On 11/13/2013 09:06 PM, lixuehui wrote:
And on the slave zone gateway instence ,the info is like this :
2013-11-14 12:54:24.516840 7f51e7fef700 1 ====== starting new request req=0xb1e3b0 =====
2013-11-14 12:54:24.526640 7f51e7fef700 1 ====== req done req=0xb1e3b0 http_status=200 ======
2013-11-14 12:54:24.545440 7f51e4fe9700 1 ====== starting new request req=0xb1c690 =====
2013-11-14 12:54:24.551696 7f51e4fe9700 0 WARNING: couldn't find acl header for bucket, generating default
2013-11-14 12:54:24.566005 7f51e4fe9700 0 > HTTP_DATE -> Thu Nov 14 04:54:24 2013
2013-11-14 12:54:24.566046 7f51e4fe9700 0 > HTTP_X_AMZ_COPY_SOURCE -> sss%2Frgwconf
2013-11-14 12:54:24.607998 7f51e4fe9700 1 ====== req done req=0xb1c690 http_status=403 ======
2013-11-14 12:54:24.626466 7f51e27e4700 1 ====== starting new request req=0xb24260 =====
Any one could help to find the problem ? Does it mean , we should set
acl for the bucket . In fact ,the information goes the same as it before
, after setting acl for the bucket .
bucket-name sss
object-name rgwconf
Or is there something wrong with either the "HTTP_DATE" or
"HTTP_X_AMS_COPY_SOURCE"?
Those headers are fine, and it's unrelated to acls since the gateway is
using a system user for cross-zone copies, which has full access.
Does the system user for the destination zone exist with the same
access secret and key in the source zone?
Josh
------------------------------------------------------------------------
lixuehui
*发件人:* lixuehui <mailto:lixuehui@xxxxxxxxxxxxxxxxx>
*发送时间:* 2013-11-13 16:16
*收件人:* ceph-users <mailto:ceph-users@xxxxxxxxxxxxxx>
*主题:* radosgw-agent AccessDenied 403
Hi ,list
We've ever reflected that ,radosgw-agent sync data failed all the
time ,before. We paste the concert log here to seek any help now .
application/json; charset=UTF-8
Wed, 13 Nov 2013 07:24:45 GMT
x-amz-copy-source:sss%2Frgwconf
/sss/rgwconf
2013-11-13T15:24:45.510 11171:DEBUG:boto:Signature:
AWS CQHH7O4XULLINBNQQSPB:9ktSGas0/iuekklDmHRuU+OItek=
2013-11-13T15:24:45.511 11171:DEBUG:boto:url = 'http://ceph-rgw41.com/sss/rgwconf'
params={'rgwx-op-id': 'ceph-rgw41:11160:2', 'rgwx-source-zone': u'us-east', 'rgwx-client-id': 'radosgw-agent'}
headers={'Content-Length': '0', 'User-Agent': 'Boto/2.16.0 Python/2.7.3 Linux/3.5.0-23-generic', 'x-amz-copy-source': 'sss%2Frgwconf', 'Date': 'Wed, 13 Nov 2013 07:24:45 GMT', 'Content-Type': 'application/json; charset=UTF-8', 'Authorization': 'AWS CQHH7O4XULLINBNQQSPB:9ktSGas0/iuekklDmHRuU+OItek='}
data=None
2013-11-13T15:24:45.519 11171:INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): ceph-rgw41.com
2013-11-13T15:24:45.580 11171:DEBUG:requests.packages.urllib3.connectionpool:"PUT /sss/rgwconf?rgwx-op-id=ceph-rgw41%3A11160%3A2&rgwx-source-zone=us-east&rgwx-client-id=radosgw-agent HTTP/1.1" 403 78
2013-11-13T15:24:45.584 11171:DEBUG:radosgw_agent.worker:exception during sync: Http error code 403 content <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code></Error>
2013-11-13T15:24:45.587 11171:DEBUG:boto:StringToSign:
GET
Wed, 13 Nov 2013 07:24:45 GMT
/admin/opstate
2013-11-13T15:24:45.589 11171:DEBUG:boto:Signature:
AWS CQHH7O4XULLINBNQQSPB:JZwaFKhZEsQUj50jLxjNzni8n5Q=
2013-11-13T15:24:45.590 11171:DEBUG:boto:url = 'http://ceph-rgw41.com/admin/opstate'
params={'client-id': 'radosgw-agent', 'object': 'sss/rgwconf', 'op-id': 'ceph-rgw41:11160:2'}
headers={'Date': 'Wed, 13 Nov 2013 07:24:45 GMT', 'Content-Length': '0', 'Authorization': 'AWS CQHH7O4XULLINBNQQSPB:JZwaFKhZEsQUj50jLxjNzni8n5Q=', 'User-Agent': 'Boto/2.16.0 Python/2.7.3 Linux/3.5.0-23-generic'}
data=None
2013-11-13T15:24:45.594 11171:INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): ceph-rgw41.com
2013-11-13T15:24:45.607 11171:DEBUG:requests.packages.urllib3.connectionpool:"GET /admin/opstate?client-id=radosgw-agent&object=sss%2Frgwconf&op-id=ceph-rgw41%3A11160%3A2 HTTP/1.1" 200 None
2013-11-13T15:24:45.612 11171:DEBUG:radosgw_agent.worker:op state is [{u'timestamp': u'2013-11-13 07:24:45.561401Z', u'op_id': u'ceph-rgw41:11160:2', u'object': u'sss/rgwconf', u'state': u'error', u'client_id': u'radosgw-agent'}]
2013-11-13T15:24:45.614 11171:ERROR:radosgw_agent.worker:failed to sync object sss/rgwconf: state is error
2013-11-13T15:24:45.616 11171:DEBUG:radosgw_agent.worker:syncing object "sss/iso"
2013-11-13T15:24:45.617 11171:DEBUG:radosgw_agent.worker:sync_object sss/iso
2013-11-13T15:24:45.620 11171:DEBUG:boto:StringToSign:
PUT
From the radosgw-agent log,we find the radosgw_agent.worker can
not access the slave zone gateway instence .Finally , radosgw-agent
returned the info: state is error.We've changed the users with
"*"permission.
[client.radosgw.us-east-1]
key = AQAp5IJSmF+hNBAAdVHvbYJYVW9coWF6INm+LA==
caps mon = "allow *"
caps osd = "allow *"
[client.radosgw.us-west-1]
key = AQAq5IJSkJ2PMxAAYmAH1wQaE08z+dA0F5INZQ==
caps mon = "allow *"
caps osd = "allow *"
The region configured file:us.json
{ "name": "us",
"api_name": "us",
"is_master": "true",
"endpoints": [
"http:\/\/ceph-rgw40.com:80\/"],
"master_zone": "us-east",
"zones": [
{ "name": "us-east",
"endpoints": [
"http:\/\/ceph-rgw40.com:80\/"],
"log_meta": "true",
"log_data": "true"},
{ "name": "us-west",
"endpoints": [
"http:\/\/ceph-rgw41.com:80\/"],
"log_meta": "true",
"log_data": "true"}],
"placement_targets": [],
"default_placement": ""}
radosgw-agent's configure file is:
src_access_key: 471FCR73KPEY0EF8Q0AC
src_secret_key: BF0t5ESBIvT+GlIL+fxB6N7HmjhdbS3VXcFq5mA0
destination : http://ceph-rgw41.com:80
dest_access_key: CQHH7O4XULLINBNQQSPB
dest_secret_key: BR/UUadpxebiyTH7So42J/87F6jWMw4ddkjKxPRT
log_file: /var/log/radosgw/radosgw-sync-us-east-west.log
Addtional, we encountered another problem ,when we
configured radosgw-agent. The destination means to
protoca+zone2-name+fqdn+port ,while we can only write as
protocal+fqdn+port.
If we added the slave zone name ,the info is like that :
/admin/config
DEBUG:boto:Signature:
AWS CQHH7O4XULLINBNQQSPB:4zdcvi1QVBSfTrKasHtauIdw3XY=
DEBUG:boto:url = 'http://us-west.ceph-rgw41.com/admin/config'
params={}
headers={'Date': 'Wed, 13 Nov 2013 08:13:54 GMT', 'Content-Length': '0', 'Authorization': 'AWS CQHH7O4XULLINBNQQSPB:4zdcvi1QVBSfTrKasHtauIdw3XY=', 'User-Agent': 'Boto/2.16.0 Python/2.7.3 Linux/3.5.0-23-generic'}
data=None
INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): us-west.ceph-rgw41.com
DEBUG:requests.packages.urllib3.connectionpool:"GET /admin/config HTTP/1.1" 200 None
region map is: {u'us': [u'us-west', u'us-east']}
ERROR:root:http://us-west.ceph-rgw41.com:80 not found in region map
Does it matter ,or we made any mistake form the us.json?
------------------------------------------------------------------------
lixuehui
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
