AW: AW: RadosGW S3 Api

[Jäger, Philipp <Philipp.Jaeger@xxxxxxx>]

There should be only one bucket, certain people should only have read rights in this bucket, other people read/write rights, but no one should be able to create new buckets.
The s3 account you create in the manual has got full permissions.

Von: Caleb Miles [mailto:caleb.miles@xxxxxxxxxxx] 
Gesendet: Sonntag, 3. Februar 2013 00:48
An: Jäger, Philipp
Cc: John Axel Eriksson; ceph-devel@xxxxxxxxxxxxxxx; Yehuda Sadeh
Betreff: Re: AW: AW: RadosGW S3 Api

Why do you want a user that isn't allowed to create buckets?
On Feb 2, 2013 2:25 PM, "Jäger, Philipp" <Philipp.Jaeger@xxxxxxx> wrote:
Hey,

i hope so. Thank you very much :)

-----Ursprüngliche Nachricht-----
Von: John Axel Eriksson [mailto:john@xxxxxxxxx]
Gesendet: Freitag, 1. Februar 2013 23:26
An: Jäger, Philipp
Cc: Yehuda Sadeh; ceph-devel@xxxxxxxxxxxxxxx
Betreff: Re: AW: RadosGW S3 Api

Unfortunately we're not using it that
way, so I don't know what possibilities there are. Hopefully someone else can help you out.

Good luck!

31 jan 2013 kl. 10:32 skrev Jäger, Philipp <Philipp.Jaeger@xxxxxxx>:

> Hello,
>
> thank you very very much, it works in general now ☺
>
> Can you say something about how to limit the rights of the user I created like in the manual?
> We want to create an account, which has no rights to create buckets. cannot find a fitting manual for that.
>
> Thank you very much
>
> Regards
> Philipp
>
> Von: John Axel Eriksson [mailto:john@xxxxxxxxx]
> Gesendet: Donnerstag, 31. Januar 2013 00:11
> An: Jäger, Philipp
> Cc: Yehuda Sadeh; ceph-devel@xxxxxxxxxxxxxxx
> Betreff: Re: RadosGW S3 Api
>
> This is the config we're using:
>
> FastCgiExternalServer /tmp/radosgw.fcgi -socket /var/run/ceph/rgw.sock
>
> LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %O \"%{Referer}i\"
> \"%{User-Agent}i\"" proxy_combined LogFormat "%{X-Forwarded-For}i %h
> %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" proxy_debug
>
> <VirtualHost *:443>
>   ServerName <ourservername>
>   ServerAlias *
>   ServerAdmin admin@<ourservername>
>   DocumentRoot /var/www
>
>   KeepAlive off
>
>   SSLEngine on
>   SSLCertificateFile /etc/apache2/ssl.cert
>   SSLCertificateKeyFile /etc/apache2/ssl.key
>   SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
>
>   RewriteEngine On
>   RewriteRule             ^/(.*) /radosgw.fcgi?%{QUERY_STRING} [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
>
>   <IfModule mod_fastcgi.c>
>     <Directory /var/www/>
>       Options +ExecCGI
>       AllowOverride All
>       SetHandler fastcgi-script
>       Order allow,deny
>       Allow from all
>       AuthBasicAuthoritative Off
>     </Directory>
>   </IfModule>
>
>   AllowEncodedSlashes On
>
>   ErrorLog /var/log/apache2/error.log
>   CustomLog /var/log/apache2/rgw-access.log proxy_combined
>   ServerSignature Off
> </VirtualHost>
>
> Hope it helps!
>
> John
>
> On Wed, Jan 30, 2013 at 10:13 AM, Jäger, Philipp <Philipp.Jaeger@xxxxxxx> wrote:
> Yeah, therefore i ask about an example apache config with ssl support, its not described in the ceph manual, only you have to active the ssl module, but not how the conf must look.
> I tested the freeware "s3 browser", but it makes also errors...
>
> Do you somebody know who has knowledge about using radosgw with ssl?
>
>
> -----Ursprüngliche Nachricht-----
> Von: yehudasa@xxxxxxxxx [mailto:yehudasa@xxxxxxxxx] Im Auftrag von
> Yehuda Sadeh
> Gesendet: Mittwoch, 30. Januar 2013 18:54
> An: Jäger, Philipp
> Cc: ceph-devel@xxxxxxxxxxxxxxx
> Betreff: Re: RadosGW S3 Api
>
> On Wed, Jan 30, 2013 at 9:34 AM, Jäger, Philipp <Philipp.Jaeger@xxxxxxx> wrote:
>> Hello, thanks for the answer.
>> I don't know, the programmer say the api (s3 api java) wants to connect per https. When you know a possibility to  (de)actiate ssl, I would be happy you can tell:) than im sure its not a ssl problem.
>>
>>
>> Do you know the error message "peer not authenticated"?
>> I think its not a rados error message, because when you google for it, you can see that it's common ssl error in java.
>
> Then it's probably ssl error. Radosgw doesn't generate such an error.
>
>> But it can be an inherited error because of rados misconfiguration I think.
>>
>>
>> How do I know if the gateway can be reached?
>> Nothing special in the logs..
>>
>> Have you looked into the confs in the zip file I added to the mail?
>
> Yeah. there's not much there.
>
>> Im very unsure about the apache ssl configuration, when I set the fastcgi virtual host section also to 443, I get an error message, but I donk think its right to leave it on 80.
>
>
>> Don't you ever set up radosgw with ssl ?
>
> that's really orthogonal to radosgw, more of the web server (apache) issue.
>
> Try using some out of the box s3 client before using the api to help with diagnosing the issue. It looks to me like some issues with your apache configuration (ssl, fastcgi).
>
>
> Yehuda
> --
> To unsubscribe from this list: send the line "unsubscribe ceph-devel"
> in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo
> info at  http://vger.kernel.org/majordomo-info.html
>
��.n��������+%������w��{.n����z��u���ܨ}���Ơz�j:+v�����w����ޙ��&�)ߡ�a����z�ޗ���ݢj��w�f