Yehuda, Thank you. We'll try that next. Would you happen to have any code samples (pref. perl) you wouldn't mind sharing for a couple of the admin API methods? -Steve ----- Original Message ----- > From: "Yehuda Sadeh" <yehuda@xxxxxxxxxxx> > To: "Steve Carter" <scarter@xxxxxxxxxxxxx> > Cc: ceph-users@xxxxxxxxxxxxxx > Sent: Wednesday, March 12, 2014 9:34:26 PM > Subject: Re: Access Denied errors > > You need to try switching the calling format. Instead of accessing > http://admin.XXX/user, try accessing http://XXX/admin/user. There's a > good chance that the subdomain calling format does not work with the > admin api. > > Yehuda > > On Wed, Mar 12, 2014 at 8:58 PM, Steve Carter <scarter@xxxxxxxxxxxxx> wrote: > > Any ideas on this? Anything I can do to further troubleshoot? > > > > -Steve > > > > ________________________________ > > > > From: "Steve Carter" <scarter@xxxxxxxxxxxxx> > > To: "Yehuda Sadeh" <yehuda@xxxxxxxxxxx> > > Cc: ceph-users@xxxxxxxxxxxxxx > > Sent: Tuesday, March 11, 2014 4:42:24 PM > > > > Subject: Re: Access Denied errors > > > > Just to be complete, a TCP Dump: > > > > Starting tcpick 0.2.1 at 2014-03-11 21:11 UTC > > Timeout for connections is 600 > > tcpick: reading from test.pcap > > 1 SYN-SENT 10.255.247.241:39729 > 10.30.77.227:http > > 1 SYN-RECEIVED 10.255.247.241:39729 > 10.30.77.227:http > > 1 ESTABLISHED 10.255.247.241:39729 > 10.30.77.227:http > > GET /user HTTP/1.1 > > TE: deflate,gzip;q=0.3 > > Keep-Alive: 300 > > Connection: Keep-Alive, TE > > Date: Mon, 10 Mar 2014 22:51:06 GMT > > Authorization: AWS 08V6K45V9KPVK7MIWWMG:tot0rXT4AeYohcRQ0iyGPnAQ+cg= > > Host: admin.XXXX.liquidweb.com > > User-Agent: libwww-perl/5.805 > > display-name: Hello World > > uid: atc > > > > HTTP/1.1 403 Forbidden > > Date: Mon, 10 Mar 2014 22:50:36 GMT > > Server: Apache/2.2.22 (Ubuntu) > > Accept-Ranges: bytes > > Content-Length: 78 > > Keep-Alive: timeout=5, max=100 > > Connection: Keep-Alive > > Content-Type: application/xml > > > > <?xml version="1.0" > > encoding="UTF-8"?><Error><Code>AccessDenied</Code></Error> > > 1 FIN-WAIT-1 10.255.247.241:39729 > 10.30.77.227:http > > 1 TIME-WAIT 10.255.247.241:39729 > 10.30.77.227:http > > 1 CLOSED 10.255.247.241:39729 > 10.30.77.227:http > > tcpick: done reading from test.pcap > > > > 10 packets captured > > 1 tcp sessions detected > > > > ________________________________ > > > > From: "Steve Carter" <scarter@xxxxxxxxxxxxx> > > To: "Yehuda Sadeh" <yehuda@xxxxxxxxxxx> > > Cc: ceph-users@xxxxxxxxxxxxxx > > Sent: Tuesday, March 11, 2014 4:35:12 PM > > Subject: Re: Access Denied errors > > > > > > On Mar 10, 2014, at 8:30 PM, Yehuda Sadeh <yehuda@xxxxxxxxxxx> wrote: > > > > 2014-03-10 22:59:12.551012 7fec017fa700 10 auth_hdr: > > GET > > > > > > Mon, 10 Mar 2014 22:59:42 GMT > > /user > > > > > > This is related to the issue. I assume it was signed as /admin/user, > > but here we just use /user because that what's passed in the URI. Are > > you accessing the gateway through virtual dns bucket name (e.g., > > admin.your-domain.com)? > > > > Yehuda > > > > 2014-03-10 22:59:12.551103 7fec017fa700 15 calculated > > digest=R+4z9J6PyXugdHAYJDKJiLPKpWo= > > 2014-03-10 22:59:12.551113 7fec017fa700 15 > > auth_sign=OHAxWvf8U8t4CVWq0pKKwxZ2Xko= > > 2014-03-10 22:59:12.551114 7fec017fa700 15 compare=-3 > > 2014-03-10 22:59:12.551118 7fec017fa700 10 failed to authorize request > > 2014-03-10 22:59:12.551295 7fec017fa700 2 req 1:0.020363:s3:GET > > /user:list_bucket:http status=403 > > 2014-03-10 22:59:12.551496 7fec017fa700 1 ====== req done req=0x19497c0 > > http_status=403 ====== > > > > > > This what our request header looks like. 'admin' is the admin bucket. The > > request doesn't appear to be signed as /admin/user. I wonder if the > > ordering of our header fields are incorrect insofar as they don't match the > > canonical ordering expected by radosgw/S3 resulting in the digests not > > matching? > > > > Request: GET http://admin.XXXX.liquidweb.com/user > > Date: Tue, 11 Mar 2014 22:52:20 GMT > > Authorization: AWS 08V6K45V9KPVK7MIWWMG:VPPhzMiF9bFywTxLbr1peLEwZK4= > > User-Agent: libwww-perl/5.805 > > display-name: Hello World > > uid: atc > > Format: json HTTP/1.1 > > > > > > *** /home/etank/lwlibs/perl/Amazon/S3.pm [298]: Response: HTTP/1.1 403 > > Forbidden > > Connection: Keep-Alive > > Date: Tue, 11 Mar 2014 22:51:47 GMT > > Accept-Ranges: bytes > > Server: Apache/2.2.22 (Ubuntu) > > Content-Length: 78 > > Content-Type: application/xml > > Client-Date: Tue, 11 Mar 2014 22:52:20 GMT > > Client-Peer: 10.30.77.227:80 > > Client-Response-Num: 1 > > Keep-Alive: timeout=5, max=100 > > > > _______________________________________________ > > ceph-users mailing list > > ceph-users@xxxxxxxxxxxxxx > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > > > > > > _______________________________________________ > > ceph-users mailing list > > ceph-users@xxxxxxxxxxxxxx > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > > > _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |