Re: [ceph-users] Radosgw authorization failed
On 31 Mar 2015, at 11:38, Neville neville.tay...@hotmail.co.uk wrote: Date: Mon, 30 Mar 2015 12:17:48 -0400 From: yeh...@redhat.com To: neville.tay...@hotmail.co.uk CC: ceph-users@lists.ceph.com Subject: Re: [ceph-users] Radosgw authorization failed - Original Message - From: Neville neville.tay...@hotmail.co.uk To: Yehuda Sadeh-Weinraub yeh...@redhat.com Cc: ceph-users@lists.ceph.com Sent: Monday, March 30, 2015 6:49:29 AM Subject: Re: [ceph-users] Radosgw authorization failed Date: Wed, 25 Mar 2015 11:43:44 -0400 From: yeh...@redhat.com To: neville.tay...@hotmail.co.uk CC: ceph-users@lists.ceph.com Subject: Re: [ceph-users] Radosgw authorization failed - Original Message - From: Neville neville.tay...@hotmail.co.uk To: ceph-users@lists.ceph.com Sent: Wednesday, March 25, 2015 8:16:39 AM Subject: [ceph-users] Radosgw authorization failed Hi all, I'm testing backup product which supports Amazon S3 as target for Archive storage and I'm trying to setup a Ceph cluster configured with the S3 API to use as an internal target for backup archives instead of AWS. I've followed the online guide for setting up Radosgw and created a default region and zone based on the AWS naming convention US-East-1. I'm not sure if this is relevant but since I was having issues I thought it might need to be the same. I've tested the radosgw using boto.s3 and it seems to work ok i.e. I can create a bucket, create a folder, list buckets etc. The problem is when the backup software tries to create an object I get an authorization failure. It's using the same user/access/secret as I'm using from boto.s3 and I'm sure the creds are right as it lets me create the initial connection, it just fails when trying to create an object (backup folder). Here's the extract from the radosgw log: - 2015-03-25 15:07:26.449227 7f1050dc7700 2 req 5:0.000419:s3:GET /:list_bucket:init op 2015-03-25 15:07:26.449232 7f1050dc7700 2 req 5:0.000424:s3:GET /:list_bucket:verifying op mask 2015-03-25 15:07:26.449234 7f1050dc7700 20 required_mask= 1 user.op_mask=7 2015-03-25 15:07:26.449235 7f1050dc7700 2 req 5:0.000427:s3:GET /:list_bucket:verifying op permissions 2015-03-25 15:07:26.449237 7f1050dc7700 5 Searching permissions for uid=test mask=49 2015-03-25 15:07:26.449238 7f1050dc7700 5 Found permission: 15 2015-03-25 15:07:26.449239 7f1050dc7700 5 Searching permissions for group=1 mask=49 2015-03-25 15:07:26.449240 7f1050dc7700 5 Found permission: 15 2015-03-25 15:07:26.449241 7f1050dc7700 5 Searching permissions for group=2 mask=49 2015-03-25 15:07:26.449242 7f1050dc7700 5 Found permission: 15 2015-03-25 15:07:26.449243 7f1050dc7700 5 Getting permissions id=test owner=test perm=1 2015-03-25 15:07:26.449244 7f1050dc7700 10 uid=test requested perm (type)=1, policy perm=1, user_perm_mask=1, acl perm=1 2015-03-25 15:07:26.449245 7f1050dc7700 2 req 5:0.000437:s3:GET /:list_bucket:verifying op params 2015-03-25 15:07:26.449247 7f1050dc7700 2 req 5:0.000439:s3:GET /:list_bucket:executing 2015-03-25 15:07:26.449252 7f1050dc7700 10 cls_bucket_list test1(@{i=.us-east.rgw.buckets.index}.us-east.rgw.buckets[us-east.280959.2]) start num 1001 2015-03-25 15:07:26.450828 7f1050dc7700 2 req 5:0.002020:s3:GET /:list_bucket:http status=200 2015-03-25 15:07:26.450832 7f1050dc7700 1 == req done req=0x7f107000e2e0 http_status=200 == 2015-03-25 15:07:26.516999 7f1069df9700 20 enqueued request req=0x7f107000f0e0 2015-03-25 15:07:26.517006 7f1069df9700 20 RGWWQ: 2015-03-25 15:07:26.517007 7f1069df9700 20 req: 0x7f107000f0e0 2015-03-25 15:07:26.517010 7f1069df9700 10 allocated request req=0x7f107000f6b0 2015-03-25 15:07:26.517021 7f1058dd7700 20 dequeued request req=0x7f107000f0e0 2015-03-25 15:07:26.517023 7f1058dd7700 20 RGWWQ: empty 2015-03-25 15:07:26.517081 7f1058dd7700 20 CONTENT_LENGTH=88 2015-03-25 15:07:26.517084 7f1058dd7700 20 CONTENT_TYPE=application/octet-stream 2015-03-25 15:07:26.517085 7f1058dd7700 20 CONTEXT_DOCUMENT_ROOT=/var/www 2015-03-25 15:07:26.517086 7f1058dd7700 20 CONTEXT_PREFIX= 2015-03-25 15:07:26.517087 7f1058dd7700 20 DOCUMENT_ROOT=/var/www 2015-03-25 15:07:26.517088 7f1058dd7700 20 FCGI_ROLE=RESPONDER 2015-03-25 15:07:26.517089 7f1058dd7700 20 GATEWAY_INTERFACE=CGI/1.1 2015-03-25 15:07:26.517090 7f1058dd7700 20
Re: [ceph-users] Radosgw authorization failed
- Original Message - From: Neville neville.tay...@hotmail.co.uk To: Yehuda Sadeh-Weinraub yeh...@redhat.com Cc: ceph-users@lists.ceph.com Sent: Wednesday, April 1, 2015 11:45:09 AM Subject: Re: [ceph-users] Radosgw authorization failed On 31 Mar 2015, at 11:38, Neville neville.tay...@hotmail.co.uk wrote: Date: Mon, 30 Mar 2015 12:17:48 -0400 From: yeh...@redhat.com To: neville.tay...@hotmail.co.uk CC: ceph-users@lists.ceph.com Subject: Re: [ceph-users] Radosgw authorization failed - Original Message - From: Neville neville.tay...@hotmail.co.uk To: Yehuda Sadeh-Weinraub yeh...@redhat.com Cc: ceph-users@lists.ceph.com Sent: Monday, March 30, 2015 6:49:29 AM Subject: Re: [ceph-users] Radosgw authorization failed Date: Wed, 25 Mar 2015 11:43:44 -0400 From: yeh...@redhat.com To: neville.tay...@hotmail.co.uk CC: ceph-users@lists.ceph.com Subject: Re: [ceph-users] Radosgw authorization failed - Original Message - From: Neville neville.tay...@hotmail.co.uk To: ceph-users@lists.ceph.com Sent: Wednesday, March 25, 2015 8:16:39 AM Subject: [ceph-users] Radosgw authorization failed Hi all, I'm testing backup product which supports Amazon S3 as target for Archive storage and I'm trying to setup a Ceph cluster configured with the S3 API to use as an internal target for backup archives instead of AWS. I've followed the online guide for setting up Radosgw and created a default region and zone based on the AWS naming convention US-East-1. I'm not sure if this is relevant but since I was having issues I thought it might need to be the same. I've tested the radosgw using boto.s3 and it seems to work ok i.e. I can create a bucket, create a folder, list buckets etc. The problem is when the backup software tries to create an object I get an authorization failure. It's using the same user/access/secret as I'm using from boto.s3 and I'm sure the creds are right as it lets me create the initial connection, it just fails when trying to create an object (backup folder). Here's the extract from the radosgw log: - 2015-03-25 15:07:26.449227 7f1050dc7700 2 req 5:0.000419:s3:GET /:list_bucket:init op 2015-03-25 15:07:26.449232 7f1050dc7700 2 req 5:0.000424:s3:GET /:list_bucket:verifying op mask 2015-03-25 15:07:26.449234 7f1050dc7700 20 required_mask= 1 user.op_mask=7 2015-03-25 15:07:26.449235 7f1050dc7700 2 req 5:0.000427:s3:GET /:list_bucket:verifying op permissions 2015-03-25 15:07:26.449237 7f1050dc7700 5 Searching permissions for uid=test mask=49 2015-03-25 15:07:26.449238 7f1050dc7700 5 Found permission: 15 2015-03-25 15:07:26.449239 7f1050dc7700 5 Searching permissions for group=1 mask=49 2015-03-25 15:07:26.449240 7f1050dc7700 5 Found permission: 15 2015-03-25 15:07:26.449241 7f1050dc7700 5 Searching permissions for group=2 mask=49 2015-03-25 15:07:26.449242 7f1050dc7700 5 Found permission: 15 2015-03-25 15:07:26.449243 7f1050dc7700 5 Getting permissions id=test owner=test perm=1 2015-03-25 15:07:26.449244 7f1050dc7700 10 uid=test requested perm (type)=1, policy perm=1, user_perm_mask=1, acl perm=1 2015-03-25 15:07:26.449245 7f1050dc7700 2 req 5:0.000437:s3:GET /:list_bucket:verifying op params 2015-03-25 15:07:26.449247 7f1050dc7700 2 req 5:0.000439:s3:GET /:list_bucket:executing 2015-03-25 15:07:26.449252 7f1050dc7700 10 cls_bucket_list test1(@{i=.us-east.rgw.buckets.index}.us-east.rgw.buckets[us-east.280959.2]) start num 1001 2015-03-25 15:07:26.450828 7f1050dc7700 2 req 5:0.002020:s3:GET /:list_bucket:http status=200 2015-03-25 15:07:26.450832 7f1050dc7700 1 == req done req=0x7f107000e2e0 http_status=200 == 2015-03-25 15:07:26.516999 7f1069df9700 20 enqueued request req=0x7f107000f0e0 2015-03-25 15:07:26.517006 7f1069df9700 20 RGWWQ: 2015-03-25 15:07:26.517007 7f1069df9700 20 req: 0x7f107000f0e0 2015-03-25 15:07:26.517010 7f1069df9700 10 allocated request req=0x7f107000f6b0 2015-03-25 15:07:26.517021 7f1058dd7700 20 dequeued request req=0x7f107000f0e0 2015-03-25 15:07:26.517023 7f1058dd7700 20 RGWWQ: empty 2015-03-25 15:07:26.517081 7f1058dd7700 20 CONTENT_LENGTH=88 2015-03-25 15:07:26.517084 7f1058dd7700 20 CONTENT_TYPE=application/octet-stream 2015-03-25 15:07:26.517085
Re: [ceph-users] Radosgw authorization failed
Date: Mon, 30 Mar 2015 12:17:48 -0400 From: yeh...@redhat.com To: neville.tay...@hotmail.co.uk CC: ceph-users@lists.ceph.com Subject: Re: [ceph-users] Radosgw authorization failed - Original Message - From: Neville neville.tay...@hotmail.co.uk To: Yehuda Sadeh-Weinraub yeh...@redhat.com Cc: ceph-users@lists.ceph.com Sent: Monday, March 30, 2015 6:49:29 AM Subject: Re: [ceph-users] Radosgw authorization failed Date: Wed, 25 Mar 2015 11:43:44 -0400 From: yeh...@redhat.com To: neville.tay...@hotmail.co.uk CC: ceph-users@lists.ceph.com Subject: Re: [ceph-users] Radosgw authorization failed - Original Message - From: Neville neville.tay...@hotmail.co.uk To: ceph-users@lists.ceph.com Sent: Wednesday, March 25, 2015 8:16:39 AM Subject: [ceph-users] Radosgw authorization failed Hi all, I'm testing backup product which supports Amazon S3 as target for Archive storage and I'm trying to setup a Ceph cluster configured with the S3 API to use as an internal target for backup archives instead of AWS. I've followed the online guide for setting up Radosgw and created a default region and zone based on the AWS naming convention US-East-1. I'm not sure if this is relevant but since I was having issues I thought it might need to be the same. I've tested the radosgw using boto.s3 and it seems to work ok i.e. I can create a bucket, create a folder, list buckets etc. The problem is when the backup software tries to create an object I get an authorization failure. It's using the same user/access/secret as I'm using from boto.s3 and I'm sure the creds are right as it lets me create the initial connection, it just fails when trying to create an object (backup folder). Here's the extract from the radosgw log: - 2015-03-25 15:07:26.449227 7f1050dc7700 2 req 5:0.000419:s3:GET /:list_bucket:init op 2015-03-25 15:07:26.449232 7f1050dc7700 2 req 5:0.000424:s3:GET /:list_bucket:verifying op mask 2015-03-25 15:07:26.449234 7f1050dc7700 20 required_mask= 1 user.op_mask=7 2015-03-25 15:07:26.449235 7f1050dc7700 2 req 5:0.000427:s3:GET /:list_bucket:verifying op permissions 2015-03-25 15:07:26.449237 7f1050dc7700 5 Searching permissions for uid=test mask=49 2015-03-25 15:07:26.449238 7f1050dc7700 5 Found permission: 15 2015-03-25 15:07:26.449239 7f1050dc7700 5 Searching permissions for group=1 mask=49 2015-03-25 15:07:26.449240 7f1050dc7700 5 Found permission: 15 2015-03-25 15:07:26.449241 7f1050dc7700 5 Searching permissions for group=2 mask=49 2015-03-25 15:07:26.449242 7f1050dc7700 5 Found permission: 15 2015-03-25 15:07:26.449243 7f1050dc7700 5 Getting permissions id=test owner=test perm=1 2015-03-25 15:07:26.449244 7f1050dc7700 10 uid=test requested perm (type)=1, policy perm=1, user_perm_mask=1, acl perm=1 2015-03-25 15:07:26.449245 7f1050dc7700 2 req 5:0.000437:s3:GET /:list_bucket:verifying op params 2015-03-25 15:07:26.449247 7f1050dc7700 2 req 5:0.000439:s3:GET /:list_bucket:executing 2015-03-25 15:07:26.449252 7f1050dc7700 10 cls_bucket_list test1(@{i=.us-east.rgw.buckets.index}.us-east.rgw.buckets[us-east.280959.2]) start num 1001 2015-03-25 15:07:26.450828 7f1050dc7700 2 req 5:0.002020:s3:GET /:list_bucket:http status=200 2015-03-25 15:07:26.450832 7f1050dc7700 1 == req done req=0x7f107000e2e0 http_status=200 == 2015-03-25 15:07:26.516999 7f1069df9700 20 enqueued request req=0x7f107000f0e0 2015-03-25 15:07:26.517006 7f1069df9700 20 RGWWQ: 2015-03-25 15:07:26.517007 7f1069df9700 20 req: 0x7f107000f0e0 2015-03-25 15:07:26.517010 7f1069df9700 10 allocated request req=0x7f107000f6b0 2015-03-25 15:07:26.517021 7f1058dd7700 20 dequeued request req=0x7f107000f0e0 2015-03-25 15:07:26.517023 7f1058dd7700 20 RGWWQ: empty 2015-03-25 15:07:26.517081 7f1058dd7700 20 CONTENT_LENGTH=88 2015-03-25 15:07:26.517084 7f1058dd7700 20 CONTENT_TYPE=application/octet-stream 2015-03-25 15:07:26.517085 7f1058dd7700 20 CONTEXT_DOCUMENT_ROOT=/var/www 2015-03-25 15:07:26.517086 7f1058dd7700 20 CONTEXT_PREFIX= 2015-03-25 15:07:26.517087 7f1058dd7700 20 DOCUMENT_ROOT=/var/www 2015-03-25 15:07:26.517088 7f1058dd7700 20 FCGI_ROLE=RESPONDER 2015-03-25 15:07:26.517089 7f1058dd7700 20 GATEWAY_INTERFACE=CGI/1.1 2015-03-25 15:07:26.517090 7f1058dd7700 20 HTTP_AUTHORIZATION=AWS F79L68W19B3GCLOSE3F8:AcXqtvlBzBMpwdL+WuhDRoLT/Bs= 2015-03-25 15:07:26.517091 7f1058dd7700 20 HTTP_CONNECTION=Keep-Alive 2015-03-25 15:07:26.517092 7f1058dd7700 20 HTTP_DATE=Wed, 25 Mar 2015
Re: [ceph-users] Radosgw authorization failed
Date: Wed, 25 Mar 2015 11:43:44 -0400 From: yeh...@redhat.com To: neville.tay...@hotmail.co.uk CC: ceph-users@lists.ceph.com Subject: Re: [ceph-users] Radosgw authorization failed - Original Message - From: Neville neville.tay...@hotmail.co.uk To: ceph-users@lists.ceph.com Sent: Wednesday, March 25, 2015 8:16:39 AM Subject: [ceph-users] Radosgw authorization failed Hi all, I'm testing backup product which supports Amazon S3 as target for Archive storage and I'm trying to setup a Ceph cluster configured with the S3 API to use as an internal target for backup archives instead of AWS. I've followed the online guide for setting up Radosgw and created a default region and zone based on the AWS naming convention US-East-1. I'm not sure if this is relevant but since I was having issues I thought it might need to be the same. I've tested the radosgw using boto.s3 and it seems to work ok i.e. I can create a bucket, create a folder, list buckets etc. The problem is when the backup software tries to create an object I get an authorization failure. It's using the same user/access/secret as I'm using from boto.s3 and I'm sure the creds are right as it lets me create the initial connection, it just fails when trying to create an object (backup folder). Here's the extract from the radosgw log: - 2015-03-25 15:07:26.449227 7f1050dc7700 2 req 5:0.000419:s3:GET /:list_bucket:init op 2015-03-25 15:07:26.449232 7f1050dc7700 2 req 5:0.000424:s3:GET /:list_bucket:verifying op mask 2015-03-25 15:07:26.449234 7f1050dc7700 20 required_mask= 1 user.op_mask=7 2015-03-25 15:07:26.449235 7f1050dc7700 2 req 5:0.000427:s3:GET /:list_bucket:verifying op permissions 2015-03-25 15:07:26.449237 7f1050dc7700 5 Searching permissions for uid=test mask=49 2015-03-25 15:07:26.449238 7f1050dc7700 5 Found permission: 15 2015-03-25 15:07:26.449239 7f1050dc7700 5 Searching permissions for group=1 mask=49 2015-03-25 15:07:26.449240 7f1050dc7700 5 Found permission: 15 2015-03-25 15:07:26.449241 7f1050dc7700 5 Searching permissions for group=2 mask=49 2015-03-25 15:07:26.449242 7f1050dc7700 5 Found permission: 15 2015-03-25 15:07:26.449243 7f1050dc7700 5 Getting permissions id=test owner=test perm=1 2015-03-25 15:07:26.449244 7f1050dc7700 10 uid=test requested perm (type)=1, policy perm=1, user_perm_mask=1, acl perm=1 2015-03-25 15:07:26.449245 7f1050dc7700 2 req 5:0.000437:s3:GET /:list_bucket:verifying op params 2015-03-25 15:07:26.449247 7f1050dc7700 2 req 5:0.000439:s3:GET /:list_bucket:executing 2015-03-25 15:07:26.449252 7f1050dc7700 10 cls_bucket_list test1(@{i=.us-east.rgw.buckets.index}.us-east.rgw.buckets[us-east.280959.2]) start num 1001 2015-03-25 15:07:26.450828 7f1050dc7700 2 req 5:0.002020:s3:GET /:list_bucket:http status=200 2015-03-25 15:07:26.450832 7f1050dc7700 1 == req done req=0x7f107000e2e0 http_status=200 == 2015-03-25 15:07:26.516999 7f1069df9700 20 enqueued request req=0x7f107000f0e0 2015-03-25 15:07:26.517006 7f1069df9700 20 RGWWQ: 2015-03-25 15:07:26.517007 7f1069df9700 20 req: 0x7f107000f0e0 2015-03-25 15:07:26.517010 7f1069df9700 10 allocated request req=0x7f107000f6b0 2015-03-25 15:07:26.517021 7f1058dd7700 20 dequeued request req=0x7f107000f0e0 2015-03-25 15:07:26.517023 7f1058dd7700 20 RGWWQ: empty 2015-03-25 15:07:26.517081 7f1058dd7700 20 CONTENT_LENGTH=88 2015-03-25 15:07:26.517084 7f1058dd7700 20 CONTENT_TYPE=application/octet-stream 2015-03-25 15:07:26.517085 7f1058dd7700 20 CONTEXT_DOCUMENT_ROOT=/var/www 2015-03-25 15:07:26.517086 7f1058dd7700 20 CONTEXT_PREFIX= 2015-03-25 15:07:26.517087 7f1058dd7700 20 DOCUMENT_ROOT=/var/www 2015-03-25 15:07:26.517088 7f1058dd7700 20 FCGI_ROLE=RESPONDER 2015-03-25 15:07:26.517089 7f1058dd7700 20 GATEWAY_INTERFACE=CGI/1.1 2015-03-25 15:07:26.517090 7f1058dd7700 20 HTTP_AUTHORIZATION=AWS F79L68W19B3GCLOSE3F8:AcXqtvlBzBMpwdL+WuhDRoLT/Bs= 2015-03-25 15:07:26.517091 7f1058dd7700 20 HTTP_CONNECTION=Keep-Alive 2015-03-25 15:07:26.517092 7f1058dd7700 20 HTTP_DATE=Wed, 25 Mar 2015 15:07:26 GMT 2015-03-25 15:07:26.517092 7f1058dd7700 20 HTTP_EXPECT=100-continue 2015-03-25 15:07:26.517093 7f1058dd7700 20 HTTP_HOST=test1.devops-os-cog01.devops.local 2015-03-25 15:07:26.517094 7f1058dd7700 20 HTTP_USER_AGENT=aws-sdk-java/unknown-version Windows_Server_2008_R2/6.1 Java_HotSpot(TM)_Client_VM/24.55-b03 2015-03-25 15:07:26.517096 7f1058dd7700 20 HTTP_X_AMZ_META_CREATIONTIME=2015-03-25T15:07:26 2015-03-25 15:07:26.517097 7f1058dd7700 20 HTTP_X_AMZ_META_SIZE=88 2015-03-25 15:07:26.517098 7f1058dd7700 20 HTTP_X_AMZ_STORAGE_CLASS=STANDARD 2015-03-25 15:07:26.517099 7f1058dd7700 20 HTTPS=on 2015-03-25 15:07:26.517100 7f1058dd7700 20 PATH=/usr
Re: [ceph-users] Radosgw authorization failed
- Original Message - From: Neville neville.tay...@hotmail.co.uk To: Yehuda Sadeh-Weinraub yeh...@redhat.com Cc: ceph-users@lists.ceph.com Sent: Monday, March 30, 2015 6:49:29 AM Subject: Re: [ceph-users] Radosgw authorization failed Date: Wed, 25 Mar 2015 11:43:44 -0400 From: yeh...@redhat.com To: neville.tay...@hotmail.co.uk CC: ceph-users@lists.ceph.com Subject: Re: [ceph-users] Radosgw authorization failed - Original Message - From: Neville neville.tay...@hotmail.co.uk To: ceph-users@lists.ceph.com Sent: Wednesday, March 25, 2015 8:16:39 AM Subject: [ceph-users] Radosgw authorization failed Hi all, I'm testing backup product which supports Amazon S3 as target for Archive storage and I'm trying to setup a Ceph cluster configured with the S3 API to use as an internal target for backup archives instead of AWS. I've followed the online guide for setting up Radosgw and created a default region and zone based on the AWS naming convention US-East-1. I'm not sure if this is relevant but since I was having issues I thought it might need to be the same. I've tested the radosgw using boto.s3 and it seems to work ok i.e. I can create a bucket, create a folder, list buckets etc. The problem is when the backup software tries to create an object I get an authorization failure. It's using the same user/access/secret as I'm using from boto.s3 and I'm sure the creds are right as it lets me create the initial connection, it just fails when trying to create an object (backup folder). Here's the extract from the radosgw log: - 2015-03-25 15:07:26.449227 7f1050dc7700 2 req 5:0.000419:s3:GET /:list_bucket:init op 2015-03-25 15:07:26.449232 7f1050dc7700 2 req 5:0.000424:s3:GET /:list_bucket:verifying op mask 2015-03-25 15:07:26.449234 7f1050dc7700 20 required_mask= 1 user.op_mask=7 2015-03-25 15:07:26.449235 7f1050dc7700 2 req 5:0.000427:s3:GET /:list_bucket:verifying op permissions 2015-03-25 15:07:26.449237 7f1050dc7700 5 Searching permissions for uid=test mask=49 2015-03-25 15:07:26.449238 7f1050dc7700 5 Found permission: 15 2015-03-25 15:07:26.449239 7f1050dc7700 5 Searching permissions for group=1 mask=49 2015-03-25 15:07:26.449240 7f1050dc7700 5 Found permission: 15 2015-03-25 15:07:26.449241 7f1050dc7700 5 Searching permissions for group=2 mask=49 2015-03-25 15:07:26.449242 7f1050dc7700 5 Found permission: 15 2015-03-25 15:07:26.449243 7f1050dc7700 5 Getting permissions id=test owner=test perm=1 2015-03-25 15:07:26.449244 7f1050dc7700 10 uid=test requested perm (type)=1, policy perm=1, user_perm_mask=1, acl perm=1 2015-03-25 15:07:26.449245 7f1050dc7700 2 req 5:0.000437:s3:GET /:list_bucket:verifying op params 2015-03-25 15:07:26.449247 7f1050dc7700 2 req 5:0.000439:s3:GET /:list_bucket:executing 2015-03-25 15:07:26.449252 7f1050dc7700 10 cls_bucket_list test1(@{i=.us-east.rgw.buckets.index}.us-east.rgw.buckets[us-east.280959.2]) start num 1001 2015-03-25 15:07:26.450828 7f1050dc7700 2 req 5:0.002020:s3:GET /:list_bucket:http status=200 2015-03-25 15:07:26.450832 7f1050dc7700 1 == req done req=0x7f107000e2e0 http_status=200 == 2015-03-25 15:07:26.516999 7f1069df9700 20 enqueued request req=0x7f107000f0e0 2015-03-25 15:07:26.517006 7f1069df9700 20 RGWWQ: 2015-03-25 15:07:26.517007 7f1069df9700 20 req: 0x7f107000f0e0 2015-03-25 15:07:26.517010 7f1069df9700 10 allocated request req=0x7f107000f6b0 2015-03-25 15:07:26.517021 7f1058dd7700 20 dequeued request req=0x7f107000f0e0 2015-03-25 15:07:26.517023 7f1058dd7700 20 RGWWQ: empty 2015-03-25 15:07:26.517081 7f1058dd7700 20 CONTENT_LENGTH=88 2015-03-25 15:07:26.517084 7f1058dd7700 20 CONTENT_TYPE=application/octet-stream 2015-03-25 15:07:26.517085 7f1058dd7700 20 CONTEXT_DOCUMENT_ROOT=/var/www 2015-03-25 15:07:26.517086 7f1058dd7700 20 CONTEXT_PREFIX= 2015-03-25 15:07:26.517087 7f1058dd7700 20 DOCUMENT_ROOT=/var/www 2015-03-25 15:07:26.517088 7f1058dd7700 20 FCGI_ROLE=RESPONDER 2015-03-25 15:07:26.517089 7f1058dd7700 20 GATEWAY_INTERFACE=CGI/1.1 2015-03-25 15:07:26.517090 7f1058dd7700 20 HTTP_AUTHORIZATION=AWS F79L68W19B3GCLOSE3F8:AcXqtvlBzBMpwdL+WuhDRoLT/Bs= 2015-03-25 15:07:26.517091 7f1058dd7700 20 HTTP_CONNECTION=Keep-Alive 2015-03-25 15:07:26.517092 7f1058dd7700 20 HTTP_DATE=Wed, 25 Mar 2015 15:07:26 GMT 2015-03-25 15:07:26.517092 7f1058dd7700 20 HTTP_EXPECT=100-continue 2015-03-25 15:07:26.517093 7f1058dd7700 20 HTTP_HOST=test1.devops-os-cog01.devops.local 2015-03-25 15:07:26.517094 7f1058dd7700 20 HTTP_USER_AGENT=aws-sdk-java/unknown-version Windows_Server_2008_R2/6.1 Java_HotSpot(TM
Re: [ceph-users] Radosgw authorization failed
- Original Message - From: Neville neville.tay...@hotmail.co.uk To: ceph-users@lists.ceph.com Sent: Wednesday, March 25, 2015 8:16:39 AM Subject: [ceph-users] Radosgw authorization failed Hi all, I'm testing backup product which supports Amazon S3 as target for Archive storage and I'm trying to setup a Ceph cluster configured with the S3 API to use as an internal target for backup archives instead of AWS. I've followed the online guide for setting up Radosgw and created a default region and zone based on the AWS naming convention US-East-1. I'm not sure if this is relevant but since I was having issues I thought it might need to be the same. I've tested the radosgw using boto.s3 and it seems to work ok i.e. I can create a bucket, create a folder, list buckets etc. The problem is when the backup software tries to create an object I get an authorization failure. It's using the same user/access/secret as I'm using from boto.s3 and I'm sure the creds are right as it lets me create the initial connection, it just fails when trying to create an object (backup folder). Here's the extract from the radosgw log: - 2015-03-25 15:07:26.449227 7f1050dc7700 2 req 5:0.000419:s3:GET /:list_bucket:init op 2015-03-25 15:07:26.449232 7f1050dc7700 2 req 5:0.000424:s3:GET /:list_bucket:verifying op mask 2015-03-25 15:07:26.449234 7f1050dc7700 20 required_mask= 1 user.op_mask=7 2015-03-25 15:07:26.449235 7f1050dc7700 2 req 5:0.000427:s3:GET /:list_bucket:verifying op permissions 2015-03-25 15:07:26.449237 7f1050dc7700 5 Searching permissions for uid=test mask=49 2015-03-25 15:07:26.449238 7f1050dc7700 5 Found permission: 15 2015-03-25 15:07:26.449239 7f1050dc7700 5 Searching permissions for group=1 mask=49 2015-03-25 15:07:26.449240 7f1050dc7700 5 Found permission: 15 2015-03-25 15:07:26.449241 7f1050dc7700 5 Searching permissions for group=2 mask=49 2015-03-25 15:07:26.449242 7f1050dc7700 5 Found permission: 15 2015-03-25 15:07:26.449243 7f1050dc7700 5 Getting permissions id=test owner=test perm=1 2015-03-25 15:07:26.449244 7f1050dc7700 10 uid=test requested perm (type)=1, policy perm=1, user_perm_mask=1, acl perm=1 2015-03-25 15:07:26.449245 7f1050dc7700 2 req 5:0.000437:s3:GET /:list_bucket:verifying op params 2015-03-25 15:07:26.449247 7f1050dc7700 2 req 5:0.000439:s3:GET /:list_bucket:executing 2015-03-25 15:07:26.449252 7f1050dc7700 10 cls_bucket_list test1(@{i=.us-east.rgw.buckets.index}.us-east.rgw.buckets[us-east.280959.2]) start num 1001 2015-03-25 15:07:26.450828 7f1050dc7700 2 req 5:0.002020:s3:GET /:list_bucket:http status=200 2015-03-25 15:07:26.450832 7f1050dc7700 1 == req done req=0x7f107000e2e0 http_status=200 == 2015-03-25 15:07:26.516999 7f1069df9700 20 enqueued request req=0x7f107000f0e0 2015-03-25 15:07:26.517006 7f1069df9700 20 RGWWQ: 2015-03-25 15:07:26.517007 7f1069df9700 20 req: 0x7f107000f0e0 2015-03-25 15:07:26.517010 7f1069df9700 10 allocated request req=0x7f107000f6b0 2015-03-25 15:07:26.517021 7f1058dd7700 20 dequeued request req=0x7f107000f0e0 2015-03-25 15:07:26.517023 7f1058dd7700 20 RGWWQ: empty 2015-03-25 15:07:26.517081 7f1058dd7700 20 CONTENT_LENGTH=88 2015-03-25 15:07:26.517084 7f1058dd7700 20 CONTENT_TYPE=application/octet-stream 2015-03-25 15:07:26.517085 7f1058dd7700 20 CONTEXT_DOCUMENT_ROOT=/var/www 2015-03-25 15:07:26.517086 7f1058dd7700 20 CONTEXT_PREFIX= 2015-03-25 15:07:26.517087 7f1058dd7700 20 DOCUMENT_ROOT=/var/www 2015-03-25 15:07:26.517088 7f1058dd7700 20 FCGI_ROLE=RESPONDER 2015-03-25 15:07:26.517089 7f1058dd7700 20 GATEWAY_INTERFACE=CGI/1.1 2015-03-25 15:07:26.517090 7f1058dd7700 20 HTTP_AUTHORIZATION=AWS F79L68W19B3GCLOSE3F8:AcXqtvlBzBMpwdL+WuhDRoLT/Bs= 2015-03-25 15:07:26.517091 7f1058dd7700 20 HTTP_CONNECTION=Keep-Alive 2015-03-25 15:07:26.517092 7f1058dd7700 20 HTTP_DATE=Wed, 25 Mar 2015 15:07:26 GMT 2015-03-25 15:07:26.517092 7f1058dd7700 20 HTTP_EXPECT=100-continue 2015-03-25 15:07:26.517093 7f1058dd7700 20 HTTP_HOST=test1.devops-os-cog01.devops.local 2015-03-25 15:07:26.517094 7f1058dd7700 20 HTTP_USER_AGENT=aws-sdk-java/unknown-version Windows_Server_2008_R2/6.1 Java_HotSpot(TM)_Client_VM/24.55-b03 2015-03-25 15:07:26.517096 7f1058dd7700 20 HTTP_X_AMZ_META_CREATIONTIME=2015-03-25T15:07:26 2015-03-25 15:07:26.517097 7f1058dd7700 20 HTTP_X_AMZ_META_SIZE=88 2015-03-25 15:07:26.517098 7f1058dd7700 20 HTTP_X_AMZ_STORAGE_CLASS=STANDARD 2015-03-25 15:07:26.517099 7f1058dd7700 20 HTTPS=on 2015-03-25 15:07:26.517100 7f1058dd7700 20 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 2015-03-25 15:07:26.517100 7f1058dd7700 20 QUERY_STRING= 2015-03-25 15:07:26.517101 7f1058dd7700 20 REMOTE_ADDR=10.40.41.106 2015-03-25 15:07:26.517102 7f1058dd7700 20 REMOTE_PORT=55439 2015-03-25 15:07:26.517103 7f1058dd7700 20
[ceph-users] Radosgw authorization failed
Hi all, I'm testing backup product which supports Amazon S3 as target for Archive storage and I'm trying to setup a Ceph cluster configured with the S3 API to use as an internal target for backup archives instead of AWS. I've followed the online guide for setting up Radosgw and created a default region and zone based on the AWS naming convention US-East-1. I'm not sure if this is relevant but since I was having issues I thought it might need to be the same. I've tested the radosgw using boto.s3 and it seems to work ok i.e. I can create a bucket, create a folder, list buckets etc. The problem is when the backup software tries to create an object I get an authorization failure. It's using the same user/access/secret as I'm using from boto.s3 and I'm sure the creds are right as it lets me create the initial connection, it just fails when trying to create an object (backup folder). Here's the extract from the radosgw log: - 2015-03-25 15:07:26.449227 7f1050dc7700 2 req 5:0.000419:s3:GET /:list_bucket:init op 2015-03-25 15:07:26.449232 7f1050dc7700 2 req 5:0.000424:s3:GET /:list_bucket:verifying op mask 2015-03-25 15:07:26.449234 7f1050dc7700 20 required_mask= 1 user.op_mask=7 2015-03-25 15:07:26.449235 7f1050dc7700 2 req 5:0.000427:s3:GET /:list_bucket:verifying op permissions 2015-03-25 15:07:26.449237 7f1050dc7700 5 Searching permissions for uid=test mask=49 2015-03-25 15:07:26.449238 7f1050dc7700 5 Found permission: 15 2015-03-25 15:07:26.449239 7f1050dc7700 5 Searching permissions for group=1 mask=49 2015-03-25 15:07:26.449240 7f1050dc7700 5 Found permission: 15 2015-03-25 15:07:26.449241 7f1050dc7700 5 Searching permissions for group=2 mask=49 2015-03-25 15:07:26.449242 7f1050dc7700 5 Found permission: 15 2015-03-25 15:07:26.449243 7f1050dc7700 5 Getting permissions id=test owner=test perm=1 2015-03-25 15:07:26.449244 7f1050dc7700 10 uid=test requested perm (type)=1, policy perm=1, user_perm_mask=1, acl perm=1 2015-03-25 15:07:26.449245 7f1050dc7700 2 req 5:0.000437:s3:GET /:list_bucket:verifying op params 2015-03-25 15:07:26.449247 7f1050dc7700 2 req 5:0.000439:s3:GET /:list_bucket:executing 2015-03-25 15:07:26.449252 7f1050dc7700 10 cls_bucket_list test1(@{i=.us-east.rgw.buckets.index}.us-east.rgw.buckets[us-east.280959.2]) start num 1001 2015-03-25 15:07:26.450828 7f1050dc7700 2 req 5:0.002020:s3:GET /:list_bucket:http status=200 2015-03-25 15:07:26.450832 7f1050dc7700 1 == req done req=0x7f107000e2e0 http_status=200 == 2015-03-25 15:07:26.516999 7f1069df9700 20 enqueued request req=0x7f107000f0e0 2015-03-25 15:07:26.517006 7f1069df9700 20 RGWWQ: 2015-03-25 15:07:26.517007 7f1069df9700 20 req: 0x7f107000f0e0 2015-03-25 15:07:26.517010 7f1069df9700 10 allocated request req=0x7f107000f6b0 2015-03-25 15:07:26.517021 7f1058dd7700 20 dequeued request req=0x7f107000f0e0 2015-03-25 15:07:26.517023 7f1058dd7700 20 RGWWQ: empty 2015-03-25 15:07:26.517081 7f1058dd7700 20 CONTENT_LENGTH=88 2015-03-25 15:07:26.517084 7f1058dd7700 20 CONTENT_TYPE=application/octet-stream 2015-03-25 15:07:26.517085 7f1058dd7700 20 CONTEXT_DOCUMENT_ROOT=/var/www 2015-03-25 15:07:26.517086 7f1058dd7700 20 CONTEXT_PREFIX= 2015-03-25 15:07:26.517087 7f1058dd7700 20 DOCUMENT_ROOT=/var/www 2015-03-25 15:07:26.517088 7f1058dd7700 20 FCGI_ROLE=RESPONDER 2015-03-25 15:07:26.517089 7f1058dd7700 20 GATEWAY_INTERFACE=CGI/1.1 2015-03-25 15:07:26.517090 7f1058dd7700 20 HTTP_AUTHORIZATION=AWS F79L68W19B3GCLOSE3F8:AcXqtvlBzBMpwdL+WuhDRoLT/Bs= 2015-03-25 15:07:26.517091 7f1058dd7700 20 HTTP_CONNECTION=Keep-Alive 2015-03-25 15:07:26.517092 7f1058dd7700 20 HTTP_DATE=Wed, 25 Mar 2015 15:07:26 GMT 2015-03-25 15:07:26.517092 7f1058dd7700 20 HTTP_EXPECT=100-continue 2015-03-25 15:07:26.517093 7f1058dd7700 20 HTTP_HOST=test1.devops-os-cog01.devops.local 2015-03-25 15:07:26.517094 7f1058dd7700 20 HTTP_USER_AGENT=aws-sdk-java/unknown-version Windows_Server_2008_R2/6.1 Java_HotSpot(TM)_Client_VM/24.55-b03 2015-03-25 15:07:26.517096 7f1058dd7700 20 HTTP_X_AMZ_META_CREATIONTIME=2015-03-25T15:07:26 2015-03-25 15:07:26.517097 7f1058dd7700 20 HTTP_X_AMZ_META_SIZE=88 2015-03-25 15:07:26.517098 7f1058dd7700 20 HTTP_X_AMZ_STORAGE_CLASS=STANDARD 2015-03-25 15:07:26.517099 7f1058dd7700 20 HTTPS=on 2015-03-25 15:07:26.517100 7f1058dd7700 20 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 2015-03-25 15:07:26.517100 7f1058dd7700 20 QUERY_STRING= 2015-03-25 15:07:26.517101 7f1058dd7700 20 REMOTE_ADDR=10.40.41.106 2015-03-25 15:07:26.517102 7f1058dd7700 20 REMOTE_PORT=55439 2015-03-25 15:07:26.517103 7f1058dd7700 20 REQUEST_METHOD=PUT 2015-03-25 15:07:26.517104 7f1058dd7700 20 REQUEST_SCHEME=https 2015-03-25 15:07:26.517105 7f1058dd7700 20 REQUEST_URI=/ca_ccifs_c6dccf63-ec57-45b2-87e7-d9b14b971ca3 2015-03-25 15:07:26.517106 7f1058dd7700 20