Further, here is the logging output (when I set 'debug rgw log = 20/20’ in ceph.conf). I have removed some information. The server replies with a 403. Any insight into why? When the account submits a non-admin type request it works, but not when trying to create a new user. Is there a CAP we’re missing from the user account? -Steve 2014-03-10 22:59:12.530932 7fec017fa700 1 ====== starting new request req=0x19497c0 ===== 2014-03-10 22:59:12.531020 7fec017fa700 2 req 1:0.000089::GET /user::initializing 2014-03-10 22:59:12.531032 7fec017fa700 10 host=admin.XXXX.liquidweb.com rgw_dns_name=XXXX.liquidweb.com 2014-03-10 22:59:12.531101 7fec017fa700 10 s->object=<NULL> s->bucket=user 2014-03-10 22:59:12.531132 7fec017fa700 20 FCGI_ROLE=RESPONDER 2014-03-10 22:59:12.531134 7fec017fa700 20 SCRIPT_URL=/user 2014-03-10 22:59:12.531135 7fec017fa700 20 SCRIPT_URI=http://admin.XXXX.liquidweb.com/user 2014-03-10 22:59:12.531136 7fec017fa700 20 HTTP_AUTHORIZATION=AWS 08V6K45V9KPVK7MIWWMG:OHAxWvf8U8t4CVWq0pKKwxZ2Xko= 2014-03-10 22:59:12.531138 7fec017fa700 20 HTTP_TE=deflate,gzip;q=0.3 2014-03-10 22:59:12.531139 7fec017fa700 20 HTTP_KEEP_ALIVE=300 2014-03-10 22:59:12.531140 7fec017fa700 20 HTTP_CONNECTION=Keep-Alive, TE 2014-03-10 22:59:12.531141 7fec017fa700 20 HTTP_DATE=Mon, 10 Mar 2014 22:59:42 GMT 2014-03-10 22:59:12.531142 7fec017fa700 20 HTTP_HOST=admin.XXXX.liquidweb.com 2014-03-10 22:59:12.531146 7fec017fa700 20 HTTP_USER_AGENT=libwww-perl/5.805 2014-03-10 22:59:12.531147 7fec017fa700 20 HTTP_DISPLAY_NAME=Hello World 2014-03-10 22:59:12.531148 7fec017fa700 20 HTTP_UID=atc 2014-03-10 22:59:12.531149 7fec017fa700 20 PATH=/usr/local/bin:/usr/bin:/bin 2014-03-10 22:59:12.531150 7fec017fa700 20 SERVER_SIGNATURE= 2014-03-10 22:59:12.531151 7fec017fa700 20 SERVER_SOFTWARE=Apache/2.2.22 (Ubuntu) 2014-03-10 22:59:12.531152 7fec017fa700 20 SERVER_NAME=admin.XXXX.liquidweb.com 2014-03-10 22:59:12.531153 7fec017fa700 20 SERVER_ADDR=10.30.77.227 2014-03-10 22:59:12.531154 7fec017fa700 20 SERVER_PORT=80 2014-03-10 22:59:12.531155 7fec017fa700 20 REMOTE_ADDR=10.255.247.241 2014-03-10 22:59:12.531156 7fec017fa700 20 DOCUMENT_ROOT=/var/www 2014-03-10 22:59:12.531157 7fec017fa700 20 SERVER_ADMIN=scarter@xxxxxxxxxxxxx 2014-03-10 22:59:12.531158 7fec017fa700 20 SCRIPT_FILENAME=/var/www/s3gw.fcgi 2014-03-10 22:59:12.531159 7fec017fa700 20 REMOTE_PORT=40506 2014-03-10 22:59:12.531160 7fec017fa700 20 GATEWAY_INTERFACE=CGI/1.1 2014-03-10 22:59:12.531161 7fec017fa700 20 SERVER_PROTOCOL=HTTP/1.1 2014-03-10 22:59:12.531162 7fec017fa700 20 REQUEST_METHOD=GET 2014-03-10 22:59:12.531163 7fec017fa700 20 QUERY_STRING=page=user¶ms= 2014-03-10 22:59:12.531164 7fec017fa700 20 REQUEST_URI=/user 2014-03-10 22:59:12.531165 7fec017fa700 20 SCRIPT_NAME=/user 2014-03-10 22:59:12.531168 7fec017fa700 2 req 1:0.000237:s3:GET /user::getting op 2014-03-10 22:59:12.531176 7fec017fa700 2 req 1:0.000245:s3:GET /user:list_bucket:authorizing 2014-03-10 22:59:12.531203 7fec017fa700 20 get_obj_state: rctx=0x7febb80055c0 obj=.users:08V6K45V9KPVK7MIWWMG state=0x7febb8005688 s->prefetch_data=0 2014-03-10 22:59:12.531213 7fec017fa700 10 cache get: name=.users+08V6K45V9KPVK7MIWWMG : miss 2014-03-10 22:59:12.538305 7fec017fa700 10 cache put: name=.users+08V6K45V9KPVK7MIWWMG 2014-03-10 22:59:12.538324 7fec017fa700 10 adding .users+08V6K45V9KPVK7MIWWMG to cache LRU end 2014-03-10 22:59:12.538333 7fec017fa700 20 get_obj_state: s->obj_tag was set empty 2014-03-10 22:59:12.538343 7fec017fa700 10 moving .users+08V6K45V9KPVK7MIWWMG to cache LRU end 2014-03-10 22:59:12.538346 7fec017fa700 10 cache get: name=.users+08V6K45V9KPVK7MIWWMG : type miss (requested=1, cached=6) 2014-03-10 22:59:12.538353 7fec017fa700 20 get_obj_state: rctx=0x7febb80055c0 obj=.users:08V6K45V9KPVK7MIWWMG state=0x7febb8006378 s->prefetch_data=0 2014-03-10 22:59:12.538360 7fec017fa700 10 moving .users+08V6K45V9KPVK7MIWWMG to cache LRU end 2014-03-10 22:59:12.538362 7fec017fa700 10 cache get: name=.users+08V6K45V9KPVK7MIWWMG : hit 2014-03-10 22:59:12.538366 7fec017fa700 20 get_obj_state: s->obj_tag was set empty 2014-03-10 22:59:12.538369 7fec017fa700 20 get_obj_state: rctx=0x7febb80055c0 obj=.users:08V6K45V9KPVK7MIWWMG state=0x7febb8006378 s->prefetch_data=0 2014-03-10 22:59:12.538372 7fec017fa700 20 state for obj=.users:08V6K45V9KPVK7MIWWMG is not atomic, not appending atomic test 2014-03-10 22:59:12.538374 7fec017fa700 20 rados->read obj-ofs=0 read_ofs=0 read_len=524288 2014-03-10 22:59:12.547545 7fec017fa700 20 rados->read r=0 bl.length=9 2014-03-10 22:59:12.547583 7fec017fa700 10 cache put: name=.users+08V6K45V9KPVK7MIWWMG 2014-03-10 22:59:12.547588 7fec017fa700 10 moving .users+08V6K45V9KPVK7MIWWMG to cache LRU end 2014-03-10 22:59:12.547609 7fec017fa700 20 get_obj_state: rctx=0x7febb8005350 obj=.users.uid:etank state=0x7febb8006ef8 s->prefetch_data=0 2014-03-10 22:59:12.547619 7fec017fa700 10 cache get: name=.users.uid+etank : miss 2014-03-10 22:59:12.549184 7fec017fa700 10 cache put: name=.users.uid+etank 2014-03-10 22:59:12.549202 7fec017fa700 10 adding .users.uid+etank to cache LRU end 2014-03-10 22:59:12.549210 7fec017fa700 20 get_obj_state: s->obj_tag was set empty 2014-03-10 22:59:12.549220 7fec017fa700 10 moving .users.uid+etank to cache LRU end 2014-03-10 22:59:12.549223 7fec017fa700 10 cache get: name=.users.uid+etank : type miss (requested=1, cached=6) 2014-03-10 22:59:12.549230 7fec017fa700 20 get_obj_state: rctx=0x7febb8007020 obj=.users.uid:etank state=0x7febb8007d48 s->prefetch_data=0 2014-03-10 22:59:12.549237 7fec017fa700 10 moving .users.uid+etank to cache LRU end 2014-03-10 22:59:12.549239 7fec017fa700 10 cache get: name=.users.uid+etank : hit 2014-03-10 22:59:12.549243 7fec017fa700 20 get_obj_state: s->obj_tag was set empty 2014-03-10 22:59:12.549245 7fec017fa700 20 get_obj_state: rctx=0x7febb8007020 obj=.users.uid:etank state=0x7febb8007d48 s->prefetch_data=0 2014-03-10 22:59:12.549248 7fec017fa700 20 state for obj=.users.uid:etank is not atomic, not appending atomic test 2014-03-10 22:59:12.549250 7fec017fa700 20 rados->read obj-ofs=0 read_ofs=0 read_len=524288 2014-03-10 22:59:12.550885 7fec017fa700 20 rados->read r=0 bl.length=293 2014-03-10 22:59:12.550924 7fec017fa700 10 cache put: name=.users.uid+etank 2014-03-10 22:59:12.550928 7fec017fa700 10 moving .users.uid+etank to cache LRU end 2014-03-10 22:59:12.551008 7fec017fa700 10 get_canon_resource(): dest= 2014-03-10 22:59:12.551012 7fec017fa700 10 auth_hdr: GET Mon, 10 Mar 2014 22:59:42 GMT /user 2014-03-10 22:59:12.551103 7fec017fa700 15 calculated digest=R+4z9J6PyXugdHAYJDKJiLPKpWo= 2014-03-10 22:59:12.551113 7fec017fa700 15 auth_sign=OHAxWvf8U8t4CVWq0pKKwxZ2Xko= 2014-03-10 22:59:12.551114 7fec017fa700 15 compare=-3 2014-03-10 22:59:12.551118 7fec017fa700 10 failed to authorize request 2014-03-10 22:59:12.551295 7fec017fa700 2 req 1:0.020363:s3:GET /user:list_bucket:http status=403 2014-03-10 22:59:12.551496 7fec017fa700 1 ====== req done req=0x19497c0 http_status=403 ====== On Mar 7, 2014, at 1:01 PM, Erik Tank <etank@xxxxxxxxxxxxx> wrote: > I'm getting Access Denied errors when attempting to do admin tasks. I'm attaching info for creating a user below. Any insights/thoughts are appreciated: > > User Info: > { > "user_id": "etank", > <...snip...> > "keys": [ > { "user": "etank", > "access_key": "08V6K45V9KPVK7MIWWMG", > "secret_key": "***************"}], > "swift_keys": [], > "caps": [ > { "type": "usage", > "perm": "read"}, > { "type": "users", > "perm": "*"}], > "op_mask": "read, write, delete", > "default_placement": "", > "placement_tags": [] > } > > > Request: > GET http://admin.**********.com/user > Date: Fri, 07 Mar 2014 19:33:50 GMT > Authorization: AWS 08V6K45V9KPVK7MIWWMG:qfE6khLdApjb2s+qQMY4frdWdOk= > display-name: Automated Test Create > uid: auto_test_create > > > Response: > HTTP/1.1 403 Forbidden > Connection: Keep-Alive > Date: Fri, 07 Mar 2014 19:33:29 GMT > Accept-Ranges: bytes > Server: Apache/2.2.22 (Ubuntu) > Content-Length: 78 > Content-Type: application/xml > Client-Date: Fri, 07 Mar 2014 19:33:50 GMT > Client-Peer: 10.30.77.227:80 > Client-Response-Num: 1 > Keep-Alive: timeout=5, max=100 > > <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code></Error> > > > Erik Tank > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com