Re: Debugging radosgw/keystone packet signing issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

It might be that it's missing another certificate (for the CA). Under
/etc/keystone/ssl there are a bunch of other certificates, maybe the
instructions are missing one of these.

Yehuda

On Tue, May 28, 2013 at 2:40 AM, Davide Fanciola <dfanciola@xxxxxxxxx> wrote:
> Hi all,
>
>
>
> I’m trying to debug a problem with packet signing between radosgw and
> keystone.
>
>
>
> I have followed the procedure available here
> http://ceph.com/docs/master/radosgw/config/#integrating-with-openstack-keystone,
> but the following problem appears in the logs:
>
>
>
> 2013-05-28 11:24:07.169902 7fea527fc700  2 keystone revoke thread: start
>
> 2013-05-28 11:24:07.169999 7fea527fc700 20 sending request to
> http://ubu-keystone:35357/v2.0/tokens/revoked
>
> 2013-05-28 11:24:07.196865 7fea527fc700 10 request returned {"signed":
> "-----BEGIN
> CMS-----\nMIIBQwYJKoZIhvcNAQcCoIIBNDCCATACAQExCTAHBgUrDgMCGjAeBgkqhkiG9w0B\nBwGgEQQPeyJyZXZva2VkIjogW119MYH/MIH8AgEBMFwwVzELMAkGA1UEBhMCVVMx\nDjAMBgNVBAgTBVVuc2V0MQ4wDAYDVQQHEwVVbnNldDEOMAwGA1UEChMFVW5zZXQx\nGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbQIBATAHBgUrDgMCGjANBgkqhkiG9w0B\nAQEFAASBgA5iHQgrjKoUbuKv/Sd1RNLshdmrAcgT8f5BynkuTaKe/2dlifgAQgY0\neokGC427zC6AnFd6AzZcn+NOjAez2co3BPSHwkYd356+PpLxJ75muzriWbS67MYl\nkWK+hryhX3CqkwrbYBo340bnrsjn1kCzamMVL54Bjbtm8OqcuRCq\n-----END
> CMS-----\n"}
>
> 2013-05-28 11:24:07.196960 7fea527fc700 10 signed=-----BEGIN CMS-----
>
> MIIBQwYJKoZIhvcNAQcCoIIBNDCCATACAQExCTAHBgUrDgMCGjAeBgkqhkiG9w0B
>
> BwGgEQQPeyJyZXZva2VkIjogW119MYH/MIH8AgEBMFwwVzELMAkGA1UEBhMCVVMx
>
> DjAMBgNVBAgTBVVuc2V0MQ4wDAYDVQQHEwVVbnNldDEOMAwGA1UEChMFVW5zZXQx
>
> GDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbQIBATAHBgUrDgMCGjANBgkqhkiG9w0B
>
> AQEFAASBgA5iHQgrjKoUbuKv/Sd1RNLshdmrAcgT8f5BynkuTaKe/2dlifgAQgY0
>
> eokGC427zC6AnFd6AzZcn+NOjAez2co3BPSHwkYd356+PpLxJ75muzriWbS67MYl
>
> kWK+hryhX3CqkwrbYBo340bnrsjn1kCzamMVL54Bjbtm8OqcuRCq
>
> -----END CMS-----
>
>
>
> 2013-05-28 11:24:07.196968 7fea527fc700 10
> content=MIIBQwYJKoZIhvcNAQcCoIIBNDCCATACAQExCTAHBgUrDgMCGjAeBgkqhkiG9w0BBwGgEQQPeyJyZXZva2VkIjogW119MYH/MIH8AgEBMFwwVzELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVVuc2V0MQ4wDAYDVQQHEwVVbnNldDEOMAwGA1UEChMFVW5zZXQxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbQIBATAHBgUrDgMCGjANBgkqhkiG9w0BAQEFAASBgA5iHQgrjKoUbuKv/Sd1RNLshdmrAcgT8f5BynkuTaKe/2dlifgAQgY0eokGC427zC6AnFd6AzZcn+NOjAez2co3BPSHwkYd356+PpLxJ75muzriWbS67MYlkWK+hryhX3CqkwrbYBo340bnrsjn1kCzamMVL54Bjbtm8OqcuRCq
>
> 2013-05-28 11:24:07.197457 7fea527fc700  0 ERROR: signer 0 status =
> SigningCertNotTrusted
>
> 2013-05-28 11:24:07.197470 7fea527fc700  0 ERROR: problem decoding
>
> 2013-05-28 11:24:07.197471 7fea527fc700  0 ceph_decode_cms returned -22
>
> 2013-05-28 11:24:07.197480 7fea527fc700  0 ERROR: keystone revocation
> processing returned error r=-22
>
>
>
>
>
> I’ve already tried to bump up the log levels but with no result. This is
> what I’ve tried :
>
>
>
> debug ms = 1
>
> debug rgw = 20
>
> debug crypto = 5
>
> debug auth = 5
>
> debug none = 5
>
> debug asok = 5
>
>
>
> Is there a way to have a more detailed log of what’s going on?
>
>
>
> Thanks,
>
> Davide
>
>
> _______________________________________________
> ceph-users mailing list
> ceph-users@xxxxxxxxxxxxxx
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux