RADOS Gateway - creating users using S3 API

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have installed apache + fastcgi as per the documentation (note: not the ceph customized versions). I have created a user using radosgw-admin named radosgwadmin (please see attached file radogwadmin-user.txt)

Now using S3 API, I am able to make a new request that gets authenticated, however not authorized (please see request-log.txt). I think the reason is stated in "2013-10-22 23:54:25.038374 7f02a9ffb700 20 required_mask= 0 user.op_mask=7"

Please let me know what permissions (i.e. caps) I need to assign to the user; or am I going around this incorrectly?
:\n2013-10-22 23:54:25.038036 7f02a9ffb700  1 ====== starting new request req=0x117b350 =====
2013-10-22 23:54:25.038090 7f02a9ffb700  2 req 10:0.000055::PUT /admin/user::initializing
2013-10-22 23:54:25.038130 7f02a9ffb700 20 FCGI_ROLE=RESPONDER
2013-10-22 23:54:25.038131 7f02a9ffb700 20 SCRIPT_URL=/admin/user
2013-10-22 23:54:25.038131 7f02a9ffb700 20 SCRIPT_URI=http://ceph-node1/admin/user
2013-10-22 23:54:25.038132 7f02a9ffb700 20 HTTP_AUTHORIZATION=AWS DVZ1DHGEKRM3UOJMV37I:gzt/ltRTGQu2c94ZeOlq5IAoi6A=
2013-10-22 23:54:25.038132 7f02a9ffb700 20 HTTP_DATE=Wed, 23 Oct 2013 03:54:40 GMT
2013-10-22 23:54:25.038133 7f02a9ffb700 20 HTTP_HOST=ceph-node1
2013-10-22 23:54:25.038133 7f02a9ffb700 20 CONTENT_LENGTH=22
2013-10-22 23:54:25.038133 7f02a9ffb700 20 CONTENT_TYPE=application/x-www-form-urlencoded
2013-10-22 23:54:25.038134 7f02a9ffb700 20 HTTP_CONNECTION=keep-alive
2013-10-22 23:54:25.038134 7f02a9ffb700 20 PATH=/usr/local/bin:/usr/bin:/bin
2013-10-22 23:54:25.038134 7f02a9ffb700 20 SERVER_SIGNATURE=
2013-10-22 23:54:25.038135 7f02a9ffb700 20 SERVER_SOFTWARE=Apache/2.2.22 (Ubuntu)
2013-10-22 23:54:25.038135 7f02a9ffb700 20 SERVER_NAME=ceph-node1
2013-10-22 23:54:25.038136 7f02a9ffb700 20 SERVER_ADDR=192.168.137.166
2013-10-22 23:54:25.038136 7f02a9ffb700 20 SERVER_PORT=80
2013-10-22 23:54:25.038136 7f02a9ffb700 20 REMOTE_ADDR=192.168.137.1
2013-10-22 23:54:25.038137 7f02a9ffb700 20 DOCUMENT_ROOT=/var/www
2013-10-22 23:54:25.038139 7f02a9ffb700 20 SERVER_ADMIN=[no address given]
2013-10-22 23:54:25.038139 7f02a9ffb700 20 SCRIPT_FILENAME=/var/www/s3gw.fcgi
2013-10-22 23:54:25.038140 7f02a9ffb700 20 REMOTE_PORT=55298
2013-10-22 23:54:25.038140 7f02a9ffb700 20 GATEWAY_INTERFACE=CGI/1.1
2013-10-22 23:54:25.038141 7f02a9ffb700 20 SERVER_PROTOCOL=HTTP/1.1
2013-10-22 23:54:25.038141 7f02a9ffb700 20 REQUEST_METHOD=PUT
2013-10-22 23:54:25.038141 7f02a9ffb700 20 QUERY_STRING=page=admin&params=/user
2013-10-22 23:54:25.038142 7f02a9ffb700 20 REQUEST_URI=/admin/user
2013-10-22 23:54:25.038142 7f02a9ffb700 20 SCRIPT_NAME=/admin/user
2013-10-22 23:54:25.038143 7f02a9ffb700  2 req 10:0.000107::PUT /admin/user::getting op
2013-10-22 23:54:25.038145 7f02a9ffb700  2 req 10:0.000110::PUT /admin/user:create_user:authorizing
2013-10-22 23:54:25.038169 7f02a9ffb700 20 get_obj_state: rctx=0x7f0254004c90 obj=.users:DVZ1DHGEKRM3UOJMV37I state=0x7f0254004d58 s->prefetch_data=0
2013-10-22 23:54:25.038190 7f02a9ffb700 10 moving .users+DVZ1DHGEKRM3UOJMV37I to cache LRU end
2013-10-22 23:54:25.038197 7f02a9ffb700 10 cache get: name=.users+DVZ1DHGEKRM3UOJMV37I : hit
2013-10-22 23:54:25.038207 7f02a9ffb700 20 get_obj_state: s->obj_tag was set empty
2013-10-22 23:54:25.038225 7f02a9ffb700 10 moving .users+DVZ1DHGEKRM3UOJMV37I to cache LRU end
2013-10-22 23:54:25.038228 7f02a9ffb700 10 cache get: name=.users+DVZ1DHGEKRM3UOJMV37I : hit
2013-10-22 23:54:25.038246 7f02a9ffb700 20 get_obj_state: rctx=0x7f0254004c90 obj=.users.uid:radosgwadmin state=0x7f0254005518 s->prefetch_data=0
2013-10-22 23:54:25.038253 7f02a9ffb700 10 moving .users.uid+radosgwadmin to cache LRU end
2013-10-22 23:54:25.038254 7f02a9ffb700 10 cache get: name=.users.uid+radosgwadmin : hit
2013-10-22 23:54:25.038256 7f02a9ffb700 20 get_obj_state: s->obj_tag was set empty
2013-10-22 23:54:25.038259 7f02a9ffb700 10 moving .users.uid+radosgwadmin to cache LRU end
2013-10-22 23:54:25.038260 7f02a9ffb700 10 cache get: name=.users.uid+radosgwadmin : hit
2013-10-22 23:54:25.038302 7f02a9ffb700 10 get_canon_resource(): dest=
2013-10-22 23:54:25.038304 7f02a9ffb700 10 auth_hdr:
PUT

application/x-www-form-urlencoded
Wed, 23 Oct 2013 03:54:40 GMT
/admin/user
2013-10-22 23:54:25.038367 7f02a9ffb700 15 calculated digest=gzt/ltRTGQu2c94ZeOlq5IAoi6A=
2013-10-22 23:54:25.038368 7f02a9ffb700 15 auth_sign=gzt/ltRTGQu2c94ZeOlq5IAoi6A=
2013-10-22 23:54:25.038368 7f02a9ffb700 15 compare=0
2013-10-22 23:54:25.038371 7f02a9ffb700  2 req 10:0.000335::PUT /admin/user:create_user:reading permissions
2013-10-22 23:54:25.038373 7f02a9ffb700  2 req 10:0.000338::PUT /admin/user:create_user:verifying op mask
2013-10-22 23:54:25.038374 7f02a9ffb700 20 required_mask= 0 user.op_mask=7
2013-10-22 23:54:25.038375 7f02a9ffb700  2 req 10:0.000340::PUT /admin/user:create_user:verifying op permissions
2013-10-22 23:54:25.038378 7f02a9ffb700  2 req 10:0.000343::PUT /admin/user:create_user:verifying op params
2013-10-22 23:54:25.038380 7f02a9ffb700  2 req 10:0.000344::PUT /admin/user:create_user:executing
2013-10-22 23:54:25.039051 7f02a9ffb700  2 req 10:0.001016::PUT /admin/user:create_user:http status=403
2013-10-22 23:54:25.039488 7f02a9ffb700  1 ====== req done req=0x117b350 http_status=403 ======

ubuntu@ceph-node1:~$ sudo radosgw-admin caps add --uid=radosgwadmin  --caps="caps=*;"
[sudo] password for ubuntu:
2013-10-23 00:10:40.737573 7f8ecb4f6780  0 WARNING: cannot read region map
{ "user_id": "radosgwadmin",
  "display_name": "Rados Gateway Admin",
  "email": "radowgwadmin@xxxxxxx",
  "suspended": 0,
  "max_buckets": 1000,
  "auid": 0,
  "subusers": [],
  "keys": [
        { "user": "radosgwadmin",
          "access_key": "DVZ1DHGEAAA3UOJMV33I",
          "secret_key": "9NxnEtmoderVDbJjbZAuc0DemWPAlNckKm44jEGb"}],
  "swift_keys": [],
  "caps": [
        { "type": "buckets",
          "perm": "*"},
        { "type": "caps",
          "perm": "*"},
        { "type": "metadata",
          "perm": "*"},
        { "type": "op-mask",
          "perm": "*"},
        { "type": "usage",
          "perm": "*"},
        { "type": "user",
          "perm": "*"},
        { "type": "user-caps",
          "perm": "*"},
        { "type": "users",
          "perm": "*"},
        { "type": "userx",
          "perm": "*"},
        { "type": "usery",
          "perm": "write"}],
  "op_mask": "read, write, delete",
  "default_placement": "",
  "placement_tags": []}
ubuntu@ceph-node1:~$

_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux