Re: [ceph-users] Radosgw authorization failed
On 31 Mar 2015, at 11:38, Neville neville.tay...@hotmail.co.uk wrote:
Date: Mon, 30 Mar 2015 12:17:48 -0400
From: yeh...@redhat.com
To: neville.tay...@hotmail.co.uk
CC: ceph-users@lists.ceph.com
Subject: Re: [ceph-users] Radosgw authorization failed
- Original Message -
From: Neville neville.tay...@hotmail.co.uk
To: Yehuda Sadeh-Weinraub yeh...@redhat.com
Cc: ceph-users@lists.ceph.com
Sent: Monday, March 30, 2015 6:49:29 AM
Subject: Re: [ceph-users] Radosgw authorization failed
Date: Wed, 25 Mar 2015 11:43:44 -0400
From: yeh...@redhat.com
To: neville.tay...@hotmail.co.uk
CC: ceph-users@lists.ceph.com
Subject: Re: [ceph-users] Radosgw authorization failed
- Original Message -
From: Neville neville.tay...@hotmail.co.uk
To: ceph-users@lists.ceph.com
Sent: Wednesday, March 25, 2015 8:16:39 AM
Subject: [ceph-users] Radosgw authorization failed
Hi all,
I'm testing backup product which supports Amazon S3 as target for
Archive
storage and I'm trying to setup a Ceph cluster configured with the S3
API
to
use as an internal target for backup archives instead of AWS.
I've followed the online guide for setting up Radosgw and created a
default
region and zone based on the AWS naming convention US-East-1. I'm not
sure
if this is relevant but since I was having issues I thought it might
need
to
be the same.
I've tested the radosgw using boto.s3 and it seems to work ok i.e. I
can
create a bucket, create a folder, list buckets etc. The problem is
when
the
backup software tries to create an object I get an authorization
failure.
It's using the same user/access/secret as I'm using from boto.s3 and
I'm
sure the creds are right as it lets me create the initial connection,
it
just fails when trying to create an object (backup folder).
Here's the extract from the radosgw log:
-
2015-03-25 15:07:26.449227 7f1050dc7700 2 req 5:0.000419:s3:GET
/:list_bucket:init op
2015-03-25 15:07:26.449232 7f1050dc7700 2 req 5:0.000424:s3:GET
/:list_bucket:verifying op mask
2015-03-25 15:07:26.449234 7f1050dc7700 20 required_mask= 1
user.op_mask=7
2015-03-25 15:07:26.449235 7f1050dc7700 2 req 5:0.000427:s3:GET
/:list_bucket:verifying op permissions
2015-03-25 15:07:26.449237 7f1050dc7700 5 Searching permissions for
uid=test
mask=49
2015-03-25 15:07:26.449238 7f1050dc7700 5 Found permission: 15
2015-03-25 15:07:26.449239 7f1050dc7700 5 Searching permissions for
group=1
mask=49
2015-03-25 15:07:26.449240 7f1050dc7700 5 Found permission: 15
2015-03-25 15:07:26.449241 7f1050dc7700 5 Searching permissions for
group=2
mask=49
2015-03-25 15:07:26.449242 7f1050dc7700 5 Found permission: 15
2015-03-25 15:07:26.449243 7f1050dc7700 5 Getting permissions id=test
owner=test perm=1
2015-03-25 15:07:26.449244 7f1050dc7700 10 uid=test requested perm
(type)=1,
policy perm=1, user_perm_mask=1, acl perm=1
2015-03-25 15:07:26.449245 7f1050dc7700 2 req 5:0.000437:s3:GET
/:list_bucket:verifying op params
2015-03-25 15:07:26.449247 7f1050dc7700 2 req 5:0.000439:s3:GET
/:list_bucket:executing
2015-03-25 15:07:26.449252 7f1050dc7700 10 cls_bucket_list
test1(@{i=.us-east.rgw.buckets.index}.us-east.rgw.buckets[us-east.280959.2])
start num 1001
2015-03-25 15:07:26.450828 7f1050dc7700 2 req 5:0.002020:s3:GET
/:list_bucket:http status=200
2015-03-25 15:07:26.450832 7f1050dc7700 1 == req done
req=0x7f107000e2e0
http_status=200 ==
2015-03-25 15:07:26.516999 7f1069df9700 20 enqueued request
req=0x7f107000f0e0
2015-03-25 15:07:26.517006 7f1069df9700 20 RGWWQ:
2015-03-25 15:07:26.517007 7f1069df9700 20 req: 0x7f107000f0e0
2015-03-25 15:07:26.517010 7f1069df9700 10 allocated request
req=0x7f107000f6b0
2015-03-25 15:07:26.517021 7f1058dd7700 20 dequeued request
req=0x7f107000f0e0
2015-03-25 15:07:26.517023 7f1058dd7700 20 RGWWQ: empty
2015-03-25 15:07:26.517081 7f1058dd7700 20 CONTENT_LENGTH=88
2015-03-25 15:07:26.517084 7f1058dd7700 20
CONTENT_TYPE=application/octet-stream
2015-03-25 15:07:26.517085 7f1058dd7700 20
CONTEXT_DOCUMENT_ROOT=/var/www
2015-03-25 15:07:26.517086 7f1058dd7700 20 CONTEXT_PREFIX=
2015-03-25 15:07:26.517087 7f1058dd7700 20 DOCUMENT_ROOT=/var/www
2015-03-25 15:07:26.517088 7f1058dd7700 20 FCGI_ROLE=RESPONDER
2015-03-25 15:07:26.517089 7f1058dd7700 20 GATEWAY_INTERFACE=CGI/1.1
2015-03-25 15:07:26.517090 7f1058dd7700 20
Re: [ceph-users] Radosgw authorization failed
- Original Message -
From: Neville neville.tay...@hotmail.co.uk
To: Yehuda Sadeh-Weinraub yeh...@redhat.com
Cc: ceph-users@lists.ceph.com
Sent: Wednesday, April 1, 2015 11:45:09 AM
Subject: Re: [ceph-users] Radosgw authorization failed
On 31 Mar 2015, at 11:38, Neville neville.tay...@hotmail.co.uk wrote:
Date: Mon, 30 Mar 2015 12:17:48 -0400
From: yeh...@redhat.com
To: neville.tay...@hotmail.co.uk
CC: ceph-users@lists.ceph.com
Subject: Re: [ceph-users] Radosgw authorization failed
- Original Message -
From: Neville neville.tay...@hotmail.co.uk
To: Yehuda Sadeh-Weinraub yeh...@redhat.com
Cc: ceph-users@lists.ceph.com
Sent: Monday, March 30, 2015 6:49:29 AM
Subject: Re: [ceph-users] Radosgw authorization failed
Date: Wed, 25 Mar 2015 11:43:44 -0400
From: yeh...@redhat.com
To: neville.tay...@hotmail.co.uk
CC: ceph-users@lists.ceph.com
Subject: Re: [ceph-users] Radosgw authorization failed
- Original Message -
From: Neville neville.tay...@hotmail.co.uk
To: ceph-users@lists.ceph.com
Sent: Wednesday, March 25, 2015 8:16:39 AM
Subject: [ceph-users] Radosgw authorization failed
Hi all,
I'm testing backup product which supports Amazon S3 as target for
Archive
storage and I'm trying to setup a Ceph cluster configured with the
S3 API
to
use as an internal target for backup archives instead of AWS.
I've followed the online guide for setting up Radosgw and created a
default
region and zone based on the AWS naming convention US-East-1. I'm
not
sure
if this is relevant but since I was having issues I thought it
might need
to
be the same.
I've tested the radosgw using boto.s3 and it seems to work ok i.e.
I can
create a bucket, create a folder, list buckets etc. The problem is
when
the
backup software tries to create an object I get an authorization
failure.
It's using the same user/access/secret as I'm using from boto.s3
and I'm
sure the creds are right as it lets me create the initial
connection, it
just fails when trying to create an object (backup folder).
Here's the extract from the radosgw log:
-
2015-03-25 15:07:26.449227 7f1050dc7700 2 req 5:0.000419:s3:GET
/:list_bucket:init op
2015-03-25 15:07:26.449232 7f1050dc7700 2 req 5:0.000424:s3:GET
/:list_bucket:verifying op mask
2015-03-25 15:07:26.449234 7f1050dc7700 20 required_mask= 1
user.op_mask=7
2015-03-25 15:07:26.449235 7f1050dc7700 2 req 5:0.000427:s3:GET
/:list_bucket:verifying op permissions
2015-03-25 15:07:26.449237 7f1050dc7700 5 Searching permissions for
uid=test
mask=49
2015-03-25 15:07:26.449238 7f1050dc7700 5 Found permission: 15
2015-03-25 15:07:26.449239 7f1050dc7700 5 Searching permissions for
group=1
mask=49
2015-03-25 15:07:26.449240 7f1050dc7700 5 Found permission: 15
2015-03-25 15:07:26.449241 7f1050dc7700 5 Searching permissions for
group=2
mask=49
2015-03-25 15:07:26.449242 7f1050dc7700 5 Found permission: 15
2015-03-25 15:07:26.449243 7f1050dc7700 5 Getting permissions
id=test
owner=test perm=1
2015-03-25 15:07:26.449244 7f1050dc7700 10 uid=test requested perm
(type)=1,
policy perm=1, user_perm_mask=1, acl perm=1
2015-03-25 15:07:26.449245 7f1050dc7700 2 req 5:0.000437:s3:GET
/:list_bucket:verifying op params
2015-03-25 15:07:26.449247 7f1050dc7700 2 req 5:0.000439:s3:GET
/:list_bucket:executing
2015-03-25 15:07:26.449252 7f1050dc7700 10 cls_bucket_list
test1(@{i=.us-east.rgw.buckets.index}.us-east.rgw.buckets[us-east.280959.2])
start num 1001
2015-03-25 15:07:26.450828 7f1050dc7700 2 req 5:0.002020:s3:GET
/:list_bucket:http status=200
2015-03-25 15:07:26.450832 7f1050dc7700 1 == req done
req=0x7f107000e2e0
http_status=200 ==
2015-03-25 15:07:26.516999 7f1069df9700 20 enqueued request
req=0x7f107000f0e0
2015-03-25 15:07:26.517006 7f1069df9700 20 RGWWQ:
2015-03-25 15:07:26.517007 7f1069df9700 20 req: 0x7f107000f0e0
2015-03-25 15:07:26.517010 7f1069df9700 10 allocated request
req=0x7f107000f6b0
2015-03-25 15:07:26.517021 7f1058dd7700 20 dequeued request
req=0x7f107000f0e0
2015-03-25 15:07:26.517023 7f1058dd7700 20 RGWWQ: empty
2015-03-25 15:07:26.517081 7f1058dd7700 20 CONTENT_LENGTH=88
2015-03-25 15:07:26.517084 7f1058dd7700 20
CONTENT_TYPE=application/octet-stream
2015-03-25 15:07:26.517085
Re: [ceph-users] Radosgw authorization failed
Date: Mon, 30 Mar 2015 12:17:48 -0400
From: yeh...@redhat.com
To: neville.tay...@hotmail.co.uk
CC: ceph-users@lists.ceph.com
Subject: Re: [ceph-users] Radosgw authorization failed
- Original Message -
From: Neville neville.tay...@hotmail.co.uk
To: Yehuda Sadeh-Weinraub yeh...@redhat.com
Cc: ceph-users@lists.ceph.com
Sent: Monday, March 30, 2015 6:49:29 AM
Subject: Re: [ceph-users] Radosgw authorization failed
Date: Wed, 25 Mar 2015 11:43:44 -0400
From: yeh...@redhat.com
To: neville.tay...@hotmail.co.uk
CC: ceph-users@lists.ceph.com
Subject: Re: [ceph-users] Radosgw authorization failed
- Original Message -
From: Neville neville.tay...@hotmail.co.uk
To: ceph-users@lists.ceph.com
Sent: Wednesday, March 25, 2015 8:16:39 AM
Subject: [ceph-users] Radosgw authorization failed
Hi all,
I'm testing backup product which supports Amazon S3 as target for
Archive
storage and I'm trying to setup a Ceph cluster configured with the S3
API
to
use as an internal target for backup archives instead of AWS.
I've followed the online guide for setting up Radosgw and created a
default
region and zone based on the AWS naming convention US-East-1. I'm not
sure
if this is relevant but since I was having issues I thought it might
need
to
be the same.
I've tested the radosgw using boto.s3 and it seems to work ok i.e. I can
create a bucket, create a folder, list buckets etc. The problem is when
the
backup software tries to create an object I get an authorization
failure.
It's using the same user/access/secret as I'm using from boto.s3 and I'm
sure the creds are right as it lets me create the initial connection, it
just fails when trying to create an object (backup folder).
Here's the extract from the radosgw log:
-
2015-03-25 15:07:26.449227 7f1050dc7700 2 req 5:0.000419:s3:GET
/:list_bucket:init op
2015-03-25 15:07:26.449232 7f1050dc7700 2 req 5:0.000424:s3:GET
/:list_bucket:verifying op mask
2015-03-25 15:07:26.449234 7f1050dc7700 20 required_mask= 1
user.op_mask=7
2015-03-25 15:07:26.449235 7f1050dc7700 2 req 5:0.000427:s3:GET
/:list_bucket:verifying op permissions
2015-03-25 15:07:26.449237 7f1050dc7700 5 Searching permissions for
uid=test
mask=49
2015-03-25 15:07:26.449238 7f1050dc7700 5 Found permission: 15
2015-03-25 15:07:26.449239 7f1050dc7700 5 Searching permissions for
group=1
mask=49
2015-03-25 15:07:26.449240 7f1050dc7700 5 Found permission: 15
2015-03-25 15:07:26.449241 7f1050dc7700 5 Searching permissions for
group=2
mask=49
2015-03-25 15:07:26.449242 7f1050dc7700 5 Found permission: 15
2015-03-25 15:07:26.449243 7f1050dc7700 5 Getting permissions id=test
owner=test perm=1
2015-03-25 15:07:26.449244 7f1050dc7700 10 uid=test requested perm
(type)=1,
policy perm=1, user_perm_mask=1, acl perm=1
2015-03-25 15:07:26.449245 7f1050dc7700 2 req 5:0.000437:s3:GET
/:list_bucket:verifying op params
2015-03-25 15:07:26.449247 7f1050dc7700 2 req 5:0.000439:s3:GET
/:list_bucket:executing
2015-03-25 15:07:26.449252 7f1050dc7700 10 cls_bucket_list
test1(@{i=.us-east.rgw.buckets.index}.us-east.rgw.buckets[us-east.280959.2])
start num 1001
2015-03-25 15:07:26.450828 7f1050dc7700 2 req 5:0.002020:s3:GET
/:list_bucket:http status=200
2015-03-25 15:07:26.450832 7f1050dc7700 1 == req done
req=0x7f107000e2e0
http_status=200 ==
2015-03-25 15:07:26.516999 7f1069df9700 20 enqueued request
req=0x7f107000f0e0
2015-03-25 15:07:26.517006 7f1069df9700 20 RGWWQ:
2015-03-25 15:07:26.517007 7f1069df9700 20 req: 0x7f107000f0e0
2015-03-25 15:07:26.517010 7f1069df9700 10 allocated request
req=0x7f107000f6b0
2015-03-25 15:07:26.517021 7f1058dd7700 20 dequeued request
req=0x7f107000f0e0
2015-03-25 15:07:26.517023 7f1058dd7700 20 RGWWQ: empty
2015-03-25 15:07:26.517081 7f1058dd7700 20 CONTENT_LENGTH=88
2015-03-25 15:07:26.517084 7f1058dd7700 20
CONTENT_TYPE=application/octet-stream
2015-03-25 15:07:26.517085 7f1058dd7700 20
CONTEXT_DOCUMENT_ROOT=/var/www
2015-03-25 15:07:26.517086 7f1058dd7700 20 CONTEXT_PREFIX=
2015-03-25 15:07:26.517087 7f1058dd7700 20 DOCUMENT_ROOT=/var/www
2015-03-25 15:07:26.517088 7f1058dd7700 20 FCGI_ROLE=RESPONDER
2015-03-25 15:07:26.517089 7f1058dd7700 20 GATEWAY_INTERFACE=CGI/1.1
2015-03-25 15:07:26.517090 7f1058dd7700 20 HTTP_AUTHORIZATION=AWS
F79L68W19B3GCLOSE3F8:AcXqtvlBzBMpwdL+WuhDRoLT/Bs=
2015-03-25 15:07:26.517091 7f1058dd7700 20 HTTP_CONNECTION=Keep-Alive
2015-03-25 15:07:26.517092 7f1058dd7700 20 HTTP_DATE=Wed, 25 Mar 2015
Re: [ceph-users] Radosgw authorization failed
Date: Wed, 25 Mar 2015 11:43:44 -0400
From: yeh...@redhat.com
To: neville.tay...@hotmail.co.uk
CC: ceph-users@lists.ceph.com
Subject: Re: [ceph-users] Radosgw authorization failed
- Original Message -
From: Neville neville.tay...@hotmail.co.uk
To: ceph-users@lists.ceph.com
Sent: Wednesday, March 25, 2015 8:16:39 AM
Subject: [ceph-users] Radosgw authorization failed
Hi all,
I'm testing backup product which supports Amazon S3 as target for Archive
storage and I'm trying to setup a Ceph cluster configured with the S3 API to
use as an internal target for backup archives instead of AWS.
I've followed the online guide for setting up Radosgw and created a default
region and zone based on the AWS naming convention US-East-1. I'm not sure
if this is relevant but since I was having issues I thought it might need to
be the same.
I've tested the radosgw using boto.s3 and it seems to work ok i.e. I can
create a bucket, create a folder, list buckets etc. The problem is when the
backup software tries to create an object I get an authorization failure.
It's using the same user/access/secret as I'm using from boto.s3 and I'm
sure the creds are right as it lets me create the initial connection, it
just fails when trying to create an object (backup folder).
Here's the extract from the radosgw log:
-
2015-03-25 15:07:26.449227 7f1050dc7700 2 req 5:0.000419:s3:GET
/:list_bucket:init op
2015-03-25 15:07:26.449232 7f1050dc7700 2 req 5:0.000424:s3:GET
/:list_bucket:verifying op mask
2015-03-25 15:07:26.449234 7f1050dc7700 20 required_mask= 1 user.op_mask=7
2015-03-25 15:07:26.449235 7f1050dc7700 2 req 5:0.000427:s3:GET
/:list_bucket:verifying op permissions
2015-03-25 15:07:26.449237 7f1050dc7700 5 Searching permissions for uid=test
mask=49
2015-03-25 15:07:26.449238 7f1050dc7700 5 Found permission: 15
2015-03-25 15:07:26.449239 7f1050dc7700 5 Searching permissions for group=1
mask=49
2015-03-25 15:07:26.449240 7f1050dc7700 5 Found permission: 15
2015-03-25 15:07:26.449241 7f1050dc7700 5 Searching permissions for group=2
mask=49
2015-03-25 15:07:26.449242 7f1050dc7700 5 Found permission: 15
2015-03-25 15:07:26.449243 7f1050dc7700 5 Getting permissions id=test
owner=test perm=1
2015-03-25 15:07:26.449244 7f1050dc7700 10 uid=test requested perm (type)=1,
policy perm=1, user_perm_mask=1, acl perm=1
2015-03-25 15:07:26.449245 7f1050dc7700 2 req 5:0.000437:s3:GET
/:list_bucket:verifying op params
2015-03-25 15:07:26.449247 7f1050dc7700 2 req 5:0.000439:s3:GET
/:list_bucket:executing
2015-03-25 15:07:26.449252 7f1050dc7700 10 cls_bucket_list
test1(@{i=.us-east.rgw.buckets.index}.us-east.rgw.buckets[us-east.280959.2])
start num 1001
2015-03-25 15:07:26.450828 7f1050dc7700 2 req 5:0.002020:s3:GET
/:list_bucket:http status=200
2015-03-25 15:07:26.450832 7f1050dc7700 1 == req done req=0x7f107000e2e0
http_status=200 ==
2015-03-25 15:07:26.516999 7f1069df9700 20 enqueued request
req=0x7f107000f0e0
2015-03-25 15:07:26.517006 7f1069df9700 20 RGWWQ:
2015-03-25 15:07:26.517007 7f1069df9700 20 req: 0x7f107000f0e0
2015-03-25 15:07:26.517010 7f1069df9700 10 allocated request
req=0x7f107000f6b0
2015-03-25 15:07:26.517021 7f1058dd7700 20 dequeued request
req=0x7f107000f0e0
2015-03-25 15:07:26.517023 7f1058dd7700 20 RGWWQ: empty
2015-03-25 15:07:26.517081 7f1058dd7700 20 CONTENT_LENGTH=88
2015-03-25 15:07:26.517084 7f1058dd7700 20
CONTENT_TYPE=application/octet-stream
2015-03-25 15:07:26.517085 7f1058dd7700 20 CONTEXT_DOCUMENT_ROOT=/var/www
2015-03-25 15:07:26.517086 7f1058dd7700 20 CONTEXT_PREFIX=
2015-03-25 15:07:26.517087 7f1058dd7700 20 DOCUMENT_ROOT=/var/www
2015-03-25 15:07:26.517088 7f1058dd7700 20 FCGI_ROLE=RESPONDER
2015-03-25 15:07:26.517089 7f1058dd7700 20 GATEWAY_INTERFACE=CGI/1.1
2015-03-25 15:07:26.517090 7f1058dd7700 20 HTTP_AUTHORIZATION=AWS
F79L68W19B3GCLOSE3F8:AcXqtvlBzBMpwdL+WuhDRoLT/Bs=
2015-03-25 15:07:26.517091 7f1058dd7700 20 HTTP_CONNECTION=Keep-Alive
2015-03-25 15:07:26.517092 7f1058dd7700 20 HTTP_DATE=Wed, 25 Mar 2015
15:07:26 GMT
2015-03-25 15:07:26.517092 7f1058dd7700 20 HTTP_EXPECT=100-continue
2015-03-25 15:07:26.517093 7f1058dd7700 20
HTTP_HOST=test1.devops-os-cog01.devops.local
2015-03-25 15:07:26.517094 7f1058dd7700 20
HTTP_USER_AGENT=aws-sdk-java/unknown-version Windows_Server_2008_R2/6.1
Java_HotSpot(TM)_Client_VM/24.55-b03
2015-03-25 15:07:26.517096 7f1058dd7700 20
HTTP_X_AMZ_META_CREATIONTIME=2015-03-25T15:07:26
2015-03-25 15:07:26.517097 7f1058dd7700 20 HTTP_X_AMZ_META_SIZE=88
2015-03-25 15:07:26.517098 7f1058dd7700 20 HTTP_X_AMZ_STORAGE_CLASS=STANDARD
2015-03-25 15:07:26.517099 7f1058dd7700 20 HTTPS=on
2015-03-25 15:07:26.517100 7f1058dd7700 20
PATH=/usr
Re: [ceph-users] Radosgw authorization failed
- Original Message -
From: Neville neville.tay...@hotmail.co.uk
To: Yehuda Sadeh-Weinraub yeh...@redhat.com
Cc: ceph-users@lists.ceph.com
Sent: Monday, March 30, 2015 6:49:29 AM
Subject: Re: [ceph-users] Radosgw authorization failed
Date: Wed, 25 Mar 2015 11:43:44 -0400
From: yeh...@redhat.com
To: neville.tay...@hotmail.co.uk
CC: ceph-users@lists.ceph.com
Subject: Re: [ceph-users] Radosgw authorization failed
- Original Message -
From: Neville neville.tay...@hotmail.co.uk
To: ceph-users@lists.ceph.com
Sent: Wednesday, March 25, 2015 8:16:39 AM
Subject: [ceph-users] Radosgw authorization failed
Hi all,
I'm testing backup product which supports Amazon S3 as target for Archive
storage and I'm trying to setup a Ceph cluster configured with the S3 API
to
use as an internal target for backup archives instead of AWS.
I've followed the online guide for setting up Radosgw and created a
default
region and zone based on the AWS naming convention US-East-1. I'm not
sure
if this is relevant but since I was having issues I thought it might need
to
be the same.
I've tested the radosgw using boto.s3 and it seems to work ok i.e. I can
create a bucket, create a folder, list buckets etc. The problem is when
the
backup software tries to create an object I get an authorization failure.
It's using the same user/access/secret as I'm using from boto.s3 and I'm
sure the creds are right as it lets me create the initial connection, it
just fails when trying to create an object (backup folder).
Here's the extract from the radosgw log:
-
2015-03-25 15:07:26.449227 7f1050dc7700 2 req 5:0.000419:s3:GET
/:list_bucket:init op
2015-03-25 15:07:26.449232 7f1050dc7700 2 req 5:0.000424:s3:GET
/:list_bucket:verifying op mask
2015-03-25 15:07:26.449234 7f1050dc7700 20 required_mask= 1
user.op_mask=7
2015-03-25 15:07:26.449235 7f1050dc7700 2 req 5:0.000427:s3:GET
/:list_bucket:verifying op permissions
2015-03-25 15:07:26.449237 7f1050dc7700 5 Searching permissions for
uid=test
mask=49
2015-03-25 15:07:26.449238 7f1050dc7700 5 Found permission: 15
2015-03-25 15:07:26.449239 7f1050dc7700 5 Searching permissions for
group=1
mask=49
2015-03-25 15:07:26.449240 7f1050dc7700 5 Found permission: 15
2015-03-25 15:07:26.449241 7f1050dc7700 5 Searching permissions for
group=2
mask=49
2015-03-25 15:07:26.449242 7f1050dc7700 5 Found permission: 15
2015-03-25 15:07:26.449243 7f1050dc7700 5 Getting permissions id=test
owner=test perm=1
2015-03-25 15:07:26.449244 7f1050dc7700 10 uid=test requested perm
(type)=1,
policy perm=1, user_perm_mask=1, acl perm=1
2015-03-25 15:07:26.449245 7f1050dc7700 2 req 5:0.000437:s3:GET
/:list_bucket:verifying op params
2015-03-25 15:07:26.449247 7f1050dc7700 2 req 5:0.000439:s3:GET
/:list_bucket:executing
2015-03-25 15:07:26.449252 7f1050dc7700 10 cls_bucket_list
test1(@{i=.us-east.rgw.buckets.index}.us-east.rgw.buckets[us-east.280959.2])
start num 1001
2015-03-25 15:07:26.450828 7f1050dc7700 2 req 5:0.002020:s3:GET
/:list_bucket:http status=200
2015-03-25 15:07:26.450832 7f1050dc7700 1 == req done
req=0x7f107000e2e0
http_status=200 ==
2015-03-25 15:07:26.516999 7f1069df9700 20 enqueued request
req=0x7f107000f0e0
2015-03-25 15:07:26.517006 7f1069df9700 20 RGWWQ:
2015-03-25 15:07:26.517007 7f1069df9700 20 req: 0x7f107000f0e0
2015-03-25 15:07:26.517010 7f1069df9700 10 allocated request
req=0x7f107000f6b0
2015-03-25 15:07:26.517021 7f1058dd7700 20 dequeued request
req=0x7f107000f0e0
2015-03-25 15:07:26.517023 7f1058dd7700 20 RGWWQ: empty
2015-03-25 15:07:26.517081 7f1058dd7700 20 CONTENT_LENGTH=88
2015-03-25 15:07:26.517084 7f1058dd7700 20
CONTENT_TYPE=application/octet-stream
2015-03-25 15:07:26.517085 7f1058dd7700 20 CONTEXT_DOCUMENT_ROOT=/var/www
2015-03-25 15:07:26.517086 7f1058dd7700 20 CONTEXT_PREFIX=
2015-03-25 15:07:26.517087 7f1058dd7700 20 DOCUMENT_ROOT=/var/www
2015-03-25 15:07:26.517088 7f1058dd7700 20 FCGI_ROLE=RESPONDER
2015-03-25 15:07:26.517089 7f1058dd7700 20 GATEWAY_INTERFACE=CGI/1.1
2015-03-25 15:07:26.517090 7f1058dd7700 20 HTTP_AUTHORIZATION=AWS
F79L68W19B3GCLOSE3F8:AcXqtvlBzBMpwdL+WuhDRoLT/Bs=
2015-03-25 15:07:26.517091 7f1058dd7700 20 HTTP_CONNECTION=Keep-Alive
2015-03-25 15:07:26.517092 7f1058dd7700 20 HTTP_DATE=Wed, 25 Mar 2015
15:07:26 GMT
2015-03-25 15:07:26.517092 7f1058dd7700 20 HTTP_EXPECT=100-continue
2015-03-25 15:07:26.517093 7f1058dd7700 20
HTTP_HOST=test1.devops-os-cog01.devops.local
2015-03-25 15:07:26.517094 7f1058dd7700 20
HTTP_USER_AGENT=aws-sdk-java/unknown-version Windows_Server_2008_R2/6.1
Java_HotSpot(TM
Re: [ceph-users] Radosgw authorization failed
- Original Message -
From: Neville neville.tay...@hotmail.co.uk
To: ceph-users@lists.ceph.com
Sent: Wednesday, March 25, 2015 8:16:39 AM
Subject: [ceph-users] Radosgw authorization failed
Hi all,
I'm testing backup product which supports Amazon S3 as target for Archive
storage and I'm trying to setup a Ceph cluster configured with the S3 API to
use as an internal target for backup archives instead of AWS.
I've followed the online guide for setting up Radosgw and created a default
region and zone based on the AWS naming convention US-East-1. I'm not sure
if this is relevant but since I was having issues I thought it might need to
be the same.
I've tested the radosgw using boto.s3 and it seems to work ok i.e. I can
create a bucket, create a folder, list buckets etc. The problem is when the
backup software tries to create an object I get an authorization failure.
It's using the same user/access/secret as I'm using from boto.s3 and I'm
sure the creds are right as it lets me create the initial connection, it
just fails when trying to create an object (backup folder).
Here's the extract from the radosgw log:
-
2015-03-25 15:07:26.449227 7f1050dc7700 2 req 5:0.000419:s3:GET
/:list_bucket:init op
2015-03-25 15:07:26.449232 7f1050dc7700 2 req 5:0.000424:s3:GET
/:list_bucket:verifying op mask
2015-03-25 15:07:26.449234 7f1050dc7700 20 required_mask= 1 user.op_mask=7
2015-03-25 15:07:26.449235 7f1050dc7700 2 req 5:0.000427:s3:GET
/:list_bucket:verifying op permissions
2015-03-25 15:07:26.449237 7f1050dc7700 5 Searching permissions for uid=test
mask=49
2015-03-25 15:07:26.449238 7f1050dc7700 5 Found permission: 15
2015-03-25 15:07:26.449239 7f1050dc7700 5 Searching permissions for group=1
mask=49
2015-03-25 15:07:26.449240 7f1050dc7700 5 Found permission: 15
2015-03-25 15:07:26.449241 7f1050dc7700 5 Searching permissions for group=2
mask=49
2015-03-25 15:07:26.449242 7f1050dc7700 5 Found permission: 15
2015-03-25 15:07:26.449243 7f1050dc7700 5 Getting permissions id=test
owner=test perm=1
2015-03-25 15:07:26.449244 7f1050dc7700 10 uid=test requested perm (type)=1,
policy perm=1, user_perm_mask=1, acl perm=1
2015-03-25 15:07:26.449245 7f1050dc7700 2 req 5:0.000437:s3:GET
/:list_bucket:verifying op params
2015-03-25 15:07:26.449247 7f1050dc7700 2 req 5:0.000439:s3:GET
/:list_bucket:executing
2015-03-25 15:07:26.449252 7f1050dc7700 10 cls_bucket_list
test1(@{i=.us-east.rgw.buckets.index}.us-east.rgw.buckets[us-east.280959.2])
start num 1001
2015-03-25 15:07:26.450828 7f1050dc7700 2 req 5:0.002020:s3:GET
/:list_bucket:http status=200
2015-03-25 15:07:26.450832 7f1050dc7700 1 == req done req=0x7f107000e2e0
http_status=200 ==
2015-03-25 15:07:26.516999 7f1069df9700 20 enqueued request
req=0x7f107000f0e0
2015-03-25 15:07:26.517006 7f1069df9700 20 RGWWQ:
2015-03-25 15:07:26.517007 7f1069df9700 20 req: 0x7f107000f0e0
2015-03-25 15:07:26.517010 7f1069df9700 10 allocated request
req=0x7f107000f6b0
2015-03-25 15:07:26.517021 7f1058dd7700 20 dequeued request
req=0x7f107000f0e0
2015-03-25 15:07:26.517023 7f1058dd7700 20 RGWWQ: empty
2015-03-25 15:07:26.517081 7f1058dd7700 20 CONTENT_LENGTH=88
2015-03-25 15:07:26.517084 7f1058dd7700 20
CONTENT_TYPE=application/octet-stream
2015-03-25 15:07:26.517085 7f1058dd7700 20 CONTEXT_DOCUMENT_ROOT=/var/www
2015-03-25 15:07:26.517086 7f1058dd7700 20 CONTEXT_PREFIX=
2015-03-25 15:07:26.517087 7f1058dd7700 20 DOCUMENT_ROOT=/var/www
2015-03-25 15:07:26.517088 7f1058dd7700 20 FCGI_ROLE=RESPONDER
2015-03-25 15:07:26.517089 7f1058dd7700 20 GATEWAY_INTERFACE=CGI/1.1
2015-03-25 15:07:26.517090 7f1058dd7700 20 HTTP_AUTHORIZATION=AWS
F79L68W19B3GCLOSE3F8:AcXqtvlBzBMpwdL+WuhDRoLT/Bs=
2015-03-25 15:07:26.517091 7f1058dd7700 20 HTTP_CONNECTION=Keep-Alive
2015-03-25 15:07:26.517092 7f1058dd7700 20 HTTP_DATE=Wed, 25 Mar 2015
15:07:26 GMT
2015-03-25 15:07:26.517092 7f1058dd7700 20 HTTP_EXPECT=100-continue
2015-03-25 15:07:26.517093 7f1058dd7700 20
HTTP_HOST=test1.devops-os-cog01.devops.local
2015-03-25 15:07:26.517094 7f1058dd7700 20
HTTP_USER_AGENT=aws-sdk-java/unknown-version Windows_Server_2008_R2/6.1
Java_HotSpot(TM)_Client_VM/24.55-b03
2015-03-25 15:07:26.517096 7f1058dd7700 20
HTTP_X_AMZ_META_CREATIONTIME=2015-03-25T15:07:26
2015-03-25 15:07:26.517097 7f1058dd7700 20 HTTP_X_AMZ_META_SIZE=88
2015-03-25 15:07:26.517098 7f1058dd7700 20 HTTP_X_AMZ_STORAGE_CLASS=STANDARD
2015-03-25 15:07:26.517099 7f1058dd7700 20 HTTPS=on
2015-03-25 15:07:26.517100 7f1058dd7700 20
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
2015-03-25 15:07:26.517100 7f1058dd7700 20 QUERY_STRING=
2015-03-25 15:07:26.517101 7f1058dd7700 20 REMOTE_ADDR=10.40.41.106
2015-03-25 15:07:26.517102 7f1058dd7700 20 REMOTE_PORT=55439
2015-03-25 15:07:26.517103 7f1058dd7700 20
[ceph-users] Radosgw authorization failed
Hi all,
I'm testing backup product which supports Amazon S3 as target for Archive
storage and I'm trying to setup a Ceph cluster configured with the S3 API to
use as an internal target for backup archives instead of AWS.
I've followed the online guide for setting up Radosgw and created a default
region and zone based on the AWS naming convention US-East-1. I'm not sure if
this is relevant but since I was having issues I thought it might need to be
the same.
I've tested the radosgw using boto.s3 and it seems to work ok i.e. I can create
a bucket, create a folder, list buckets etc. The problem is when the backup
software tries to create an object I get an authorization failure. It's using
the same user/access/secret as I'm using from boto.s3 and I'm sure the creds
are right as it lets me create the initial connection, it just fails when
trying to create an object (backup folder).
Here's the extract from the radosgw log:
-
2015-03-25 15:07:26.449227 7f1050dc7700 2 req 5:0.000419:s3:GET
/:list_bucket:init op
2015-03-25 15:07:26.449232 7f1050dc7700 2 req 5:0.000424:s3:GET
/:list_bucket:verifying op mask
2015-03-25 15:07:26.449234 7f1050dc7700 20 required_mask= 1 user.op_mask=7
2015-03-25 15:07:26.449235 7f1050dc7700 2 req 5:0.000427:s3:GET
/:list_bucket:verifying op permissions
2015-03-25 15:07:26.449237 7f1050dc7700 5 Searching permissions for uid=test
mask=49
2015-03-25 15:07:26.449238 7f1050dc7700 5 Found permission: 15
2015-03-25 15:07:26.449239 7f1050dc7700 5 Searching permissions for group=1
mask=49
2015-03-25 15:07:26.449240 7f1050dc7700 5 Found permission: 15
2015-03-25 15:07:26.449241 7f1050dc7700 5 Searching permissions for group=2
mask=49
2015-03-25 15:07:26.449242 7f1050dc7700 5 Found permission: 15
2015-03-25 15:07:26.449243 7f1050dc7700 5 Getting permissions id=test
owner=test perm=1
2015-03-25 15:07:26.449244 7f1050dc7700 10 uid=test requested perm (type)=1,
policy perm=1, user_perm_mask=1, acl perm=1
2015-03-25 15:07:26.449245 7f1050dc7700 2 req 5:0.000437:s3:GET
/:list_bucket:verifying op params
2015-03-25 15:07:26.449247 7f1050dc7700 2 req 5:0.000439:s3:GET
/:list_bucket:executing
2015-03-25 15:07:26.449252 7f1050dc7700 10 cls_bucket_list
test1(@{i=.us-east.rgw.buckets.index}.us-east.rgw.buckets[us-east.280959.2])
start num 1001
2015-03-25 15:07:26.450828 7f1050dc7700 2 req 5:0.002020:s3:GET
/:list_bucket:http status=200
2015-03-25 15:07:26.450832 7f1050dc7700 1 == req done req=0x7f107000e2e0
http_status=200 ==
2015-03-25 15:07:26.516999 7f1069df9700 20 enqueued request req=0x7f107000f0e0
2015-03-25 15:07:26.517006 7f1069df9700 20 RGWWQ:
2015-03-25 15:07:26.517007 7f1069df9700 20 req: 0x7f107000f0e0
2015-03-25 15:07:26.517010 7f1069df9700 10 allocated request req=0x7f107000f6b0
2015-03-25 15:07:26.517021 7f1058dd7700 20 dequeued request req=0x7f107000f0e0
2015-03-25 15:07:26.517023 7f1058dd7700 20 RGWWQ: empty
2015-03-25 15:07:26.517081 7f1058dd7700 20 CONTENT_LENGTH=88
2015-03-25 15:07:26.517084 7f1058dd7700 20 CONTENT_TYPE=application/octet-stream
2015-03-25 15:07:26.517085 7f1058dd7700 20 CONTEXT_DOCUMENT_ROOT=/var/www
2015-03-25 15:07:26.517086 7f1058dd7700 20 CONTEXT_PREFIX=
2015-03-25 15:07:26.517087 7f1058dd7700 20 DOCUMENT_ROOT=/var/www
2015-03-25 15:07:26.517088 7f1058dd7700 20 FCGI_ROLE=RESPONDER
2015-03-25 15:07:26.517089 7f1058dd7700 20 GATEWAY_INTERFACE=CGI/1.1
2015-03-25 15:07:26.517090 7f1058dd7700 20 HTTP_AUTHORIZATION=AWS
F79L68W19B3GCLOSE3F8:AcXqtvlBzBMpwdL+WuhDRoLT/Bs=
2015-03-25 15:07:26.517091 7f1058dd7700 20 HTTP_CONNECTION=Keep-Alive
2015-03-25 15:07:26.517092 7f1058dd7700 20 HTTP_DATE=Wed, 25 Mar 2015 15:07:26
GMT
2015-03-25 15:07:26.517092 7f1058dd7700 20 HTTP_EXPECT=100-continue
2015-03-25 15:07:26.517093 7f1058dd7700 20
HTTP_HOST=test1.devops-os-cog01.devops.local
2015-03-25 15:07:26.517094 7f1058dd7700 20
HTTP_USER_AGENT=aws-sdk-java/unknown-version Windows_Server_2008_R2/6.1
Java_HotSpot(TM)_Client_VM/24.55-b03
2015-03-25 15:07:26.517096 7f1058dd7700 20
HTTP_X_AMZ_META_CREATIONTIME=2015-03-25T15:07:26
2015-03-25 15:07:26.517097 7f1058dd7700 20 HTTP_X_AMZ_META_SIZE=88
2015-03-25 15:07:26.517098 7f1058dd7700 20 HTTP_X_AMZ_STORAGE_CLASS=STANDARD
2015-03-25 15:07:26.517099 7f1058dd7700 20 HTTPS=on
2015-03-25 15:07:26.517100 7f1058dd7700 20
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
2015-03-25 15:07:26.517100 7f1058dd7700 20 QUERY_STRING=
2015-03-25 15:07:26.517101 7f1058dd7700 20 REMOTE_ADDR=10.40.41.106
2015-03-25 15:07:26.517102 7f1058dd7700 20 REMOTE_PORT=55439
2015-03-25 15:07:26.517103 7f1058dd7700 20 REQUEST_METHOD=PUT
2015-03-25 15:07:26.517104 7f1058dd7700 20 REQUEST_SCHEME=https
2015-03-25 15:07:26.517105 7f1058dd7700 20
REQUEST_URI=/ca_ccifs_c6dccf63-ec57-45b2-87e7-d9b14b971ca3
2015-03-25 15:07:26.517106 7f1058dd7700 20
