zZ8T09VPFoPKxnVAJocsmNALoPxEYPmjOwytCj
> >
> < HTTP/1.1 403 Forbidden
> HTTP/1.1 403 Forbidden
> < Date: Tue, 12 Aug 2014 05:00:11 GMT
> Date: Tue, 12 Aug 2014 05:00:11 GMT
> < Server: Apache/2.2.22 (Debian)
> Server: Apache/2.2.22 (Debian)
> < Accept-Ranges: bytes
> Accept-Ranges: bytes
> < Content-Length: 23
> Content-Length: 23
> < Content-Type: application/json
> Content-Type: application/json
>
> <
> * Connection #0 to host 192.168.123.191 left intact
> {"Code":"AccessDenied"}
>
> (5) rados gw Log and my troubleshooting
>
> 2014-08-11 22:00:11.741947 7f84c1ffb700 20 enqueued request
> req=0x1e73040
> 2014-08-11 22:00:11.741977 7f84c1ffb700 20 RGWWQ:
> 2014-08-11 22:00:11.741990 7f84c1ffb700 20 req: 0x1e73040
> 2014-08-11 22:00:11.742003 7f84c1ffb700 10 allocated request
> req=0x1eaaa80
> 2014-08-11 22:00:11.742035 7f84ad7d2700 20 dequeued request
> req=0x1e73040
> 2014-08-11 22:00:11.742038 7f84ad7d2700 20 RGWWQ: empty
> 2014-08-11 22:00:11.742142 7f84ad7d2700 20 DOCUMENT_ROOT=/var/www
> 2014-08-11 22:00:11.742149 7f84ad7d2700 20 FCGI_ROLE=RESPONDER
> 2014-08-11 22:00:11.742150 7f84ad7d2700 20 GATEWAY_INTERFACE=CGI/1.1
> 2014-08-11 22:00:11.742151 7f84ad7d2700 20 HTTP_ACCEPT=*/*
> 2014-08-11 22:00:11.742152 7f84ad7d2700 20 HTTP_AUTHORIZATION=
> 2014-08-11 22:00:11.742153 7f84ad7d2700 20 HTTP_HOST=192.168.123.191
> 2014-08-11 22:00:11.742154 7f84ad7d2700 20 HTTP_USER_AGENT=curl/7.29.0
> 2014-08-11 22:00:11.742155 7f84ad7d2700 20
> HTTP_X_AUTH_KEY=W\/zZ8T09VPFoPKxnVAJocsmNALoPxEYPmjOwytCj
> 2014-08-11 22:00:11.742156 7f84ad7d2700 20
> HTTP_X_AUTH_USER=testuser:swf0001
> 2014-08-11 22:00:11.742157 7f84ad7d2700 20
> PATH=/usr/local/bin:/usr/bin:/bin
> 2014-08-11 22:00:11.742158 7f84ad7d2700 20 QUERY_STRING=
> 2014-08-11 22:00:11.742159 7f84ad7d2700 20 REMOTE_ADDR=192.168.123.191
> 2014-08-11 22:00:11.742160 7f84ad7d2700 20 REMOTE_PORT=54965
> 2014-08-11 22:00:11.742161 7f84ad7d2700 20 REQUEST_METHOD=GET
> 2014-08-11 22:00:11.742162 7f84ad7d2700 20 REQUEST_URI=/auth
> 2014-08-11 22:00:11.742162 7f84ad7d2700 20
> SCRIPT_FILENAME=/var/www/s3gw.fcgi
> 2014-08-11 22:00:11.742163 7f84ad7d2700 20 SCRIPT_NAME=/auth
> 2014-08-11 22:00:11.742164 7f84ad7d2700 20 SCRIPT_URI=
> http://192.168.123.191/auth
> 2014-08-11 22:00:11.742165 7f84ad7d2700 20 SCRIPT_URL=/auth
> 2014-08-11 22:00:11.742166 7f84ad7d2700 20 SERVER_ADDR=192.168.123.191
> 2014-08-11 22:00:11.742166 7f84ad7d2700 20 SERVER_ADMIN=
> [email protected]
> 2014-08-11 22:00:11.742167 7f84ad7d2700 20 SERVER_NAME=192.168.123.191
> 2014-08-11 22:00:11.742168 7f84ad7d2700 20 SERVER_PORT=80
> 2014-08-11 22:00:11.742169 7f84ad7d2700 20 SERVER_PROTOCOL=HTTP/1.1
> 2014-08-11 22:00:11.742170 7f84ad7d2700 20 SERVER_SIGNATURE=
> 2014-08-11 22:00:11.742170 7f84ad7d2700 20
> SERVER_SOFTWARE=Apache/2.2.22 (Debian)
> 2014-08-11 22:00:11.742172 7f84ad7d2700 1 ====== starting new request
> req=0x1e73040 =====
> 2014-08-11 22:00:11.742222 7f84ad7d2700 2 req 1:0.000051::GET
> /auth::initializing
> 2014-08-11 22:00:11.742236 7f84ad7d2700 10 host=192.168.123.191
> rgw_dns_name=ceph-radosgw
> 2014-08-11 22:00:11.742356 7f84ad7d2700 2 req
> 1:0.000184:swift-auth:GET /auth::getting op
> 2014-08-11 22:00:11.742364 7f84ad7d2700 2 req
> 1:0.000193:swift-auth:GET /auth:swift_auth_get:authorizing
> 2014-08-11 22:00:11.742371 7f84ad7d2700 2 req
> 1:0.000200:swift-auth:GET /auth:swift_auth_get:reading permissions
> 2014-08-11 22:00:11.742374 7f84ad7d2700 2 req
> 1:0.000203:swift-auth:GET /auth:swift_auth_get:init op
> 2014-08-11 22:00:11.742382 7f84ad7d2700 2 req
> 1:0.000211:swift-auth:GET /auth:swift_auth_get:verifying op mask
> 2014-08-11 22:00:11.742390 7f84ad7d2700 20 required_mask= 0
> user.op_mask=7
> 2014-08-11 22:00:11.742392 7f84ad7d2700 2 req
> 1:0.000221:swift-auth:GET /auth:swift_auth_get:verifying op permissions
> 2014-08-11 22:00:11.742395 7f84ad7d2700 2 req
> 1:0.000224:swift-auth:GET /auth:swift_auth_get:verifying op params
> 2014-08-11 22:00:11.742397 7f84ad7d2700 2 req
> 1:0.000226:swift-auth:GET /auth:swift_auth_get:executing
> 2014-08-11 22:00:11.742508 7f84ad7d2700 20 get_obj_state:
> rctx=0x7f84c402ff40 obj=.users.swift:testuser:swf0001 state=0x7f84c4030118
> s->prefetch_data=0
> 2014-08-11 22:00:11.742527 7f84ad7d2700 10 cache get:
> name=.users.swift+testuser:swf0001 : miss
> 2014-08-11 22:00:11.744140 7f84ad7d2700 10 cache put:
> name=.users.swift+testuser:swf0001
> 2014-08-11 22:00:11.744168 7f84ad7d2700 10 adding
> .users.swift+testuser:swf0001 to cache LRU end
> 2014-08-11 22:00:11.744180 7f84ad7d2700 20 get_obj_state: s->obj_tag
> was set empty
> 2014-08-11 22:00:11.744192 7f84ad7d2700 10 cache get:
> name=.users.swift+testuser:swf0001 : type miss (requested=1, cached=6)
> 2014-08-11 22:00:11.744223 7f84ad7d2700 20 get_obj_state:
> rctx=0x7f84c402ff40 obj=.users.swift:testuser:swf0001 state=0x7f84c4030118
> s->prefetch_data=0
> 2014-08-11 22:00:11.744230 7f84ad7d2700 10 cache get:
> name=.users.swift+testuser:swf0001 : hit
> 2014-08-11 22:00:11.744234 7f84ad7d2700 20 get_obj_state: s->obj_tag
> was set empty
> 2014-08-11 22:00:11.744241 7f84ad7d2700 20 get_obj_state:
> rctx=0x7f84c402ff40 obj=.users.swift:testuser:swf0001 state=0x7f84c4030118
> s->prefetch_data=0
> 2014-08-11 22:00:11.744244 7f84ad7d2700 20 state for
> obj=.users.swift:testuser:swf0001 is not atomic, not appending atomic test
> 2014-08-11 22:00:11.744246 7f84ad7d2700 20 rados->read obj-ofs=0
> read_ofs=0 read_len=524288
> 2014-08-11 22:00:11.745424 7f84ad7d2700 20 rados->read r=0 bl.length=12
> 2014-08-11 22:00:11.745450 7f84ad7d2700 10 cache put:
> name=.users.swift+testuser:swf0001
> 2014-08-11 22:00:11.745453 7f84ad7d2700 10 moving
> .users.swift+testuser:swf0001 to cache LRU end
> 2014-08-11 22:00:11.745487 7f84ad7d2700 20 get_obj_state:
> rctx=0x7f84c4023660 obj=.users.uid:testuser state=0x7f84c4030118
> s->prefetch_data=0
> 2014-08-11 22:00:11.745494 7f84ad7d2700 10 cache get:
> name=.users.uid+testuser : miss
> 2014-08-11 22:00:11.746811 7f84ad7d2700 10 cache put:
> name=.users.uid+testuser
> 2014-08-11 22:00:11.746829 7f84ad7d2700 10 adding .users.uid+testuser
> to cache LRU end
> 2014-08-11 22:00:11.746835 7f84ad7d2700 20 get_obj_state: s->obj_tag
> was set empty
> 2014-08-11 22:00:11.746843 7f84ad7d2700 10 cache get:
> name=.users.uid+testuser : type miss (requested=1, cached=6)
> 2014-08-11 22:00:11.746866 7f84ad7d2700 20 get_obj_state:
> rctx=0x7f84c4023660 obj=.users.uid:testuser state=0x7f84c4030118
> s->prefetch_data=0
> 2014-08-11 22:00:11.746872 7f84ad7d2700 10 cache get:
> name=.users.uid+testuser : hit
> 2014-08-11 22:00:11.746876 7f84ad7d2700 20 get_obj_state: s->obj_tag
> was set empty
> 2014-08-11 22:00:11.746878 7f84ad7d2700 20 get_obj_state:
> rctx=0x7f84c4023660 obj=.users.uid:testuser state=0x7f84c4030118
> s->prefetch_data=0
> 2014-08-11 22:00:11.746880 7f84ad7d2700 20 state for
> obj=.users.uid:testuser is not atomic, not appending atomic test
> 2014-08-11 22:00:11.746882 7f84ad7d2700 20 rados->read obj-ofs=0
> read_ofs=0 read_len=524288
> 2014-08-11 22:00:11.748030 7f84ad7d2700 20 rados->read r=0
> bl.length=322
> 2014-08-11 22:00:11.748074 7f84ad7d2700 10 cache put:
> name=.users.uid+testuser
> 2014-08-11 22:00:11.748078 7f84ad7d2700 10 moving .users.uid+testuser
> to cache LRU end
> 2014-08-11 22:00:11.748116 7f84ad7d2700 0 NOTICE:
> RGW_SWIFT_Auth_Get::execute(): bad swift key
> 2014-08-11 22:00:11.748216 7f84ad7d2700 2 req
> 1:0.006044:swift-auth:GET /auth:swift_auth_get:http status=403
> 2014-08-11 22:00:11.748230 7f84ad7d2700 1 ====== req done
> req=0x1e73040 http_status=403 ======
> 2014-08-11 22:00:11.748239 7f84ad7d2700 20 process_request() returned
> -1
>
>
> root@ceph-radosgw:~# radosgw-admin --name client.radosgw.gateway
> metadata list user
> [
> "johndoe",
> "testuser"]
>
> root@ceph-radosgw:~# radosgw-admin zone list
> 2014-08-12 01:22:24.881714 7f216777c700 2
> RGWDataChangesLog::ChangesRenewThread: start
> 2014-08-12 01:22:24.899503 7f21723cf780 20 RGWRados::pool_iterate: got
> default.region
> 2014-08-12 01:22:24.899529 7f21723cf780 20 RGWRados::pool_iterate: got
> region_info.default
> 2014-08-12 01:22:24.947162 7f21723cf780 20 RGWRados::pool_iterate: got
> zone_info.default
> { "zones": [
> "default"]}
>
>
> root@ceph-radosgw:~# radosgw-admin zone get default
> { "domain_root": ".rgw",
> "control_pool": ".rgw.control",
> "gc_pool": ".rgw.gc",
> "log_pool": ".log",
> "intent_log_pool": ".intent-log",
> "usage_log_pool": ".usage",
> "user_keys_pool": ".users",
> "user_email_pool": ".users.email",
> "user_swift_pool": ".users.swift",
> "user_uid_pool": ".users.uid",
> "system_key": { "access_key": "",
> "secret_key": ""},
> "placement_pools": [
> { "key": "default-placement",
> "val": { "index_pool": ".rgw.buckets.index",
> "data_pool": ".rgw.buckets",
> "data_extra_pool": ".rgw.buckets.extra"}}]}
> _______________________________________________
> ceph-users mailing list
> [email protected]
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
>
>
_______________________________________________
ceph-users mailing list
[email protected]
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
