Re: Getting started with RADOS Gateway

["Howarth, Chris " <chris.howarth@xxxxxxxx>]

Shain – you are correct there is no entry in ‘ceph auth list’. How do I register the key ? I have the contents needed:

 

# ls /etc/ceph

ceph.bootstrap-mds.keyring  ceph.conf              keyring.radosgw.gateway

ceph.bootstrap-osd.keyring  ceph.log

ceph.client.admin.keyring   client.fedora.keyring

 

# cat keyring.radosgw.gateway

[client.radosgw.gateway]

        key = AQCdGNtRKPNCCxAAZYC77yih4AYknchyFUlL2g==

        caps mds = "allow"

        caps mon = "allow r"

        caps osd = "allow rwx"

 

How do I register this key in the cluster ? I thought it might be this command which is listed in the docs (but it errors understandably as /etc/ceph/ceph.keyring does not exist ):

 

# ceph -k /etc/ceph/ceph.keyring auth add client.radosgw.gateway -i /etc/ceph/keyring.radosgw.gateway

2013-07-08 16:15:30.688550 7f5ee8101760 -1 read 139 bytes from /etc/ceph/keyring.radosgw.gateway

2013-07-08 16:15:30.688845 7f5ee8101760 -1 monclient(hunting): ERROR: missing keyring, cannot use cephx for authentication

2013-07-08 16:15:30.688865 7f5ee8101760 -1 ceph_tool_common_init failed.

 

Sorry for the daft questions. Cephx is confounding me a bit. Thanks for your help.

 

Chris

 

 

From: Shain Miley [mailto:smiley@xxxxxxx]
Sent: 08 July 2013 17:25
To: Howarth, Chris [CCC-OT_IT]
Cc: Gregory Farnum; ceph-users@xxxxxxxx
Subject: Re: Getting started with RADOS Gateway

 

What is the output of 'ceph auth list'?

There should be an entry similar to this one:

client.radosgw.gateway
    key: AQB6H9NR6IcMJBAAZOuGdrKPjLXfkEXmNoOirw==
    caps: [mds] allow
    caps: [mon] allow rw
    caps: [osd] allow rwx

If it does not exist you will need to create it.

Shain


On 07/08/2013 12:08 PM, Howarth, Chris wrote:

There is nothing in the radosgw logs. This led me to believe it is not running. Should there be a daemon constantly running ? I assume so, but I can't see one. The radosgw start script runs without error:

 

# bash -xv /etc/rc.d/init.d/ceph-radosgw start

...

...

+ runuser -s /bin/bash apache -c 'ulimit -S -c 0 >/dev/null 2>&1 ; /usr/bin/radosgw -n client.radosgw.gateway'

+ '[' 0 -eq 0 ']'

+ success 'radosgw -n client.radosgw.gateway startup'

+ '[' color '!=' verbose -a -z '' ']'

+ echo_success

+ '[' color = color ']'

+ echo -en '\033[60G'

+ echo -n '['

[+ '[' color = color ']'

+ echo -en '\033[0;32m'

+ echo -n '  OK  '

  OK  + '[' color = color ']'

+ echo -en '\033[0;39m'

+ echo -n ']'

]+ echo -ne '\r'

+ return 0

+ return 0

+ echo 'Starting client.radosgw.gateway...'

Starting client.radosgw.gateway...

 

However there is no daemon running. I have tried just running what seems to be the relevant part:

 

runuser -s /bin/bash apache -c 'ulimit -S -c 0 >/dev/null 2>&1 ; /usr/bin/radosgw -n client.radosgw.gateway'

 

still no output or anything in the logs. Any suggestions at all ?

 

many thanks

 

Chris

 

-----Original Message-----
From: Gregory Farnum [mailto:greg@xxxxxxxxxxx]
Sent: 05 July 2013 18:46
To: Howarth, Chris [CCC-OT_IT]
Cc: Alvaro Izquierdo Jimeno; ceph-users@xxxxxxxx
Subject: Re: [ceph-users] Getting started with RADOS Gateway

 

I don't have much experience with the swift interface, but based on the 403 you're getting it looks like everything is running. Have you checked the apache logs and the radosgw log (/var/log/ceph/client.radosgw.0.log or something) for clues?

-Greg

Software Engineer #42 @ http://inktank.com | http://ceph.com

 

On Fri, Jul 5, 2013 at 4:00 AM, Howarth, Chris <chris.howarth@xxxxxxxx> wrote:

> Many thanks Alvaro. I have modified and still have the same issue (see

> below). Could really do with a list of checks to be able to find out

> which components of the radosgw are running correctly and which are not.

> 

> 

> 

> # radosgw-admin subuser create --uid=gwuser1 --subuser=gwuser1:swift

> --access=full

> 

> { "user_id": "gwuser1",

> 

>   "display_name": "{Rados Gateway User1}",

> 

>   "email": "",

> 

>   "suspended": 0,

> 

>   "max_buckets": 1000,

> 

>   "auid": 0,

> 

>   "subusers": [

> 

>         { "id": "gwuser1:swift",

> 

>           "permissions": "full-control"}],

> 

>   "keys": [

> 

>         { "user": "gwuser1",

> 

>           "access_key": "B5CL8KIB8LYH55FDPYPS",

> 

>           "secret_key": "B5\/EEMuTaTkSU5sS1zol2OknBPch04ZZdh86GGTA"}],

> 

>   "swift_keys": [

> 

>         { "user": "gwuser1:swift",

> 

>           "secret_key": "kVcKPg1QFu73emgrP7w6JrFs3tvZ4+gLISW+703K"}],

> 

>   "caps": []}

> 

> 

> 

> # swift -V 1.0 -A http://10.40.99.165/auth -U gwuser1:swift -K

> "kVcKPg1QFu73emgrP7w6JrFs3tvZ4+gLISW+703K" post chtest

> 

> Auth GET failed: http://10.40.99.165:80/auth/ 403 Forbidden

> 

> 

> 

> 

> 

> 

> 

> From: Alvaro Izquierdo Jimeno [mailto:aizquierdo@xxxxxxxx]

> Sent: 05 July 2013 10:43

> To: Howarth, Chris [CCC-OT_IT]; ceph-users@xxxxxxxx

> Subject: RE: Getting started with RADOS Gateway

> 

> 

> 

> Hi,

> 

> 

> 

> Maybe you forgot some step when creating the subuser, because you have

> empty the subusers field, and you need an id and permisssions….

> 

> Something like that:

> 

>   "subusers": [

> 

>         { "id": " gwuser1:swift",

> 

>           "permissions": "full-control"}],

> 

> 

> 

> I think you need to do this step

> 

> sudo radosgw-admin subuser create --uid=johndoe

> --subuser=johndoe:swift --access=full

> 

> 

> 

> 

> 

> 

> 

> De: ceph-users-bounces@xxxxxxxxxxxxxx

> [mailto:ceph-users-bounces@xxxxxxxxxxxxxx] En nombre de Howarth, Chris

> Enviado el: viernes, 05 de julio de 2013 10:03

> Para: ceph-users@xxxxxxxx

> Asunto: Getting started with RADOS Gateway

> 

> 

> 

> Hi – I “think” I have configured the rados gateway correctly on a

> RHEL6 server using httpd-2.2.15-28.el6_4.x86_64, but an unable to

> connect and am having a hard time tracking down where the problem is.

> I am also unclear as to what to check for to validate my config. In

> particular if I try to connect from a host:

> 

> 

> 

> # swift -V 1.0 -A http://10.40.99.165/auth -U gwuser1:swift -K

> "kVcKPg1QFu73emgrP7w6JrFs3tvZ4+gLISW+703K" post chtest

> 

> Auth GET failed: http://10.40.99.165:80/auth/ 403 Forbidden

> 

> 

> 

> The relevant configuration info is below. Any pointers would be very

> much appreciated (and really cheer up my Friday).

> 

> 

> 

> # radosgw-admin user info --uid=gwuser1

> 

> { "user_id": "gwuser1",

> 

>   "display_name": "{Rados Gateway User1}",

> 

>   "email": "",

> 

>   "suspended": 0,

> 

>   "max_buckets": 1000,

> 

>   "auid": 0,

> 

>   "subusers": [],

> 

>   "keys": [

> 

>         { "user": "gwuser1",

> 

>           "access_key": "B5CL8KIB8LYH55FDPYPS",

> 

>           "secret_key": "B5\/EEMuTaTkSU5sS1zol2OknBPch04ZZdh86GGTA"}],

> 

>   "swift_keys": [

> 

>         { "user": "gwuser1:swift",

> 

>           "secret_key": "kVcKPg1QFu73emgrP7w6JrFs3tvZ4+gLISW+703K"}],

> 

>   "caps": []}

> 

> 

> 

> # tail -30 /etc/httpd/conf/httpd.conf

> 

> # The first VirtualHost section is used for requests without a known

> 

> # server name.

> 

> #

> 

> #FastCgiExternalServer /var/www/s3gw.fcgi -socket /tmp/radosgw.sock

> 

> 

> 

> <VirtualHost *:80>

> 

>     ServerAdmin chris.howarth@xxxxxxxx

> 

>     DocumentRoot /var/www

> 

>     ServerName e8c3-dl360g7-09.nam.nsroot.net

> 

> #    ErrorLog logs/dummy-host.example.com-error_log

> 

> #    CustomLog logs/dummy-host.example.com-access_log common

> 

>     RewriteEngine On

> 

>     RewriteRule ^/([a-zA-Z0-9-_.]*)([/]?.*)

> /s3gw.fcgi?page=$1&params=$2&%{QUERY_STRING}

> [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

> 

>     <IfModule mod_fastcgi.c>

> 

>             <Directory /var/www>

> 

>                     Options +ExecCGI

> 

>                     AllowOverride All

> 

>                     SetHandler fastcgi-script

> 

>                     Order allow,deny

> 

>                     Allow from all

> 

>                     AuthBasicAuthoritative Off

> 

>             </Directory>

> 

> FastCgiExternalServer /var/www/s3gw.fcgi -socket /tmp/radosgw.sock

> 

>     </IfModule>

> 

>     AllowEncodedSlashes On

> 

>     ErrorLog /var/log/httpd/error.log

> 

>     CustomLog /var/log/httpd/access.log combined

> 

>     ServerSignature Off

> 

> 

> 

> </VirtualHost>

> 

> 

> 

> # cat /var/www/s3gw.fcgi

> 

> #!/bin/sh

> 

> exec /usr/bin/radosgw -c /etc/ceph/ceph.conf -n client.radosgw.gateway

> 

> __________________________

> 

> Chris Howarth

> 

> OS Platforms Engineering

> 

> Citi Architecture & Technology Engineering

> 

> (e) chris.howarth@xxxxxxxx

> 

> (t) +44 (0) 20 7508 3848

> 

> (f) +44 (0) 20 7508 0964

> 

> (mail-drop) CGC-06-3A

> 

> 

> 

> 

> _______________________________________________

> ceph-users mailing list

> ceph-users@xxxxxxxxxxxxxx

> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

> 

_______________________________________________

ceph-users mailing list

ceph-users@xxxxxxxxxxxxxx

http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

 

_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com