403-Forbidden error using radosgw

[lux_ks@xxxxxxxxx (lakshmi k s)]

Resending my earlier message.?

On Tuesday, July 15, 2014 10:58 PM, lakshmi k s <lux_ks at yahoo.com> wrote:
 


Hello Ceph Users - 


My Ceph setup consists of 1 admin
node, 3 OSDs, I radosgw and 1 client. One of OSD node also hosts monitor node.
Ceph Health is OK and I have verified the radosgw runtime. I have created S3
and Swift users using radosgw-admin. But when I try to make any S3 or Swift
calls, everything falls apart. For example - 
?
Python script - 
import boto
import boto.s3.connection
access_key = '123'
secret_key = '456'
?
conn = boto.connect_s3(
???????
aws_access_key_id = access_key,
???????
aws_secret_access_key = secret_key,
???????
host = 'ceph-gateway.ex.com',
???????
is_secure=False,
???????
calling_format = boto.s3.connection.OrdinaryCallingFormat(),
???????
)
for bucket in conn.get_all_buckets():
???????
print "{name}\t{created}".format(
???????????????
name = bucket.name,
???????????????
created = bucket.creation_date,
???????
)
?
Client error- 
Traceback (most recent call last):
? File "dconnect.py",
line 18, in <module>
??? for bucket in
conn.get_all_buckets():
? File
"/usr/lib/python2.7/dist-packages/boto/s3/connection.py", line 387,
in get_all_buckets
??? response.status,
response.reason, body)
boto.exception.S3ResponseError:
S3ResponseError: 403 Forbidden
<?xml version="1.0"
encoding="UTF-8"?><Error><Code>AccessDenied</Code></Error>
?
Radosgw log 

2014-07-15 22:48:15.769125
7fbb85fdb700? 1 ====== starting new
request req=0x7fbbe910b290 =====
2014-07-15 22:48:15.769443
7fbb85fdb700? 2 req 17:0.000334::GET
http://ceph-gateway.ex.com/::initializing
2014-07-15 22:48:15.769998
7fbb85fdb700 10 s->object=<NULL> s->bucket=<NULL>
2014-07-15 22:48:15.770199
7fbb85fdb700? 2 req 17:0.001084:s3:GET
http://ceph-gateway.ex.com/::getting op
2014-07-15 22:48:15.770345
7fbb85fdb700? 2 req 17:0.001231:s3:GET
http://ceph-gateway.ex.com/:list_buckets:authorizing
2014-07-15 22:48:15.770846
7fbb85fdb700 20 get_obj_state: rctx=0x7fbbc800f750
obj=.users:I420IKX56ZP09BTN4CML state=0x7fbbc8007c08 s->prefetch_data=0
2014-07-15 22:48:15.771314
7fbb85fdb700 10 cache get: name=.users+I420IKX56ZP09BTN4CML : hit
2014-07-15 22:48:15.771442
7fbb85fdb700 20 get_obj_state: s->obj_tag was set empty
2014-07-15 22:48:15.771537
7fbb85fdb700 10 cache get: name=.users+I420IKX56ZP09BTN4CML : hit
2014-07-15 22:48:15.773278
7fbb85fdb700 20 get_obj_state: rctx=0x7fbbc800f750 obj=.users.uid:lakshmi
state=0x7fbbc8008208 s->prefetch_data=0
2014-07-15 22:48:15.773288
7fbb85fdb700 10 cache get: name=.users.uid+lakshmi : hit
2014-07-15 22:48:15.773293
7fbb85fdb700 20 get_obj_state: s->obj_tag was set empty
2014-07-15 22:48:15.773297
7fbb85fdb700 10 cache get: name=.users.uid+lakshmi : hit
2014-07-15 22:48:15.774247
7fbb85fdb700 10 get_canon_resource(): dest=http://ceph-gateway.ex.com/
2014-07-15 22:48:15.774326
7fbb85fdb700 10 auth_hdr:
GET
?
?
Wed, 16 Jul 2014 05:48:48 GMT
http://ceph-gateway.ex.com/
2014-07-15 22:48:15.775425
7fbb85fdb700 15 calculated digest=k80Z0p3KlwX4TtrZa0Ws0IWCpVU=
2014-07-15 22:48:15.775498
7fbb85fdb700 15 auth_sign=aAd2u8uD1x/FwLAojm+vceWaITY=
2014-07-15 22:48:15.775536
7fbb85fdb700 15 compare=-10
2014-07-15 22:48:15.775603
7fbb85fdb700 10 failed to authorize request
2014-07-15 22:48:15.776202
7fbb85fdb700? 2 req 17:0.007071:s3:GET
http://ceph-gateway.ex.com/:list_buckets:http status=403
2014-07-15 22:48:15.776325
7fbb85fdb700? 1 ====== req done
req=0x7fbbe910b290 http_status=403 ======
2014-07-15 22:48:15.776435
7fbb85fdb700 20 process_request() returned -1
?

--------------------------------------------------------------------------------------------------------------------------------
Using Swift-Client - 
swift --debug -V 1.0 -A http://ceph-gateway.ex.com/auth/1.0 -U ganapati:swift -K
"GIn60fmdvnEh5tSiRziixcO5wVxZjg9eoYmtX3hJ" list
INFO:urllib3.connectionpool:Starting
new HTTP connection (1): ceph-gateway.ex.com
DEBUG:urllib3.connectionpool:Setting
read timeout to <object object at 0x7f3e1cf38090>
DEBUG:urllib3.connectionpool:"GET
/auth/1.0 HTTP/1.1" 403 23
('lks: response %s', <Response
[403]>)
INFO:swiftclient:REQ: curl -i
http://ceph-gateway.ex.com/auth/1.0 -X GET
INFO:swiftclient:RESP STATUS: 403
Forbidden
INFO:swiftclient:RESP HEADERS:
[('date', 'Wed, 16 Jul 2014 05:45:22 GMT'), ('accept-ranges', 'bytes'),
('content-type', 'application/json'), ('content-length', '23'), ('server',
'Apache/2.4.7 (Ubuntu)')]
INFO:swiftclient:RESP BODY:
{"Code":"AccessDenied"}
ERROR:swiftclient:Auth GET failed:
http://ceph-gateway.ex.com/auth/1.0 403 Forbidden
Traceback (most recent call last):
? File "/usr/lib/python2.7/dist-packages/swiftclient/client.py",
line 1187, in _retry
??? self.url, self.token = self.get_auth()
? File "/usr/lib/python2.7/dist-packages/swiftclient/client.py",
line 1161, in get_auth
??? insecure=self.insecure)
? File "/usr/lib/python2.7/dist-packages/swiftclient/client.py",
line 324, in get_auth
??? insecure=insecure)
? File "/usr/lib/python2.7/dist-packages/swiftclient/client.py",
line 247, in get_auth_1_0
??? http_reason=resp.reason)
ClientException: Auth GET failed:
http://ceph-gateway.ex.com/auth/1.0 403 Forbidden
?
Radosgw log - 
2014-07-15 22:45:22.654754
7fbb697a2700? 1 ====== starting new
request req=0x7fbbe910c3d0 =====
2014-07-15 22:45:22.654844
7fbb697a2700? 2 req 16:0.000091::GET
/auth/1.0::initializing
2014-07-15 22:45:22.655062
7fbb697a2700? 2 req
16:0.000308:swift-auth:GET /auth/1.0::getting op
2014-07-15 22:45:22.655073
7fbb697a2700? 2 req
16:0.000321:swift-auth:GET /auth/1.0:swift_auth_get:authorizing
2014-07-15 22:45:22.655088
7fbb697a2700? 2 req
16:0.000335:swift-auth:GET /auth/1.0:swift_auth_get:reading permissions
2014-07-15 22:45:22.655095
7fbb697a2700? 2 req
16:0.000342:swift-auth:GET /auth/1.0:swift_auth_get:init op
2014-07-15 22:45:22.655108
7fbb697a2700? 2 req
16:0.000355:swift-auth:GET /auth/1.0:swift_auth_get:verifying op mask
2014-07-15 22:45:22.655119
7fbb697a2700 20 required_mask= 0 user.op_mask=7
2014-07-15 22:45:22.655125
7fbb697a2700? 2 req
16:0.000372:swift-auth:GET /auth/1.0:swift_auth_get:verifying op permissions
2014-07-15 22:45:22.655132
7fbb697a2700? 2 req
16:0.000379:swift-auth:GET /auth/1.0:swift_auth_get:verifying op params
2014-07-15 22:45:22.655138
7fbb697a2700? 2 req
16:0.000385:swift-auth:GET /auth/1.0:swift_auth_get:executing
2014-07-15 22:45:22.655363
7fbb697a2700 20 get_obj_state: rctx=0x7fbba0048cc0
obj=.users.swift:ganapati:swift state=0x7fbba0010fd8 s->prefetch_data=0
2014-07-15 22:45:22.655427
7fbb697a2700 10 cache get: name=.users.swift+ganapati:swift : type miss
(requested=6, cached=0)
2014-07-15 22:45:22.662199
7fbb697a2700 10 cache put: name=.users.swift+ganapati:swift
2014-07-15 22:45:22.662239
7fbb697a2700 10 moving .users.swift+ganapati:swift to cache LRU end
2014-07-15 22:45:22.662357
7fbb697a2700? 2 req
16:0.007603:swift-auth:GET /auth/1.0:swift_auth_get:http status=403
2014-07-15 22:45:22.662379
7fbb697a2700? 1 ====== req done
req=0x7fbbe910c3d0 http_status=403 ======
?
ceph.conf
[global]
fsid = ecb2d0d4-cfc9-4fb9-a98d-002fa1b228f1
mon_initial_members = node1
mon_host = 192.168.122.108
auth_cluster_required = cephx
auth_service_required = cephx
auth_client_required = cephx
filestore_xattr_use_omap = true

[client.admin]
keyring = /etc/ceph/ceph.client.admin.keyring

[client.radosgw.gateway]
host = ceph-gateway
keyring = /etc/ceph/ceph.client.radosgw.keyring
rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
log file = /var/log/ceph/client.radosgw.gateway.log
rgw dns name = ceph-gateway.ex.com
rgw print
 continue = false
rgw debug = 20
rgw enable usage log = true


Appreciate your help.
?
Thanks,
Lakshmi.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ceph.com/pipermail/ceph-users-ceph.com/attachments/20140716/7f9b5076/attachment.htm>