Re: s3 user can't create bucket

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Nov 5, 2013 at 11:28 PM, lixuehui <lixuehui@xxxxxxxxxxxxxxxxx> wrote:
> Hi all:
>
> I failed to create bucket with s3 API. the error is 403 'Access Denied'.In
> fact ,I've give the user write permission.
> { "user_id": "lxh",
>   "display_name": "=lxh",
>   "email": "",
>   "suspended": 0,
>   "max_buckets": 1000,
>   "auid": 0,
>   "subusers": [],
>   "keys": [
>         { "user": "lxh",
>           "access_key": "JZ9N42JQY636PTTZ76VZ",
>           "secret_key": "2D37kjLXda7dPxGpjJ3ZhNCBHzd9wmxoJnf9FcQo"}],
>   "swift_keys": [],
>   "caps": [
>         { "type": "usage",
>           "perm": "*"},
>         { "type": "user",
>           "perm": "*"}],
>   "op_mask": "read, write, delete",
>   "default_placement": "",
>   "placement_tags": []}
>
> At the same time,there is not '\' generated in the secret_key.
>
> 2013-11-06 15:20:31.787363 7f167df9b700  2 req 1:0.000522::PUT
> /my_bucket/::initializing
> 2013-11-06 15:20:31.787435 7f167df9b700 10 host=cephtest.com
> rgw_dns_name=ceph-osd26
> 2013-11-06 15:20:31.787929 7f167df9b700 10 s->object=<NULL>
> s->bucket=my_bucket
> 2013-11-06 15:20:31.788085 7f167df9b700 20 FCGI_ROLE=RESPONDER
> 2013-11-06 15:20:31.788107 7f167df9b700 20 SCRIPT_URL=/my_bucket/
> 2013-11-06 15:20:31.788119 7f167df9b700 20
> SCRIPT_URI=http://cephtest.com/my_bucket/
> 2013-11-06 15:20:31.788130 7f167df9b700 20 HTTP_HOST=cephtest.com
> 2013-11-06 15:20:31.788140 7f167df9b700 20 HTTP_ACCEPT_ENCODING=identity
> 2013-11-06 15:20:31.788151 7f167df9b700 20 HTTP_DATE=Wed, 06 Nov 2013
> 07:20:31 GMT
> 2013-11-06 15:20:31.788162 7f167df9b700 20 CONTENT_LENGTH=0
> 2013-11-06 15:20:31.788172 7f167df9b700 20 HTTP_USER_AGENT=Boto/2.15.0
> Python/2.7.3 Linux/3.5.0-23-generic
> 2013-11-06 15:20:31.788182 7f167df9b700 20 PATH=/usr/local/bin:/usr/bin:/bin
> 2013-11-06 15:20:31.788193 7f167df9b700 20 SERVER_SIGNATURE=
> 2013-11-06 15:20:31.788203 7f167df9b700 20 SERVER_SOFTWARE=Apache/2.2.22
> (Ubuntu)
> 2013-11-06 15:20:31.788213 7f167df9b700 20 SERVER_NAME=cephtest.com
> 2013-11-06 15:20:31.788223 7f167df9b700 20 SERVER_ADDR=192.168.50.116
> 2013-11-06 15:20:31.788234 7f167df9b700 20 SERVER_PORT=80
> 2013-11-06 15:20:31.788247 7f167df9b700 20 REMOTE_ADDR=192.168.50.116
> 2013-11-06 15:20:31.788260 7f167df9b700 20 DOCUMENT_ROOT=/var/www/
> 2013-11-06 15:20:31.788311 7f167df9b700 20 SERVER_ADMIN=[no address given]
> 2013-11-06 15:20:31.788324 7f167df9b700 20
> SCRIPT_FILENAME=/var/www/s3gw.fcgi
> 2013-11-06 15:20:31.788336 7f167df9b700 20 REMOTE_PORT=45737
> 2013-11-06 15:20:31.788348 7f167df9b700 20 GATEWAY_INTERFACE=CGI/1.1
> 2013-11-06 15:20:31.788361 7f167df9b700 20 SERVER_PROTOCOL=HTTP/1.1
> 2013-11-06 15:20:31.788374 7f167df9b700 20 REQUEST_METHOD=PUT
> 2013-11-06 15:20:31.788389 7f167df9b700 20
> QUERY_STRING=[E=HTTP_AUTHORIZATION:AWS
> JZ9N42JQY636PTTZ76VZ:ttIro1R21j6GAjVsDITrz5DK66Y=,L]

Your rewrite rule is broken.

> 2013-11-06 15:20:31.788471 7f167df9b700 20 REQUEST_URI=/my_bucket/
> 2013-11-06 15:20:31.788476 7f167df9b700 20 SCRIPT_NAME=/my_bucket/
> 2013-11-06 15:20:31.788483 7f167df9b700  2 req 1:0.001643:s3:PUT
> /my_bucket/::getting op
> 2013-11-06 15:20:31.788519 7f167df9b700  2 req 1:0.001679:s3:PUT
> /my_bucket/:create_bucket:authorizing
> 2013-11-06 15:20:31.788638 7f167df9b700  2 req 1:0.001798:s3:PUT
> /my_bucket/:create_bucket:reading permissions
> 2013-11-06 15:20:31.788688 7f167df9b700  2 req 1:0.001847:s3:PUT
> /my_bucket/:create_bucket:verifying op mask
> 2013-11-06 15:20:31.788719 7f167df9b700 20 required_mask= 2 user.op_mask=7
> 2013-11-06 15:20:31.788743 7f167df9b700  2 req 1:0.001903:s3:PUT
> /my_bucket/:create_bucket:verifying op permissions
> 2013-11-06 15:20:31.789225 7f167df9b700  2 req 1:0.002385:s3:PUT
> /my_bucket/:create_bucket:http status=403
> 2013-11-06 15:20:31.790319 7f167df9b700  1 ====== req done req=0x20d6eb0
> http_status=403 ======
>
>
>
> the program is like this:
>
> import boto
> import boto.s3.connection
> access_key='JZ9N42JQY636PTTZ76VZ'
> secret_key='2D37kjLXda7dPxGpjJ3ZhNCBHzd9wmxoJnf9FcQo'
> conn=boto.connect_s3(
>         aws_access_key_id=access_key,
>         aws_secret_access_key=secret_key,
>         host="cephtest.com",
>         is_secure=False,
>         calling_format=boto.s3.connection.OrdinaryCallingFormat(),
>         )
> print "hello world"
> conn.create_bucket('my_bucket')
>
> It seems the permission problem,but I really can not reslove the problem
> with the user information.
> HELP!
> HELP!!
> Thanks for any help!
>
>

You need to fix your apache rewrite rule. Basically the authorization
header is not passed correctly.

Yehuda
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux