Re: ceph access using curl

"Snider, Tim" <Tim.Snider@xxxxxxxxxx> · Mon, 7 Oct 2013 13:27:14 +0000

The –debug command worked as described. Can anyone give me a synposis of how the authentication token is generated?
       Token generated:	AUTH_rgwtk0b0000007261646f733a7377696674046eff2c9ac6a5041b00545248a7893b900677683adaaca1095128b6edf8fc378d7d49d8"

The first part looks like a header: 'AUTH_rgwtk', (rados gateway token)??  length == 11  and a prefix == rados:swift
		AUTH_rgwtk0b00000072 61 64 6f 73 3a 73 77 69 66 74
		Length = 0xb      r  a  d  o  s  :  s  w  i  f  t

What is the token body -- How is the token body encoded? It's not a straight match of any keys shown by the radowgw-admin command?
046eff2c 9ac6a504 1b00545 248a7893 b9006776 83adaaca 1095128 b6edf8fc 378d7d49 d8

root@controller21:~/ssbench-0.2.16# radosgw-admin user info --uid=rados
2013-10-07 05:55:34.804639 7ff1c3f6c780  0 WARNING: cannot read region map
{ "user_id": "rados",
  "display_name": "rados",
  "email": "non@xxxxxxxx",
  "suspended": 0,
  "max_buckets": 1000,
  "auid": 0,
  "subusers": [
        { "id": "rados:swift",
          "permissions": "full-control"},
        { "id": "rados:swift1",
          "permissions": "full-control"}],
  "keys": [
        { "user": "rados",
          "access_key": "R5F0D2UCSK3618DJ829A",
          "secret_key": "PJR1rvV2+Xrzlwo+AZZKXextsDl45EaLljzopgjD"}],
  "swift_keys": [
        { "user": "rados:swift",
          "secret_key": "77iJvemrxWvYk47HW7pxsL+eHdA53AtLl2T0OyuG"},
        { "user": "rados:swift1",
          "secret_key": "l9Xlg66JvbNvMmZAj91AeQByEiP8R8sBahCJeqAG"}],
  "caps": [],
  "op_mask": "read, write, delete",
  "default_placement": "",
  "placement_tags": []}

swift --debug -V 1.0 -A http://ictp-R2C4-Controller21.ict.englab.netapp.com/auth -U rados:swift -K "77iJvemrxWvYk47HW7pxsL+eHdA53AtLl2T0OyuG"  list

DEBUG:swiftclient:REQ: curl -i http://ictp-R2C4-Controller21.ict.englab.netapp.com/auth -X GET
DEBUG:swiftclient:RESP STATUS: 204
DEBUG:swiftclient:REQ: curl -i http://ictp-R2C4-Controller21.ict.englab.netapp.com/swift/v1?format=json -X GET -H "X-Auth-Token: AUTH_rgwtk0b0000007261646f733a7377696674046eff2c9ac6a5041b00545248a7893b900677683adaaca1095128b6edf8fc378d7d49d8"

DEBUG:swiftclient:RESP STATUS: 200

DEBUG:swiftclient:RESP BODY: [{"name":"ssbench_000000","count":832,"bytes":85196800},...{"name":"xxx","count":1,"bytes":604}]
DEBUG:swiftclient:REQ: curl -i http://ictp-R2C4-Controller21.ict.englab.netapp.com/swift/v1?format=json&marker=xxx -X GET -H "X-Auth-Token: AUTH_rgwtk0b0000007261646f733a7377696674046eff2c9ac6a5041b00545248a7893b900677683adaaca1095128b6edf8fc378d7d49d8"
DEBUG:swiftclient:RESP STATUS: 200
DEBUG:swiftclient:RESP BODY: []

AUTH_rgwtk0b0000007261646f733a7377696674
                  r a d o s : s w i f t
046eff2c 9ac6a504 1b00545 248a7893 b9006776 83adaaca 1095128 b6edf8fc 378d7d49 d8

From: Darren Birkett [mailto:darren.birkett@xxxxxxxxx] 
Sent: Saturday, October 05, 2013 1:00 AM
To: Snider, Tim; ceph-users@xxxxxxxxxxxxxx
Subject: Re:  ceph access using curl

Try using passing '--debug' to the swift command. It should output the equivalent curl command for you to use.

- Darren
"Snider, Tim" <Tim.Snider@xxxxxxxxxx> wrote:
I'm having pilot error with getting the path correct using curl.
Bucket listing using "radosgw-admin bucket list" works as does the swift API.
Can someone point out my (obvious) error?

Bucket list works:
root@controller21:/home/ceph/my-cluster#  radosgw-admin bucket list          
2013-10-04 11:28:13.144065 7fe5f26fe780  0 WARNING: cannot read region map
[
    "xxx"]

Swift API to Ceph works
        swift -V 1.0 -A http://ictp-R2C4-Controller21.ict.englab.netapp.com/auth -U rados:swift -K "xxx"  stat
           Account: v1
        Containers: 1
           Objects: 1
             Bytes: 604
              Vary: Accept-Encoding
            Server: Apache/2.2.22 (Ubuntu)
        X-Account-Bytes-Used-Actual: 4096
        Content-Type: text/plain; charset=utf-8
        root@controller21:/home/ceph/my-cluster# swift -V 1.0 -A http://ictp-R2C4-Controller21.ict.englab.netapp.com/auth -U rados:swift -K "77iJvemrxWvYk47HW7pxsL+eHdA53AtLl2T0OyuG"  list
        xxx

However I can’t get the correct http path. Variations of auth/v1.0, auth/v1 … don’t work either:
        root@controller21:/home/ceph/my-cluster# curl -v -H 'X-Storage-User: rados:swift' -H 'X-Storage-Pass: xxx'  http://ictp-R2C4-Controller21.ict.englab.netapp.com/auth
        * About to connect() to ictp-R2C4-Controller21.ict.englab.netapp.com port 80 (#0)
        *   Trying 10.113.193.189... connected
        > GET /auth HTTP/1.1
        > User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
        > Host: ictp-R2C4-Controller21.ict.englab.netapp.com
        > Accept: */*
        > X-Storage-User: rados:swift
        > X-Storage-Pass: 77iJvemrxWvYk47HW7pxsL+eHdA53AtLl2T0OyuG
        >
        < HTTP/1.1 403 Forbidden
        < Date: Fri, 04 Oct 2013 18:30:01 GMT
        < Server: Apache/2.2.22 (Ubuntu)
        < Accept-Ranges: bytes
        < Content-Length: 23
        < Content-Type: application/json
        <
        * Connection #0 to host ictp-R2C4-Controller21.ict.englab.netapp.com left intact
        * Closing connection #0
        {"Code":"AccessDenied"}root@controller21:/home/ceph/my-cluster#

Thanks,
Tim
________________________________________

ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com