-----Mensaje original-----
De: Yehuda Sadeh [mailto:yehuda@xxxxxxxxxxx]
Enviado el: miércoles, 10 de julio de 2013 16:50
Para: Alvaro Izquierdo Jimeno
CC: Bright; ceph-users
Asunto: Re: How to use Admin Ops API in Ceph Object Storage
On Wed, Jul 10, 2013 at 1:07 AM, Alvaro Izquierdo Jimeno <aizquierdo@xxxxxxxx> wrote:
>>Hi all,
>>
>> I have been able to create an user with --caps="usage=read, write" and
>> bring its usages with GET /admin/usage?format=json HTTP/1.1
>> Host: ceph-server
>> Authorization: AWS {access-key}:{hash-of-header-and-secret}
>>
>> After of this, I have created an user with --caps="user=read, write",
>> but I can't bring its user info with GET /admin/user?format=json
>> HTTP/1.1
>> Host: ceph-server
>> Authorization: AWS {access-key}:{hash-of-header-and-secret}
>>
>> 403 forbidden is responsed.
>Any other info in the rgw log?
This is the user info:
{ "user_id": "aij219",
"display_name": "aij219",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [],
"keys": [
{ "user": "aij219",
"access_key": "831Q3WV3H9V3EAJ9ZM77",
"secret_key": "tfVMA1CGe5ZHMrK+bZfz7v84pvOoTQbgUePnt1T6"}],
"swift_keys": [],
"caps": [
{ "type": "user",
"perm": "*"}]}
Attached you can find the log.
>>
>> And just another comment. When I try to modify an user, I can't
>> change the caps field. The command radosgw-admin user modify --uid="user" --caps="usage=read, write"
>> doesn't fail, but doesn't update the user.
>Right. There's the radosgw-admin caps add / rm command to do that for you.
Oops, i didn't know this option. Sorry...
>>
>> Many thanks and best regards,
>> Álvaro.
>>
>>
>>
>> -----Mensaje original-----
>> De: ceph-users-bounces@xxxxxxxxxxxxxx
>> [mailto:ceph-users-bounces@xxxxxxxxxxxxxxx] En nombre de Yehuda Sadeh
>> Enviado el: martes, 09 de julio de 2013 18:27
>> Para: Bright
>> CC: ceph-users
>> Asunto: Re: How to use Admin Ops API in Ceph Object
>> Storage
>>
>> On Mon, Jul 8, 2013 at 8:51 AM, Bright <hjiang@xxxxxxxxxxx> wrote:
>>> Hello Guys:
>>>
>>> I am working with ceph nowadys and i want to setup a system
>>> which
>>>
>>> includes a web page to create the ceph object storage user.
>>>
>>> So, i tried to use Admin Ops API to fulfill my needs. However,
>>> if i use
>>>
>>> GET /admin/usage?format=json HTTP/1.1
>>>
>>> Host: ceph-server
>>>
>>> it will return 403 access denied.
>>>
>>> Than, i tried to use
>>>
>>> GET /admin/usage?format=json HTTP/1.1
>>> Host: ceph-server
>>> Authorization: AWS {access-key}:{hash-of-header-and-secret}
>>>
>>> I used the key of client.user to represent access-key
>>
>> You need to create rgw user for that (radosgw-admin user create) and use it.. The user itself should have the 'usage' caps set ( --caps="usage=read, write").
>>
>>>
>>> and get the hash-of-header-and-secret accordingly.
>>>>
>>> However, it still returns 403 access denied.
>>>
>>> Can anyone explain the method to deal with Admin Ops API, thanks!
>>>
>>>
>>> ------------------
>>> Hui Jiang
>>> East China University of Science and Technology
>>> 130 MeiLong Rd. Shanghai, China 200237 Mobile +86 13774493120 E-mail
>>> hjiang@xxxxxxxxxxx
>>>
>>>
>>>
>>> _______________________________________________
>>> ceph-users mailing list
>>> ceph-users@xxxxxxxxxxxxxx
>>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>>>
>> _______________________________________________
>> ceph-users mailing list
>> ceph-users@xxxxxxxxxxxxxx
>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>> ____________
>> Verificada la ausencia de virus por G Data AntiVirus
>> Versión: AVA 22.10857 del 10.07.2013
>> Noticias de virus: www.antiviruslab.com
____________
Verificada la ausencia de virus por G Data AntiVirus
Versión: AVA 22.10883 del 11.07.2013
Noticias de virus: www.antiviruslab.com2013-07-11 08:07:28.239830 7f947a7e3700 1 ====== starting new request req=0x16cd360 =====
2013-07-11 08:07:28.239876 7f947a7e3700 2 req 1:0.000046::::initializing
2013-07-11 08:07:28.239886 7f947a7e3700 10 host=myradosgw rgw_dns_name=myradosgw
2013-07-11 08:07:28.239898 7f947a7e3700 10 meta>> HTTP_X_AMZ_ACL=public-read-write
2013-07-11 08:07:28.239911 7f947a7e3700 10 x>> x-amz-acl:public-read-write
2013-07-11 08:07:28.239938 7f947a7e3700 20 FCGI_ROLE=RESPONDER
2013-07-11 08:07:28.239939 7f947a7e3700 20 SCRIPT_URL=/admin/user
2013-07-11 08:07:28.239940 7f947a7e3700 20 SCRIPT_URI=http://myradosgw/admin/user
2013-07-11 08:07:28.239940 7f947a7e3700 20 HTTP_AUTHORIZATION=AWS 831Q3WV3H9V3EAJ9ZM77:jBr9CPqPo+UVpxViymfxfKzNruQ=
2013-07-11 08:07:28.239941 7f947a7e3700 20 HTTP_USER_AGENT=curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.6.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
2013-07-11 08:07:28.239942 7f947a7e3700 20 HTTP_ACCEPT=*/*
2013-07-11 08:07:28.239943 7f947a7e3700 20 HTTP_X_AMZ_ACL=public-read-write
2013-07-11 08:07:28.239944 7f947a7e3700 20 HTTP_HOST=myradosgw
2013-07-11 08:07:28.239945 7f947a7e3700 20 HTTP_DATE=Thu, 11 Jul 2013 06:07:18 GMT
2013-07-11 08:07:28.239946 7f947a7e3700 20 PATH=/sbin:/usr/sbin:/bin:/usr/bin
2013-07-11 08:07:28.239946 7f947a7e3700 20 SERVER_SIGNATURE=
2013-07-11 08:07:28.239947 7f947a7e3700 20 SERVER_SOFTWARE=Apache/2.2.15 (Red Hat)
2013-07-11 08:07:28.239948 7f947a7e3700 20 SERVER_NAME=myradosgw
2013-07-11 08:07:28.239949 7f947a7e3700 20 SERVER_ADDR=x.x.107.124
2013-07-11 08:07:28.239952 7f947a7e3700 20 SERVER_PORT=80
2013-07-11 08:07:28.239953 7f947a7e3700 20 REMOTE_ADDR=x.x.191.59
2013-07-11 08:07:28.239954 7f947a7e3700 20 DOCUMENT_ROOT=/var/www
2013-07-11 08:07:28.239954 7f947a7e3700 20 SERVER_ADMIN=root@localhost
2013-07-11 08:07:28.239955 7f947a7e3700 20 SCRIPT_FILENAME=/var/www/s3gw.fcgi
2013-07-11 08:07:28.239956 7f947a7e3700 20 REMOTE_PORT=33014
2013-07-11 08:07:28.239957 7f947a7e3700 20 GATEWAY_INTERFACE=CGI/1.1
2013-07-11 08:07:28.239958 7f947a7e3700 20 SERVER_PROTOCOL=HTTP/1.1
2013-07-11 08:07:28.239958 7f947a7e3700 20 REQUEST_METHOD=GET
2013-07-11 08:07:28.239959 7f947a7e3700 20 QUERY_STRING=page=admin¶ms=/user&format=json
2013-07-11 08:07:28.239960 7f947a7e3700 20 REQUEST_URI=/admin/user?format=json
2013-07-11 08:07:28.239961 7f947a7e3700 20 SCRIPT_NAME=/admin/user
2013-07-11 08:07:28.239963 7f947a7e3700 2 req 1:0.000133::GET /admin/user::getting op
2013-07-11 08:07:28.239969 7f947a7e3700 2 req 1:0.000139::GET /admin/user:get_user_info:authorizing
2013-07-11 08:07:28.240005 7f947a7e3700 20 get_obj_state: rctx=0x7f9448004fb0 obj=.users:831Q3WV3H9V3EAJ9ZM77 state=0x7f9448005068 s->prefetch_data=0
2013-07-11 08:07:28.240019 7f947a7e3700 10 cache get: name=.users+831Q3WV3H9V3EAJ9ZM77 : miss
2013-07-11 08:07:28.241373 7f947a7e3700 10 cache put: name=.users+831Q3WV3H9V3EAJ9ZM77
2013-07-11 08:07:28.241388 7f947a7e3700 10 adding .users+831Q3WV3H9V3EAJ9ZM77 to cache LRU end
2013-07-11 08:07:28.241395 7f947a7e3700 20 get_obj_state: s->obj_tag was set empty
2013-07-11 08:07:28.241402 7f947a7e3700 10 moving .users+831Q3WV3H9V3EAJ9ZM77 to cache LRU end
2013-07-11 08:07:28.241404 7f947a7e3700 10 cache get: name=.users+831Q3WV3H9V3EAJ9ZM77 : type miss (requested=1, cached=6)
2013-07-11 08:07:28.241411 7f947a7e3700 20 get_obj_state: rctx=0x7f9448004fb0 obj=.users:831Q3WV3H9V3EAJ9ZM77 state=0x7f9448005c98 s->prefetch_data=0
2013-07-11 08:07:28.241415 7f947a7e3700 10 moving .users+831Q3WV3H9V3EAJ9ZM77 to cache LRU end
2013-07-11 08:07:28.241417 7f947a7e3700 10 cache get: name=.users+831Q3WV3H9V3EAJ9ZM77 : hit
2013-07-11 08:07:28.241420 7f947a7e3700 20 get_obj_state: s->obj_tag was set empty
2013-07-11 08:07:28.241424 7f947a7e3700 20 get_obj_state: rctx=0x7f9448004fb0 obj=.users:831Q3WV3H9V3EAJ9ZM77 state=0x7f9448005c98 s->prefetch_data=0
2013-07-11 08:07:28.241426 7f947a7e3700 20 state for obj=.users:831Q3WV3H9V3EAJ9ZM77 is not atomic, not appending atomic test
2013-07-11 08:07:28.241429 7f947a7e3700 20 rados->read obj-ofs=0 read_ofs=0 read_len=524288
2013-07-11 08:07:28.242479 7f947a7e3700 20 rados->read r=0 bl.length=10
2013-07-11 08:07:28.242504 7f947a7e3700 10 cache put: name=.users+831Q3WV3H9V3EAJ9ZM77
2013-07-11 08:07:28.242508 7f947a7e3700 10 moving .users+831Q3WV3H9V3EAJ9ZM77 to cache LRU end
2013-07-11 08:07:28.242519 7f947a7e3700 20 get_obj_state: rctx=0x7f9448006fb0 obj=.users.uid:aij219 state=0x7f9448004e48 s->prefetch_data=0
2013-07-11 08:07:28.242524 7f947a7e3700 10 cache get: name=.users.uid+aij219 : miss
2013-07-11 08:07:28.243368 7f947a7e3700 10 cache put: name=.users.uid+aij219
2013-07-11 08:07:28.243375 7f947a7e3700 10 adding .users.uid+aij219 to cache LRU end
2013-07-11 08:07:28.243381 7f947a7e3700 20 get_obj_state: s->obj_tag was set empty
2013-07-11 08:07:28.243386 7f947a7e3700 10 moving .users.uid+aij219 to cache LRU end
2013-07-11 08:07:28.243387 7f947a7e3700 10 cache get: name=.users.uid+aij219 : type miss (requested=1, cached=6)
2013-07-11 08:07:28.243392 7f947a7e3700 20 get_obj_state: rctx=0x7f9448006fb0 obj=.users.uid:aij219 state=0x7f9448008328 s->prefetch_data=0
2013-07-11 08:07:28.243396 7f947a7e3700 10 moving .users.uid+aij219 to cache LRU end
2013-07-11 08:07:28.243398 7f947a7e3700 10 cache get: name=.users.uid+aij219 : hit
2013-07-11 08:07:28.243401 7f947a7e3700 20 get_obj_state: s->obj_tag was set empty
2013-07-11 08:07:28.243403 7f947a7e3700 20 get_obj_state: rctx=0x7f9448006fb0 obj=.users.uid:aij219 state=0x7f9448008328 s->prefetch_data=0
2013-07-11 08:07:28.243405 7f947a7e3700 20 state for obj=.users.uid:aij219 is not atomic, not appending atomic test
2013-07-11 08:07:28.243406 7f947a7e3700 20 rados->read obj-ofs=0 read_ofs=0 read_len=524288
2013-07-11 08:07:28.244055 7f947a7e3700 20 rados->read r=0 bl.length=265
2013-07-11 08:07:28.244074 7f947a7e3700 10 cache put: name=.users.uid+aij219
2013-07-11 08:07:28.244076 7f947a7e3700 10 moving .users.uid+aij219 to cache LRU end
2013-07-11 08:07:28.244138 7f947a7e3700 10 get_canon_resource(): dest=/admin/user
2013-07-11 08:07:28.244145 7f947a7e3700 10 auth_hdr:
GET
Thu, 11 Jul 2013 06:07:18 GMT
x-amz-acl:public-read-write
/admin/user
2013-07-11 08:07:28.244211 7f947a7e3700 15 b64=jBr9CPqPo+UVpxViymfxfKzNruQ=
2013-07-11 08:07:28.244216 7f947a7e3700 15 auth_sign=jBr9CPqPo+UVpxViymfxfKzNruQ=
2013-07-11 08:07:28.244218 7f947a7e3700 15 compare=0
2013-07-11 08:07:28.244221 7f947a7e3700 2 req 1:0.004391::GET /admin/user:get_user_info:reading permissions
2013-07-11 08:07:28.244224 7f947a7e3700 2 req 1:0.004394::GET /admin/user:get_user_info:reading the cors attr
2013-07-11 08:07:28.244230 7f947a7e3700 10 Going to read cors from attrs
2013-07-11 08:07:28.244231 7f947a7e3700 2 req 1:0.004401::GET /admin/user:get_user_info:verifying op permissions
2013-07-11 08:07:28.244310 7f947a7e3700 2 req 1:0.004480::GET /admin/user:get_user_info:http status=403
2013-07-11 08:07:28.244478 7f947a7e3700 1 ====== req done req=0x16cd360 http_status=403 ======
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
