[ceph-users] RadosGW + Keystone = 403 Forbidden

Wed, 24 Sep 2014 04:11:55 -0700 

Hi all,

I want to set-up a RadosGW (Firefly) + Keystone (IceHouse) environment,
but I have a problem I can't solve.

It seems that authentication is OK, user get a token.

But when he wants to create a bucket, he get 403 error.

I have this in RadosGW logs :

2014-09-24 13:02:37.894674 7fd2b6db4700  1 ====== starting new request
req=0x21c1010 =====
2014-09-24 13:02:37.894695 7fd2b6db4700  2 req 1:0.000022::PUT
/myfirstbucket::initializing
2014-09-24 13:02:37.894747 7fd2b6db4700 10 s->object=<NULL>
s->bucket=myfirstbucket
2014-09-24 13:02:37.894755 7fd2b6db4700  2 req 1:0.000082:s3:PUT
/myfirstbucket::getting op
2014-09-24 13:02:37.894760 7fd2b6db4700  2 req 1:0.000087:s3:PUT
/myfirstbucket:create_bucket:authorizing
2014-09-24 13:02:37.894769 7fd2b6db4700  2 req 1:0.000096:s3:PUT
/myfirstbucket:create_bucket:reading permissions
2014-09-24 13:02:37.894771 7fd2b6db4700  2 req 1:0.000098:s3:PUT
/myfirstbucket:create_bucket:init op
2014-09-24 13:02:37.894773 7fd2b6db4700  2 req 1:0.000100:s3:PUT
/myfirstbucket:create_bucket:verifying op mask
2014-09-24 13:02:37.894776 7fd2b6db4700 20 required_mask= 2 user.op_mask=7
2014-09-24 13:02:37.894777 7fd2b6db4700  2 req 1:0.000104:s3:PUT
/myfirstbucket:create_bucket:verifying op permissions
2014-09-24 13:02:37.894816 7fd2b6db4700  2 req 1:0.000143:s3:PUT
/myfirstbucket:create_bucket:http status=403
2014-09-24 13:02:37.894818 7fd2b6db4700  1 ====== req done req=0x21c1010
http_status=403 ======
2014-09-24 13:02:37.894827 7fd2b6db4700 20 process_request() returned -13


And nothing in Keystone logs.

What could be the problem ?

Here is my ceph.conf config of RadosGW :

[client.radosgw.test1]
        host = radosgw-test1
        keyring = /etc/ceph/keyring.radosgw.test1
        rgw socket path = /tmp/radosgw.sock
        log file = /var/log/ceph/radosgw.log
        rgw print continue = false
        debug rgw = 20
        rgw keystone url =  http://10.111.31.11:35357
        rgw keystone admin token = ADMIN
        rgw keystone accepted roles = swiftUsers, admin
        rgw keystone token cache size = 10
        rgw keystone revocation interval = 3600
        rgw s3 auth use keystone = true
        nss db path = /var/lib/ceph/radosgw/ceph-radosgw.test1/nss


Users are not created on RadosGW...

Can someone give me a hint for this ? Thank you a lot.

_______________________________________________
ceph-users mailing list
[email protected]
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Reply via email to