Re: rgw s3API failed to authorize request

[Matt Thompson <wateringcan@xxxxxxxxx>]

The documentation page at http://ceph.com/docs/master/radosgw/config/ states:

Important Check the key output. Sometimes radosgw-admin generates a key with an escape (\) character, and some clients do not know how to handle escape characters. Remedies include removing the escape character (\), encapsulating the string in quotes, or simply regenerating the key and ensuring that it does not have an escape character.

Since your secret key does have a "\" in it, do you want to try regenerating to see if that helps?

-Matt

On Fri, Oct 11, 2013 at 9:20 AM, lixuehui <lixuehui@xxxxxxxxxxxxxxxxx> wrote:

Hi All:

I installed gateway on my cluster. but always get 403 response:

 for bucket in conn.get_all_buckets():

 File "/usr/local/lib/python2.7/dist-packages/boto/s3/connection.py", line 387, in get_all_buckets

    response.status, response.reason, body)

boto.exception.S3ResponseError: S3ResponseError: 403 Forbidden

<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code></Error>

 

In fact,the user I've  defined the permission :

 

{ "user_id": "johndoe",

  "display_name": "John Doe",

  "email": "",

  "suspended": 0,

  "max_buckets": 1000,

  "auid": 0,

  "subusers": [],

  "keys": [

        { "user": "johndoe",

          "access_key": "OEGPBGHD9DJRWVR3TYZC",

          "secret_key": "639gPny\/AZN2CTYAy1BV5V4kfqRP3\/1GOikHgUni"}],

  "swift_keys": [],

  "caps": [

        { "type": "usage",

          "perm": "*"},

        { "type": "user",

          "perm": "*"}],

  "op_mask": "read, write, delete",

  "default_placement": "",

  "placement_tags": []}

 

and in the client the code is :

#!/usr/bin/env python2

import boto

import boto.s3.connection 

access_key='OEGPBGHD9DJRWVR3TYZC'

secret_key='639gPny\/AZN2CTYAy1BV5V4kfqRP3\/1GOikHgUni'

conn=boto.connect_s3(

        aws_access_key_id=access_key,

        aws_secret_access_key=secret_key,

        host="cephclient21.com",

        is_secure = False ,

        calling_format=boto.s3.connection.OrdinaryCallingFormat(),

        )

 for bucket in conn.get_all_buckets():

        print "{name}\t{created}".format(

                name=bucket.name,

                created=bucket.creation_date,

        )

   The gateway info is :

2013-10-11 13:16:31.456348 7fcdf0073780 20 enqueued request req=0x154d760

2013-10-11 13:16:31.456436 7fcdf0073780 20 RGWWQ:

2013-10-11 13:16:31.456458 7fcdf0073780 20 req: 0x154d760

2013-10-11 13:16:31.456505 7fcdf0073780 10 allocated request req=0x154dfa0

2013-10-11 13:16:31.456561 7fcddcff9700 20 dequeued request req=0x154d760

2013-10-11 13:16:31.456633 7fcddcff9700 20 RGWWQ: empty

2013-10-11 13:16:31.456671 7fcddcff9700  1 ====== starting new request req=0x154d760 =====

2013-10-11 13:16:31.456965 7fcddcff9700  2 req 4:0.000296::PUT /my-new-bucket/::initializing

2013-10-11 13:16:31.457168 7fcddcff9700 10 s->object=<NULL> s->bucket=my-new-bucket

2013-10-11 13:16:31.457205 7fcddcff9700 20 FCGI_ROLE=RESPONDER

2013-10-11 13:16:31.457217 7fcddcff9700 20 SCRIPT_URL=/my-new-bucket/

2013-10-11 13:16:31.457226 7fcddcff9700 20 SCRIPT_URI=http://ceph-client21/my-new-bucket/

2013-10-11 13:16:31.457235 7fcddcff9700 20 HTTP_AUTHORIZATION=AWS OEGPBGHD9DJRWVR3TYZC:QjpQBiyGqQ+X3Hp6E0MTUeQSkXw=

2013-10-11 13:16:31.457246 7fcddcff9700 20 HTTP_HOST=ceph-client21

2013-10-11 13:16:31.457257 7fcddcff9700 20 HTTP_ACCEPT_ENCODING=identity

2013-10-11 13:16:31.457266 7fcddcff9700 20 HTTP_DATE=Fri, 11 Oct 2013 05:15:35 GMT

2013-10-11 13:16:31.457275 7fcddcff9700 20 CONTENT_LENGTH=0

2013-10-11 13:16:31.457285 7fcddcff9700 20 HTTP_USER_AGENT=Boto/2.13.3 Python/2.7.3 Linux/3.5.0-23-generic

2013-10-11 13:16:31.457294 7fcddcff9700 20 PATH=/usr/local/bin:/usr/bin:/bin

2013-10-11 13:16:31.457303 7fcddcff9700 20 SERVER_SIGNATURE=

2013-10-11 13:16:31.457312 7fcddcff9700 20 SERVER_SOFTWARE=Apache/2.2.22 (Ubuntu)

2013-10-11 13:16:31.457321 7fcddcff9700 20 SERVER_NAME=ceph-client21

2013-10-11 13:16:31.457330 7fcddcff9700 20 SERVER_ADDR=192.168.50.115

2013-10-11 13:16:31.457339 7fcddcff9700 20 SERVER_PORT=80

2013-10-11 13:16:31.457348 7fcddcff9700 20 REMOTE_ADDR=192.168.50.105

2013-10-11 13:16:31.457357 7fcddcff9700 20 DOCUMENT_ROOT=/var/www

2013-10-11 13:16:31.457366 7fcddcff9700 20 SERVER_ADMIN=[no address given]

2013-10-11 13:16:31.457376 7fcddcff9700 20 SCRIPT_FILENAME=/var/www/s3gw.fcgi

2013-10-11 13:16:31.457389 7fcddcff9700 20 REMOTE_PORT=38823

2013-10-11 13:16:31.457404 7fcddcff9700 20 GATEWAY_INTERFACE=CGI/1.1

2013-10-11 13:16:31.457420 7fcddcff9700 20 SERVER_PROTOCOL=HTTP/1.1

2013-10-11 13:16:31.457430 7fcddcff9700 20 REQUEST_METHOD=PUT

2013-10-11 13:16:31.457439 7fcddcff9700 20 QUERY_STRING=page=my-new-bucket&params=/

2013-10-11 13:16:31.457448 7fcddcff9700 20 REQUEST_URI=/my-new-bucket/

2013-10-11 13:16:31.457457 7fcddcff9700 20 SCRIPT_NAME=/my-new-bucket/

2013-10-11 13:16:31.457469 7fcddcff9700  2 req 4:0.000799:s3:PUT /my-new-bucket/::getting op

2013-10-11 13:16:31.457504 7fcddcff9700  2 req 4:0.000835:s3:PUT /my-new-bucket/:create_bucket:authorizing

2013-10-11 13:16:31.457594 7fcddcff9700 20 get_obj_state: rctx=0x7fcd80009c50 obj=.users:OEGPBGHD9DJRWVR3TYZC state=0x7fcd80009d18 s->prefetch_data=0

2013-10-11 13:16:31.457651 7fcddcff9700 10 moving .users+OEGPBGHD9DJRWVR3TYZC to cache LRU end

2013-10-11 13:16:31.457671 7fcddcff9700 10 cache get: name=.users+OEGPBGHD9DJRWVR3TYZC : type miss (requested=6, cached=3)

2013-10-11 13:16:31.464221 7fcddcff9700 10 cache put: name=.users+OEGPBGHD9DJRWVR3TYZC

2013-10-11 13:16:31.464242 7fcddcff9700 10 moving .users+OEGPBGHD9DJRWVR3TYZC to cache LRU end

2013-10-11 13:16:31.464276 7fcddcff9700 20 get_obj_state: s->obj_tag was set empty

2013-10-11 13:16:31.464303 7fcddcff9700 10 moving .users+OEGPBGHD9DJRWVR3TYZC to cache LRU end

2013-10-11 13:16:31.464310 7fcddcff9700 10 cache get: name=.users+OEGPBGHD9DJRWVR3TYZC : hit

2013-10-11 13:16:31.464373 7fcddcff9700 20 get_obj_state: rctx=0x7fcd80009e40 obj=.users.uid:johndoe state=0x7fcd80001858 s->prefetch_data=0

2013-10-11 13:16:31.464396 7fcddcff9700 10 moving .users.uid+johndoe to cache LRU end

2013-10-11 13:16:31.464402 7fcddcff9700 10 cache get: name=.users.uid+johndoe : type miss (requested=6, cached=3)

2013-10-11 13:16:31.467418 7fcddcff9700 10 cache put: name=.users.uid+johndoe

2013-10-11 13:16:31.467438 7fcddcff9700 10 moving .users.uid+johndoe to cache LRU end

2013-10-11 13:16:31.467461 7fcddcff9700 20 get_obj_state: s->obj_tag was set empty

2013-10-11 13:16:31.467492 7fcddcff9700 10 moving .users.uid+johndoe to cache LRU end

2013-10-11 13:16:31.467501 7fcddcff9700 10 cache get: name=.users.uid+johndoe : hit

2013-10-11 13:16:31.467607 7fcddcff9700 10 get_canon_resource(): dest=

2013-10-11 13:16:31.467615 7fcddcff9700 10 auth_hdr:

PUT

 

 

Fri, 11 Oct 2013 05:15:35 GMT

/my-new-bucket/

2013-10-11 13:16:31.467665 7fcddcff9700 15 calculated digest=g0tUCPLXbvAdrRDa1etmPSlUEBQ=

2013-10-11 13:16:31.467671 7fcddcff9700 15 auth_sign=QjpQBiyGqQ+X3Hp6E0MTUeQSkXw=

2013-10-11 13:16:31.467676 7fcddcff9700 15 compare=-1

2013-10-11 13:16:31.467683 7fcddcff9700 10 failed to authorize request

2013-10-11 13:16:31.467748 7fcddcff9700  2 req 4:0.011079:s3:PUT /my-new-bucket/:create_bucket:http status=403

2013-10-11 13:16:31.467990 7fcddcff9700  1 ====== req done req=0x154d760 http_status=403 ======

2013-10-11 13:16:44.221024 7fcddeffd700  2 RGWDataChangesLog::ChangesRenewThread: start

2013-10-11 13:17:06.221232 7fcddeffd700  2 RGWDataChangesLog::ChangesRenewThread: start

2013-10-11 13:17:28.221434 7fcddeffd700  2 RGWDataChangesLog::ChangesRenewThread: start

2013-10-11 13:17:50.221628 7fcddeffd700  2 RGWDataChangesLog::ChangesRenewThread: start

 

I  can  really not find the mistake ,thanks for any help!     

---

lixuehui

_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com