Hmm....it looks like maybe my issue is bigger than just the swift secret_key not showing up. I started using the other key that's provided under "keys" in the user map just to see if it works but I get 500's back. In my apache error log I get
[Tue May 28 15:19:59 2013] [notice] Apache/2.2.22 (Ubuntu) mod_fastcgi/mod_fastcgi-SNAP-0910052141 configured -- resuming normal operations
[Tue May 28 15:24:04 2013] [error] [client 192.168.1.100] (2)No such file or directory: FastCGI: failed to connect to server "/var/www/s3gw.fcgi": connect() failed
[Tue May 28 15:24:04 2013] [error] [client 192.168.1.100] FastCGI: incomplete headers (0 bytes) received from server "/var/www/s3gw.fcgi"
The errors pop up when I try to hit that endpoint. It's strange because it's owned by www-data which apache is using and has r/x permissions for everyone. I'm thinking maybe there's something wrong in my rewrite rule or with the s3gw.fcgi itself.[Tue May 28 15:19:59 2013] [notice] Apache/2.2.22 (Ubuntu) mod_fastcgi/mod_fastcgi-SNAP-0910052141 configured -- resuming normal operations
[Tue May 28 15:24:04 2013] [error] [client 192.168.1.100] (2)No such file or directory: FastCGI: failed to connect to server "/var/www/s3gw.fcgi": connect() failed
[Tue May 28 15:24:04 2013] [error] [client 192.168.1.100] FastCGI: incomplete headers (0 bytes) received from server "/var/www/s3gw.fcgi"
rewrite rules:
RewriteEngine On
RewriteRule ^/([a-zA-Z0-9-_.]*)([/]?.*) /s3gw.fcgi?page=$1¶ms=$2&%{QUERY_STRING} [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
contents of /var/www/s3gw.fcgi:
#!/bin/sh
exec /usr/bin/radosgw -c /etc/ceph/ceph.conf -n client.radosgw.gateway
#!/bin/sh
exec /usr/bin/radosgw -c /etc/ceph/ceph.conf -n client.radosgw.gateway
On Tue, May 28, 2013 at 11:39 AM, Daniel Curran <danielcurran90@xxxxxxxxx> wrote:
Hey,I'll check see if I can get it going right now. Thanks for taking the time to help out
DanielOn Sat, May 25, 2013 at 7:01 PM, John Wilkins <john.wilkins@xxxxxxxxxxx> wrote:Daniel,
I finished up the procedure this morning and put it up on the web. It
seems to be working fine for me.
On Fri, May 24, 2013 at 3:35 PM, John Wilkins <john.wilkins@xxxxxxxxxxx> wrote:
> Daniel,
>
> I'm working on it. It did need a bit of a rewrite for ceph-deploy,
> even though the steps are conceptually the same. In the step here:
>
> http://ceph.com/docs/master/start/quick-rgw/#modify-the-ceph-configuration-file
>
> 1. The rewrite--not published yet, as I'm working out a few more
> kinks--is to use the ceph-deploy version of the ceph conf file on the
> admin node. So you make the modification to the configuration file
> there; then, use "ceph-deploy config push" to push it to the server
> host.
>
> 2. Create a directory is on the server node, as before.
>
> 3. The rewrite rule there is outside of the <VirtualHost> tags, and
> there are two instances of <VirtualHost>. Remove the first end, and
> second beginning of the </VirtualHost><VirtualHost *:80>, but leave
> the rewrite rule. That was a bug. Sorry.
>
> 4. Then, create the keyring here:
> http://ceph.com/docs/master/start/quick-rgw/#generate-a-keyring-and-key
> It wouldn't have worked before, because you didn't have the right
> keyring in /etc/ceph. The third step in that procedure says
> ceph.keyring. That's no longer correct. By convention with
> ceph-deploy, the key ring is ceph.client.admin.keyring.
>
> 5. http://ceph.com/docs/master/start/quick-rgw/#enable-ssl Do this
> before creating the users if you want to use SSL.
>
> 6. Restart ceph, apache, and radosgw as the root user. Then, proceed
> to creating a user.
>
> I'll add some examples when I get all the quirks ironed out so you can
> just cut and paste.
>
> Regards,
>
>
> John
>
>
> On Fri, May 24, 2013 at 2:22 PM, Daniel Curran <danielcurran90@xxxxxxxxx> wrote:
>>
>>
>> ---------- Forwarded message ----------
>> From: Daniel Curran <danielcurran90@xxxxxxxxx>
>> Date: Fri, May 24, 2013 at 4:21 PM
>> Subject: Re: RADOS Gateway Configuration
>> To: John Wilkins <john.wilkins@xxxxxxxxxxx>
>>
>>
>> Hey,
>>
>> I just finished the 5-minute quick start for rados that was given earlier
>> but I get the same issue.
>>
>>
>> { "user_id": "johndoe",
>> "display_name": "John Doe",
>> "email": "john@xxxxxxxxxxx",
>> "suspended": 0,
>> "max_buckets": 1000,
>> "auid": 0,
>> "subusers": [
>> { "id": "johndoe:swift",
>> "permissions": "full-control"}],
>> "keys": [
>> { "user": "johndoe",
>> "access_key": "ZM3S10OX6SPBDPGZC19J",
>> "secret_key": "AhZlWa1cLkff\/v0NLnMb7HGIAcPu3lMgM8CTKxey"}],
>>
>> "swift_keys": [
>> { "user": "johndoe:swift",
>> "secret_key": ""}],
>> "caps": []}
>>
>> with no secret_key under "swift_keys" for me to pass along. Regenerating the
>> keys doesn't do anything different. I've also tried using the secret_key
>> under "keys" but that doesn't work either. Any thoughts?
>>
>>
>> Thanks your help,
>> Daniel
>>
>>
>>
>>
>> On Thu, May 23, 2013 at 1:28 PM, John Wilkins <john.wilkins@xxxxxxxxxxx>
>> wrote:
>>>
>>> It puts it in the same directory where you executed ceph-deploy.
>>>
>>> On Thu, May 23, 2013 at 10:57 AM, Daniel Curran
>>> <danielcurran90@xxxxxxxxx> wrote:
>>> > Hey John,
>>> >
>>> > Thanks for the reply. I'll check out that other doc you have there. Just
>>> > for
>>> > future reference do you know where ceph-deploy puts the ceph keyring?
>>> >
>>> > Daniel
>>> >
>>> >
>>> > On Wed, May 22, 2013 at 7:19 PM, John Wilkins <john.wilkins@xxxxxxxxxxx>
>>> > wrote:
>>> >>
>>> >> Daniel,
>>> >>
>>> >> It looks like I need to update that portion of the docs too, as it
>>> >> links back to the 5-minute quick start. Once you are up and running
>>> >> with "HEALTH OK" on either the 5-minute Quick Start or Quick Ceph
>>> >> Deploy, your storage cluster is running fine. The remaining issues
>>> >> would likely be with authentication, chmod on the files, or with the
>>> >> RGW setup. There's a quick start for RGW, which I had verified here:
>>> >> http://ceph.com/docs/master/start/quick-rgw/. Someone else had a
>>> >> problem with the Rewrite rule on that example reported here:
>>> >> http://tracker.ceph.com/issues/4608. It's likely I need to run through
>>> >> with specific Ceph and Apache versions. There are also a few
>>> >> additional tips in the configuration section.
>>> >> http://ceph.com/docs/master/radosgw/config/
>>> >>
>>> >> There is an issue in some cases where keys have forward or backslash
>>> >> characters, and you may need to regenerate the keys.
>>> >>
>>> >>
>>> >>
>>> >> On Wed, May 22, 2013 at 4:42 PM, Daniel Curran
>>> >> <danielcurran90@xxxxxxxxx>
>>> >> wrote:
>>> >> >
>>> >> > Hello,
>>> >> >
>>> >> > I just started using ceph recently and was trying to get the RADOS
>>> >> > Gateway
>>> >> > working in order to use the Swift compatible API. I followed the
>>> >> > install
>>> >> > instructions found here (http://ceph.com/docs/master
>>> >> > /start/quick-ceph-deploy/) and got to a point where "ceph health"
>>> >> > give
>>> >> > me
>>> >> > HEALTH_OK. This is all well and good but near the end of the rados gw
>>> >> > setup
>>> >> > (found here http://ceph.com/docs/master/radosgw/manual-install/) I
>>> >> > need
>>> >> > to
>>> >> > execute the following line:
>>> >> >
>>> >> > sudo ceph -k /etc/ceph/ceph.keyring auth add client.radosgw.gateway
>>> >> > -i
>>> >> > /etc/ceph/keyring.radosgw.gateway
>>> >> >
>>> >> > Unfortunately, I don't believe ceph-deploy places the keyring at
>>> >> > /etc/ceph/ceph.keyring. I tried to use the one from
>>> >> > /var/lib/ceph/bootstrap-osd/ceph.keyring but it was unable to
>>> >> > authenticate
>>> >> > as client.admin. Is there another location that the keyring needs to
>>> >> > be
>>> >> > copied from or am I doing something totally wrong?
>>> >> >
>>> >> > I didn't want to be held back so I restarted and did the manual
>>> >> > install
>>> >> > from
>>> >> > the 5-minute quick start where I was able to find the ring. I had
>>> >> > more
>>> >> > issues almost immediately. I have to execute the following steps to
>>> >> > create
>>> >> > some users for swift:
>>> >> >
>>> >> > radosgw-admin user create --uid=johndoe --display-name="John Doe"
>>> >> > --email=john@xxxxxxxxxxx
>>> >> > sudo radosgw-admin subuser create --uid=johndoe
>>> >> > --subuser=johndoe:swift
>>> >> > --access=full
>>> >> >
>>> >> > sudo radosgw-admin key create --subuser=johndoe:swift
>>> >> > --key-type=swift
>>> >> >
>>> >> > The first two gave me output I was expecting but the very last line
>>> >> > had
>>> >> > some
>>> >> > weirdness that essentially made swift unusable. The expected output
>>> >> > is
>>> >> > something along these lines:
>>> >> >
>>> >> > { "user_id": "johndoe",
>>> >> > "rados_uid": 0,
>>> >> > "display_name": "John Doe",
>>> >> > "email": "john@xxxxxxxxxxx",
>>> >> > "suspended": 0,
>>> >> > "subusers": [
>>> >> > { "id": "johndoe:swift",
>>> >> > "permissions": "full-control"}],
>>> >> > "keys": [
>>> >> > { "user": "johndoe",
>>> >> > "access_key": "QFAMEDSJP5DEKJO0DDXY",
>>> >> > "secret_key": "iaSFLDVvDdQt6lkNzHyW4fPLZugBAI1g17LO0+87"}],
>>> >> > "swift_keys": [
>>> >> > { "user": "johndoe:swift",
>>> >> > "secret_key": "E9T2rUZNu2gxUjcwUBO8n\/Ev4KX6\/GprEuH4qhu1"}]}
>>> >> >
>>> >> > Where that last secret key is what we hand the swift CLI as seen
>>> >> > here:
>>> >> >
>>> >> > swift -V 1.0 -A http://radosgw.example.com/auth -U johndoe:swift -K
>>> >> > E9T2rUZNu2gxUjcwUBO8n\/Ev4KX6\/GprEuH4qhu1 post test
>>> >> >
>>> >> > However, my output came out like this:
>>> >> >
>>> >> > { "user_id": "johndoe",
>>> >> > "display_name": "John Doe",
>>> >> > "email": "john@xxxxxxxxxxx",
>>> >> > "suspended": 0,
>>> >> > "max_buckets: 1000,
>>> >> > "auid": 0,
>>> >> > "subusers": [
>>> >> > { "id": "johndoe:swift",
>>> >> > "permissions": "full-control"}],
>>> >> > "keys": [
>>> >> > { "user": "johndoe",
>>> >> > "access_key": "SUEXWVL3WB2Z64CRAG97",
>>> >> > "secret_key": "C\/jHFJ3wdPv4iJ+aq4JeZ52LEC3OdnhsYEnVkhBP"}],
>>> >> > "swift_keys": [
>>> >> > { "user": "johndoe:swift",
>>> >> > "secret_key": ""}],
>>> >> > "caps": []}
>>> >> >
>>> >> >
>>> >> > Giving me no swift key to use. I don't believe the key is supposed to
>>> >> > be
>>> >> > blank because I tried that and received auth errors (to the best of
>>> >> > my
>>> >> > ability). I can't tell if this is my fault since I'm new nor am I
>>> >> > able
>>> >> > to
>>> >> > find a way around it. It looks like there are definitely changes
>>> >> > between
>>> >> > the
>>> >> > version used in the doc and mine so maybe it's all working as it
>>> >> > should
>>> >> > but
>>> >> > the secret_key for swift lives somewhere else. If anyone knows
>>> >> > anything
>>> >> > I'd
>>> >> > appreciate it a lot.
>>> >> >
>>> >> > Thank you,
>>> >> > Daniel
>>> >> >
>>> >> >
>>> >> >
>>> >> > _______________________________________________
>>> >> > ceph-users mailing list
>>> >> > ceph-users@xxxxxxxxxxxxxx
>>> >> > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>>> >> >
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> John Wilkins
>>> >> Senior Technical Writer
>>> >> Intank
>>> >> john.wilkins@xxxxxxxxxxx
>>> >> (415) 425-9599
>>> >> http://inktank.com
>>> >
>>> >
>>>
>>>
>>>
>>> --
>>> John Wilkins
>>> Senior Technical Writer
>>> Intank
>>> john.wilkins@xxxxxxxxxxx
>>> (415) 425-9599
>>> http://inktank.com
>>
>>
>>
>
>
>
> --
> John Wilkins
> Senior Technical Writer
> Intank
> john.wilkins@xxxxxxxxxxx
> (415) 425-9599
> http://inktank.com
--
John Wilkins
Senior Technical Writer
Intank
john.wilkins@xxxxxxxxxxx
(415) 425-9599
http://inktank.com
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com