On Tue, Oct 15, 2013 at 7:17 AM, Carlos Gimeno Yañez <cgimeno@xxxxxxx> wrote:
> Hi
>
> I've deployed Ceph using Ceph-deploy and following the official
> documentation. I've created a user to use with Swift and everything is
> working fine, my users can create buckets and upload files if they use
> Horizon Dashboard or Swift CLI.
>
> However, everything changes if they try to do it with S3 API. When they
> download their credentials from Horizon dashboard to get their keys, they
> can't connect to ceph using S3 API. They only get a "403 Access Denied"
> error message. I'm using Ceph 0.70 so, if i'm not wrong, ceph should be able
> to validate S3 tokens against keystone since 0.69 version.
>
> Here is my ceph.conf:
>
> [client.radosgw.gateway]
> host = server2
> keyring = /etc/ceph/keyring.radosgw.gateway
> rgw socket path = /var/run/ceph/radosgw.sock
> log file = /var/log/ceph/radosgw.log
> rgw keystone url = server4:35357
> rgw keystone admin token = admintoken
> rgw keystone accepted roles = admin _member_ Member
> rgw print continue = false
> rgw keystone token cache size = 500
> rgw keystone revocation interval = 500
> nss db path = /var/ceph/nss
>
> #Add DNS hostname to enable S3 subdomain calls
> rgw dns name = server2
>
>
> And this is the error message (with s3-curl):
>
>
>> GET / HTTP/1.1
>> User-Agent: curl/7.29.0
>> Host: host_ip
>> Accept: */*
>> Date: Tue, 15 Oct 2013 14:07:24 +0000
>> Authorization: AWS
>> 3a1ecdea87d6493a9922c13a06d392cf:SNu/sjTuDtvunOQKJaU8Besm1RQ=
>>
> < HTTP/1.1 403 Forbidden
> < Date: Tue, 15 Oct 2013 14:07:24 GMT
> < Server: Apache/2.2.22 (Ubuntu)
> < Accept-Ranges: bytes
> < Content-Length: 78
> < Content-Type: application/xml
> <
> { [data not shown]
> <?xml version="1.0" encoding="UTF-8"?>
> <Error>
> <Code>AccessDenied</Code>
> </Error>
>
> Regards
Try adding:
rgw s3 auth use keystone = true
to your ceph.conf
Yehuda
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
