Re: Ceph, Keystone and S3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi All,

Does anyone know if it'll be possible to use the radosgw admin API when using keystone users?  I suspect not due to the user requiring specific caps, however it'd be great if someone can validate (I'm still running v0.67.4 so can't play with this much).

Thanks!

-Matt


On Tue, Oct 15, 2013 at 6:34 PM, Carlos Gimeno Yañez <cgimeno@xxxxxxx> wrote:
Thank you very much Yehuda, that was the missing piece of my puzzle!

I think that this should be added to the official documentation.

Regards


2013/10/15 Yehuda Sadeh <yehuda@xxxxxxxxxxx>
On Tue, Oct 15, 2013 at 7:17 AM, Carlos Gimeno Yañez <cgimeno@xxxxxxx> wrote:
> Hi
>
> I've deployed Ceph using Ceph-deploy and following the official
> documentation. I've created a user to use with Swift and everything is
> working fine, my users can create buckets and upload files if they use
> Horizon Dashboard or Swift CLI.
>
> However, everything changes if they try to do it with S3 API. When they
> download their credentials from Horizon dashboard to get their keys, they
> can't connect to ceph using S3 API. They only get a "403 Access Denied"
> error message. I'm using Ceph 0.70 so, if i'm not wrong, ceph should be able
> to validate S3 tokens against keystone since 0.69 version.
>
> Here is my ceph.conf:
>
> [client.radosgw.gateway]
> host = server2
> keyring = /etc/ceph/keyring.radosgw.gateway
> rgw socket path = /var/run/ceph/radosgw.sock
> log file = /var/log/ceph/radosgw.log
> rgw keystone url = ""> > rgw keystone admin token = admintoken
> rgw keystone accepted roles = admin _member_ Member
> rgw print continue = false
> rgw keystone token cache size = 500
> rgw keystone revocation interval = 500
> nss db path = /var/ceph/nss
>
> #Add DNS hostname to enable S3 subdomain calls
> rgw dns name = server2
>
>
> And this is the error message (with s3-curl):
>
>
>> GET / HTTP/1.1
>> User-Agent: curl/7.29.0
>> Host: host_ip
>> Accept: */*
>> Date: Tue, 15 Oct 2013 14:07:24 +0000
>> Authorization: AWS
>> 3a1ecdea87d6493a9922c13a06d392cf:SNu/sjTuDtvunOQKJaU8Besm1RQ=
>>
> < HTTP/1.1 403 Forbidden
> < Date: Tue, 15 Oct 2013 14:07:24 GMT
> < Server: Apache/2.2.22 (Ubuntu)
> < Accept-Ranges: bytes
> < Content-Length: 78
> < Content-Type: application/xml
> <
> { [data not shown]
> <?xml version="1.0" encoding="UTF-8"?>
> <Error>
>     <Code>AccessDenied</Code>
> </Error>
>
> Regards


Try adding:

rgw s3 auth use keystone = true

to your ceph.conf


Yehuda


_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com


_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux