Re: Getting started with RADOS Gateway

Shain Miley <SMiley@xxxxxxx> · Mon, 8 Jul 2013 20:35:46 +0000

It is that command...however if you are following the docs (like I did)...then you will see that your key is NOT '/etc/ceph/ceph.keyring' it is '/etc/ceph/ceph.client.admin.keyring'.  So try:

sudo ceph -k /etc/ceph/ceph.client.admin.keyring  auth add client.radosgw.gateway -i /etc/ceph/keyring.radosgw.gateway

The documentation should be updated.

Shain

Shain Miley | Manager of Systems and Infrastructure, Digital Media | smiley@xxxxxxx | 202.513.3649

________________________________________
From: Howarth, Chris  [chris.howarth@xxxxxxxx]
Sent: Monday, July 08, 2013 4:18 PM
To: Shain Miley
Cc: Gregory Farnum; ceph-users@xxxxxxxx
Subject: RE:  Getting started with RADOS Gateway

Shain – you are correct there is no entry in ‘ceph auth list’. How do I register the key ? I have the contents needed:

# ls /etc/ceph
ceph.bootstrap-mds.keyring  ceph.conf              keyring.radosgw.gateway
ceph.bootstrap-osd.keyring  ceph.log
ceph.client.admin.keyring   client.fedora.keyring

# cat keyring.radosgw.gateway
[client.radosgw.gateway]
        key = AQCdGNtRKPNCCxAAZYC77yih4AYknchyFUlL2g==
        caps mds = "allow"
        caps mon = "allow r"
        caps osd = "allow rwx"

How do I register this key in the cluster ? I thought it might be this command which is listed in the docs (but it errors understandably as /etc/ceph/ceph.keyring does not exist ):

# ceph -k /etc/ceph/ceph.keyring auth add client.radosgw.gateway -i /etc/ceph/keyring.radosgw.gateway
2013-07-08 16:15:30.688550 7f5ee8101760 -1 read 139 bytes from /etc/ceph/keyring.radosgw.gateway
2013-07-08 16:15:30.688845 7f5ee8101760 -1 monclient(hunting): ERROR: missing keyring, cannot use cephx for authentication
2013-07-08 16:15:30.688865 7f5ee8101760 -1 ceph_tool_common_init failed.

Sorry for the daft questions. Cephx is confounding me a bit. Thanks for your help.

Chris

From: Shain Miley [mailto:smiley@xxxxxxx]
Sent: 08 July 2013 17:25
To: Howarth, Chris [CCC-OT_IT]
Cc: Gregory Farnum; ceph-users@xxxxxxxx
Subject: Re:  Getting started with RADOS Gateway

What is the output of 'ceph auth list'?

There should be an entry similar to this one:

client.radosgw.gateway
    key: AQB6H9NR6IcMJBAAZOuGdrKPjLXfkEXmNoOirw==
    caps: [mds] allow
    caps: [mon] allow rw
    caps: [osd] allow rwx

If it does not exist you will need to create it.

Shain

On 07/08/2013 12:08 PM, Howarth, Chris wrote:

There is nothing in the radosgw logs. This led me to believe it is not running. Should there be a daemon constantly running ? I assume so, but I can't see one. The radosgw start script runs without error:

# bash -xv /etc/rc.d/init.d/ceph-radosgw start

...

...

+ runuser -s /bin/bash apache -c 'ulimit -S -c 0 >/dev/null 2>&1 ; /usr/bin/radosgw -n client.radosgw.gateway'

+ '[' 0 -eq 0 ']'

+ success 'radosgw -n client.radosgw.gateway startup'

+ '[' color '!=' verbose -a -z '' ']'

+ echo_success

+ '[' color = color ']'

+ echo -en '\033[60G'

+ echo -n '['

[+ '[' color = color ']'

+ echo -en '\033[0;32m'

+ echo -n '  OK  '

  OK  + '[' color = color ']'

+ echo -en '\033[0;39m'

+ echo -n ']'

]+ echo -ne '\r'

+ return 0

+ return 0

+ echo 'Starting client.radosgw.gateway...'

Starting client.radosgw.gateway...

However there is no daemon running. I have tried just running what seems to be the relevant part:

runuser -s /bin/bash apache -c 'ulimit -S -c 0 >/dev/null 2>&1 ; /usr/bin/radosgw -n client.radosgw.gateway'

still no output or anything in the logs. Any suggestions at all ?

many thanks

Chris

-----Original Message-----
From: Gregory Farnum [mailto:greg@xxxxxxxxxxx]
Sent: 05 July 2013 18:46
To: Howarth, Chris [CCC-OT_IT]
Cc: Alvaro Izquierdo Jimeno; ceph-users@xxxxxxxx<mailto:ceph-users@xxxxxxxx>
Subject: Re:  Getting started with RADOS Gateway

I don't have much experience with the swift interface, but based on the 403 you're getting it looks like everything is running. Have you checked the apache logs and the radosgw log (/var/log/ceph/client.radosgw.0.log or something) for clues?

-Greg

Software Engineer #42 @ http://inktank.com | http://ceph.com

On Fri, Jul 5, 2013 at 4:00 AM, Howarth, Chris <chris.howarth@xxxxxxxx<mailto:chris.howarth@xxxxxxxx>> wrote:

> Many thanks Alvaro. I have modified and still have the same issue (see

> below). Could really do with a list of checks to be able to find out

> which components of the radosgw are running correctly and which are not.

>

>

>

> # radosgw-admin subuser create --uid=gwuser1 --subuser=gwuser1:swift

> --access=full

>

> { "user_id": "gwuser1",

>

>   "display_name": "{Rados Gateway User1}",

>

>   "email": "",

>

>   "suspended": 0,

>

>   "max_buckets": 1000,

>

>   "auid": 0,

>

>   "subusers": [

>

>         { "id": "gwuser1:swift",

>

>           "permissions": "full-control"}],

>

>   "keys": [

>

>         { "user": "gwuser1",

>

>           "access_key": "B5CL8KIB8LYH55FDPYPS",

>

>           "secret_key": "B5\/EEMuTaTkSU5sS1zol2OknBPch04ZZdh86GGTA"}],

>

>   "swift_keys": [

>

>         { "user": "gwuser1:swift",

>

>           "secret_key": "kVcKPg1QFu73emgrP7w6JrFs3tvZ4+gLISW+703K"}],

>

>   "caps": []}

>

>

>

> # swift -V 1.0 -A http://10.40.99.165/auth -U gwuser1:swift -K

> "kVcKPg1QFu73emgrP7w6JrFs3tvZ4+gLISW+703K" post chtest

>

> Auth GET failed: http://10.40.99.165:80/auth/ 403 Forbidden

>

>

>

>

>

>

>

> From: Alvaro Izquierdo Jimeno [mailto:aizquierdo@xxxxxxxx]

> Sent: 05 July 2013 10:43

> To: Howarth, Chris [CCC-OT_IT]; ceph-users@xxxxxxxx<mailto:ceph-users@xxxxxxxx>

> Subject: RE: Getting started with RADOS Gateway

>

>

>

> Hi,

>

>

>

> Maybe you forgot some step when creating the subuser, because you have

> empty the subusers field, and you need an id and permisssions….

>

> Something like that:

>

>   "subusers": [

>

>         { "id": " gwuser1:swift",

>

>           "permissions": "full-control"}],

>

>

>

> I think you need to do this step

>

> sudo radosgw-admin subuser create --uid=johndoe

> --subuser=johndoe:swift --access=full

>

>

>

>

>

>

>

> De: ceph-users-bounces@xxxxxxxxxxxxxx<mailto:ceph-users-bounces@xxxxxxxxxxxxxx>

> [mailto:ceph-users-bounces@xxxxxxxxxxxxxx] En nombre de Howarth, Chris

> Enviado el: viernes, 05 de julio de 2013 10:03

> Para: ceph-users@xxxxxxxx<mailto:ceph-users@xxxxxxxx>

> Asunto:  Getting started with RADOS Gateway

>

>

>

> Hi – I “think” I have configured the rados gateway correctly on a

> RHEL6 server using httpd-2.2.15-28.el6_4.x86_64, but an unable to

> connect and am having a hard time tracking down where the problem is.

> I am also unclear as to what to check for to validate my config. In

> particular if I try to connect from a host:

>

>

>

> # swift -V 1.0 -A http://10.40.99.165/auth -U gwuser1:swift -K

> "kVcKPg1QFu73emgrP7w6JrFs3tvZ4+gLISW+703K" post chtest

>

> Auth GET failed: http://10.40.99.165:80/auth/ 403 Forbidden

>

>

>

> The relevant configuration info is below. Any pointers would be very

> much appreciated (and really cheer up my Friday).

>

>

>

> # radosgw-admin user info --uid=gwuser1

>

> { "user_id": "gwuser1",

>

>   "display_name": "{Rados Gateway User1}",

>

>   "email": "",

>

>   "suspended": 0,

>

>   "max_buckets": 1000,

>

>   "auid": 0,

>

>   "subusers": [],

>

>   "keys": [

>

>         { "user": "gwuser1",

>

>           "access_key": "B5CL8KIB8LYH55FDPYPS",

>

>           "secret_key": "B5\/EEMuTaTkSU5sS1zol2OknBPch04ZZdh86GGTA"}],

>

>   "swift_keys": [

>

>         { "user": "gwuser1:swift",

>

>           "secret_key": "kVcKPg1QFu73emgrP7w6JrFs3tvZ4+gLISW+703K"}],

>

>   "caps": []}

>

>

>

> # tail -30 /etc/httpd/conf/httpd.conf

>

> # The first VirtualHost section is used for requests without a known

>

> # server name.

>

> #

>

> #FastCgiExternalServer /var/www/s3gw.fcgi -socket /tmp/radosgw.sock

>

>

>

> <VirtualHost *:80>

>

>     ServerAdmin chris.howarth@xxxxxxxx<mailto:chris.howarth@xxxxxxxx>

>

>     DocumentRoot /var/www

>

>     ServerName e8c3-dl360g7-09.nam.nsroot.net

>

> #    ErrorLog logs/dummy-host.example.com-error_log

>

> #    CustomLog logs/dummy-host.example.com-access_log common

>

>     RewriteEngine On

>

>     RewriteRule ^/([a-zA-Z0-9-_.]*)([/]?.*)

> /s3gw.fcgi?page=$1&params=$2&%{QUERY_STRING}

> [E=HTTP_AUTHORIZATION:%{HTTP:Authorization<HTTP://Authorization>},L]

>

>     <IfModule mod_fastcgi.c>

>

>             <Directory /var/www>

>

>                     Options +ExecCGI

>

>                     AllowOverride All

>

>                     SetHandler fastcgi-script

>

>                     Order allow,deny

>

>                     Allow from all

>

>                     AuthBasicAuthoritative Off

>

>             </Directory>

>

> FastCgiExternalServer /var/www/s3gw.fcgi -socket /tmp/radosgw.sock

>

>     </IfModule>

>

>     AllowEncodedSlashes On

>

>     ErrorLog /var/log/httpd/error.log

>

>     CustomLog /var/log/httpd/access.log combined

>

>     ServerSignature Off

>

>

>

> </VirtualHost>

>

>

>

> # cat /var/www/s3gw.fcgi

>

> #!/bin/sh

>

> exec /usr/bin/radosgw -c /etc/ceph/ceph.conf -n client.radosgw.gateway

>

> __________________________

>

> Chris Howarth

>

> OS Platforms Engineering

>

> Citi Architecture & Technology Engineering

>

> (e) chris.howarth@xxxxxxxx<mailto:chris.howarth@xxxxxxxx>

>

> (t) +44 (0) 20 7508 3848

>

> (f) +44 (0) 20 7508 0964

>

> (mail-drop) CGC-06-3A

>

>

>

>

> _______________________________________________

> ceph-users mailing list

> ceph-users@xxxxxxxxxxxxxx<mailto:ceph-users@xxxxxxxxxxxxxx>

> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

>

_______________________________________________

ceph-users mailing list

ceph-users@xxxxxxxxxxxxxx<mailto:ceph-users@xxxxxxxxxxxxxx>

http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com