AW: RadosGW S3 Api

Jäger, Philipp <Philipp.Jaeger@xxxxxxx> · Thu, 31 Jan 2013 18:32:10 +0000

Hello,

thank you very very much, it works in general now ☺

Can you say something about how to limit the rights of the user I created like in the manual?
We want to create an account, which has no rights to create buckets. cannot find a fitting manual for that.

Thank you very much

Regards
Philipp

Von: John Axel Eriksson [mailto:john@xxxxxxxxx] 
Gesendet: Donnerstag, 31. Januar 2013 00:11
An: Jäger, Philipp
Cc: Yehuda Sadeh; ceph-devel@xxxxxxxxxxxxxxx
Betreff: Re: RadosGW S3 Api

This is the config we're using:

FastCgiExternalServer /tmp/radosgw.fcgi -socket /var/run/ceph/rgw.sock

LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" proxy_combined
LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" proxy_debug

<VirtualHost *:443>
  ServerName <ourservername>
  ServerAlias *
  ServerAdmin admin@<ourservername>
  DocumentRoot /var/www

  KeepAlive off

  SSLEngine on
  SSLCertificateFile /etc/apache2/ssl.cert
  SSLCertificateKeyFile /etc/apache2/ssl.key
  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

  RewriteEngine On
  RewriteRule             ^/(.*) /radosgw.fcgi?%{QUERY_STRING} [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

  <IfModule mod_fastcgi.c>
    <Directory /var/www/>
      Options +ExecCGI
      AllowOverride All
      SetHandler fastcgi-script
      Order allow,deny
      Allow from all
      AuthBasicAuthoritative Off
    </Directory>
  </IfModule>

  AllowEncodedSlashes On

  ErrorLog /var/log/apache2/error.log
  CustomLog /var/log/apache2/rgw-access.log proxy_combined
  ServerSignature Off
</VirtualHost>

Hope it helps!

John

On Wed, Jan 30, 2013 at 10:13 AM, Jäger, Philipp <Philipp.Jaeger@xxxxxxx> wrote:
Yeah, therefore i ask about an example apache config with ssl support, its not described in the ceph manual, only you have to active the ssl module, but not how the conf must look.
I tested the freeware "s3 browser", but it makes also errors...

Do you somebody know who has knowledge about using radosgw with ssl?

-----Ursprüngliche Nachricht-----
Von: yehudasa@xxxxxxxxx [mailto:yehudasa@xxxxxxxxx] Im Auftrag von Yehuda Sadeh
Gesendet: Mittwoch, 30. Januar 2013 18:54
An: Jäger, Philipp
Cc: ceph-devel@xxxxxxxxxxxxxxx
Betreff: Re: RadosGW S3 Api

On Wed, Jan 30, 2013 at 9:34 AM, Jäger, Philipp <Philipp.Jaeger@xxxxxxx> wrote:
> Hello, thanks for the answer.
> I don't know, the programmer say the api (s3 api java) wants to connect per https. When you know a possibility to  (de)actiate ssl, I would be happy you can tell:) than im sure its not a ssl problem.
>
>
> Do you know the error message "peer not authenticated"?
> I think its not a rados error message, because when you google for it, you can see that it's common ssl error in java.

Then it's probably ssl error. Radosgw doesn't generate such an error.

> But it can be an inherited error because of rados misconfiguration I think.
>
>
> How do I know if the gateway can be reached?
> Nothing special in the logs..
>
> Have you looked into the confs in the zip file I added to the mail?

Yeah. there's not much there.

> Im very unsure about the apache ssl configuration, when I set the fastcgi virtual host section also to 443, I get an error message, but I donk think its right to leave it on 80.

> Don't you ever set up radosgw with ssl ?

that's really orthogonal to radosgw, more of the web server (apache) issue.

Try using some out of the box s3 client before using the api to help with diagnosing the issue. It looks to me like some issues with your apache configuration (ssl, fastcgi).

Yehuda
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

��.n��������+%������w��{.n����z��u���ܨ}���Ơz�j:+v�����w����ޙ��&�)ߡ�a����z�ޗ���ݢj��w�f