403-Forbidden error using radosgw

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Below is the output of radosgw admin user info. Am I missing something here. Appreciate your help.

ceph-gateway at ceph-gateway:~$ radosgw-admin user info --uid=ganapati
{ "user_id": "ganapati",
? "display_name": "I",
? "email": "",
? "suspended": 0,
? "max_buckets": 1000,
? "auid": 0,
? "subusers": [
? ? ? ? { "id": "ganapati:swift",
? ? ? ? ? "permissions": "full-control"}],
? "keys": [
? ? ? ? { "user": "ganapati",
? ? ? ? ? "access_key": "123",
? ? ? ? ? "secret_key": "456"},
? ? ? ? { "user": "ganapati:swift",
? ? ? ? ? "access_key": "Q39BTCD9D0MKN546RNDO",
? ? ? ? ? "secret_key": ""}],
? "swift_keys": [
? ? ? ? { "user": "ganapati:swift",
? ? ? ? ? "secret_key": "GIn60fmdvnEh5tSiRziixcO5wVxZjg9eoYmtX3hJ"}],
? "caps": [
? ? ? ? { "type": "metadata",
? ? ? ? ? "perm": "*"},
? ? ? ? { "type": "usage",
? ? ? ? ? "perm": "*"},
? ? ? ? { "type": "users",
? ? ? ? ? "perm": "*"},
? ? ? ? { "type": "zone",
? ? ? ? ? "perm": "*"}],
? "op_mask": "read, write, delete",
? "default_placement": "",
? "placement_tags": [],
? "bucket_quota": { "enabled": false,
? ? ? "max_size_kb": -1,
? ? ? "max_objects": -1},
? "user_quota": { "enabled": false,
? ? ? "max_size_kb": -1,
? ? ? "max_objects": -1},
? "temp_url_keys": []}



On Wednesday, July 16, 2014 8:23 AM, Vincenzo Pii <piiv at zhaw.ch> wrote:
 


Maybe some of the user data is not correct...

If you try

? ? radosgw-admin user info --uid=ganapati


is the subuser there?
The key that you must use should be under "swift_keys".

Otherwise, be sure that the user is created with

radosgw-admin key create --subuser=username:subusername --key-type=swift --gen-secret




2014-07-16 16:31 GMT+02:00 lakshmi k s <lux_ks at yahoo.com>:

Thanks for the response. Curl yields the following -?
>
>
>ceph-gateway at ceph-gateway:~$ curl -v -i http://ceph-gateway/auth -X GET -H "X-Auth-User:ganapati:swift" -H "X-Auth-Key:GIn60fmdvnEh5tSiRziixcO5wVxZjg9eoYmtX3hJ"
>
>Hostname was NOT found in DNS cache
>Trying 127.0.1.1...
>Connected to ceph-gateway (127.0.1.1) port 80 (#0)
>GET /auth HTTP/1.1
>User-Agent: curl/7.35.0
>Host: ceph-gateway
>Accept: */*
>X-Auth-User:ganapati:swift
>X-Auth-Key:GIn60fmdvnEh5tSiRziixcO5wVxZjg9eoYmtX3hJ
>
>
>HTTP/1.1 403 Forbidden
>HTTP/1.1 403 Forbidden
>Date: Wed, 16 Jul 2014 14:24:11 GMT
>Date: Wed, 16 Jul 2014 14:24:11 GMT
>Server Apache/2.4.7 (Ubuntu) is not blacklisted
>Server: Apache/2.4.7 (Ubuntu)
>Server: Apache/2.4.7 (Ubuntu)
>Accept-Ranges: bytes
>Accept-Ranges: bytes
>Content-Length: 23
>Content-Length: 23
>Content-Type: application/json
>Content-Type: application/json
>
>
><
>* Connection #0 to host ceph-gateway left intact
>{"Code":"AccessDenied"}ceph-gateway at ceph-gateway:~$
>
>
>
>
>
>
>
>On Wednesday, July 16, 2014 7:06 AM, Vincenzo Pii <piiv at zhaw.ch> wrote:
>
>
>
>You may try to debug your issue by using curl requests.
>
>
>If you use your Swift credentials, a request of this format should give you a 20X return code (probably 204):
>
>
>curl -v -i http://<hostname>/auth -X GET -H "X-Auth-User: testuser:swiftuser" -H "X-Auth-Key: ksYDp8dul80Ta1PeDkFFyLem1FlrtvnyzYiaqvh8"
>
>
>
>If this works, you at least know that your auth mechanism is working.
>
>
>2014-07-16 8:33 GMT+02:00 Wido den Hollander <wido at 42on.com>:
>
>On 07/16/2014 07:58 AM, lakshmi k s wrote:
>>> Hello Ceph Users -
>>>
>>> My Ceph setup consists of 1 admin node, 3 OSDs, I radosgw and 1 client.
>>> One of OSD node also hosts monitor node. Ceph Health is OK and I have
>>> verified the radosgw runtime. I have created S3 and Swift users using
>>> radosgw-admin. But when I try to make any S3 or Swift calls, everything
>>> falls apart. For example -
>>> Python script -
>>> import boto
>>> import boto.s3.connection
>>> access_key = '123'
>>> secret_key = '456'
>>
>>Are you sure the access and secret key are correct? See my lines a bit
>>below.
>>
>>> conn = boto.connect_s3(
>>> aws_access_key_id = access_key,
>>> aws_secret_access_key = secret_key,
>>> host = 'ceph-gateway.ex.com',
>>> is_secure=False,
>>> calling_format = boto.s3.connection.OrdinaryCallingFormat(),
>>> )
>>> for bucket in conn.get_all_buckets():
>>> print "{name}\t{created}".format(
>>> name = bucket.name,
>>> created = bucket.creation_date,
>>> )
>>> Client error-
>>> Traceback (most recent call last):
>>> ? ?File "dconnect.py", line 18, in <module>
>>> ? ? ?for bucket in conn.get_all_buckets():
>>> ? ?File "/usr/lib/python2.7/dist-packages/boto/s3/connection.py", line
>>> 387, in get_all_buckets
>>> ? ? ?response.status, response.reason, body)
>>> boto.exception.S3ResponseError: S3ResponseError: 403 Forbidden
>>> <?xml version="1.0"
>>> encoding="UTF-8"?><Error><Code>AccessDenied</Code></Error>
>>> Radosgw log
>>> 2014-07-15 22:48:15.769125 7fbb85fdb7001 ====== starting new request
>>> req=0x7fbbe910b290 =====
>>> 2014-07-15 22:48:15.769443 7fbb85fdb7002 req 17:0.000334::GET
>>> http://ceph-gateway.ex.com/::initializing
>>> 2014-07-15 22:48:15.769998 7fbb85fdb700 10 s->object=<NULL> s->bucket=<NULL>
>>> 2014-07-15 22:48:15.770199 7fbb85fdb7002 req 17:0.001084:s3:GET
>>> http://ceph-gateway.ex.com/::getting op
>>> 2014-07-15 22:48:15.770345 7fbb85fdb7002 req 17:0.001231:s3:GET
>>> http://ceph-gateway.ex.com/:list_buckets:authorizing
>>> 2014-07-15 22:48:15.770846 7fbb85fdb700 20 get_obj_state:
>>> rctx=0x7fbbc800f750 obj=.users:I420IKX56ZP09BTN4CML state=0x7fbbc8007c08
>>> s->prefetch_data=0
>>> 2014-07-15 22:48:15.771314 7fbb85fdb700 10 cache get:
>>> name=.users+I420IKX56ZP09BTN4CML : hit
>>> 2014-07-15 22:48:15.771442 7fbb85fdb700 20 get_obj_state: s->obj_tag was
>>> set empty
>>> 2014-07-15 22:48:15.771537 7fbb85fdb700 10 cache get:
>>> name=.users+I420IKX56ZP09BTN4CML : hit
>>> 2014-07-15 22:48:15.773278 7fbb85fdb700 20 get_obj_state:
>>> rctx=0x7fbbc800f750 obj=.users.uid:lakshmi state=0x7fbbc8008208
>>> s->prefetch_data=0
>>> 2014-07-15 22:48:15.773288 7fbb85fdb700 10 cache get:
>>> name=.users.uid+lakshmi : hit
>>> 2014-07-15 22:48:15.773293 7fbb85fdb700 20 get_obj_state: s->obj_tag was
>>> set empty
>>> 2014-07-15 22:48:15.773297 7fbb85fdb700 10 cache get:
>>> name=.users.uid+lakshmi : hit
>>> 2014-07-15 22:48:15.774247 7fbb85fdb700 10 get_canon_resource():
>>> dest=http://ceph-gateway.ex.com/
>>> 2014-07-15 22:48:15.774326 7fbb85fdb700 10 auth_hdr:
>>> GET
>>> Wed, 16 Jul 2014 05:48:48 GMT
>>> http://ceph-gateway.ex.com/
>>> 2014-07-15 22:48:15.775425 7fbb85fdb700 15 calculated
>>> digest=k80Z0p3KlwX4TtrZa0Ws0IWCpVU=
>>> 2014-07-15 22:48:15.775498 7fbb85fdb700 15
>>> auth_sign=aAd2u8uD1x/FwLAojm+vceWaITY=
>>> 2014-07-15 22:48:15.775536 7fbb85fdb700 15 compare=-10
>>> 2014-07-15 22:48:15.775603 7fbb85fdb700 10 failed to authorize request
>>
>>That tells you that the gateway calculated a different signature then
>>your client did. So something with the access and secret key is wrong.
>>
>>Wido
>>
>>> 2014-07-15 22:48:15.776202 7fbb85fdb7002 req 17:0.007071:s3:GET
>>> http://ceph-gateway.ex.com/:list_buckets:http status=403
>>> 2014-07-15 22:48:15.776325 7fbb85fdb7001 ====== req done
>>> req=0x7fbbe910b290 http_status=403 ======
>>> 2014-07-15 22:48:15.776435 7fbb85fdb700 20 process_request() returned -1
>>>
>>> --------------------------------------------------------------------------------------------------------------------------------
>>> Using Swift-Client -
>>> swift --debug -V 1.0 -A http://ceph-gateway.ex.com/auth/1.0 -U
>>> ganapati:swift -K "GIn60fmdvnEh5tSiRziixcO5wVxZjg9eoYmtX3hJ" list
>>> INFO:urllib3.connectionpool:Starting new HTTP connection (1):
>>> ceph-gateway.ex.com
>>> DEBUG:urllib3.connectionpool:Setting read timeout to <object object at
>>> 0x7f3e1cf38090>
>>> DEBUG:urllib3.connectionpool:"GET /auth/1.0 HTTP/1.1" 403 23
>>> ('lks: response %s', <Response [403]>)
>>> INFO:swiftclient:REQ: curl -i http://ceph-gateway.ex.com/auth/1.0 -X GET
>>> INFO:swiftclient:RESP STATUS: 403 Forbidden
>>> INFO:swiftclient:RESP HEADERS: [('date', 'Wed, 16 Jul 2014 05:45:22
>>> GMT'), ('accept-ranges', 'bytes'), ('content-type', 'application/json'),
>>> ('content-length', '23'), ('server', 'Apache/2.4.7 (Ubuntu)')]
>>> INFO:swiftclient:RESP BODY: {"Code":"AccessDenied"}
>>> ERROR:swiftclient:Auth GET failed: http://ceph-gateway.ex.com/auth/1.0
>>> 403 Forbidden
>>> Traceback (most recent call last):
>>> File "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line
>>> 1187, in _retry
>>> self.url, self.token = self.get_auth()
>>> File "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line
>>> 1161, in get_auth
>>> insecure=self.insecure)
>>> File "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 324,
>>> in get_auth
>>> insecure=insecure)
>>> File "/usr/lib/python2.7/dist-packages/swiftclient/client.py", line 247,
>>> in get_auth_1_0
>>> http_reason=resp.reason)
>>> ClientException: Auth GET failed: http://ceph-gateway.ex.com/auth/1.0
>>> 403 Forbidden
>>> Radosgw log -
>>> 2014-07-15 22:45:22.654754 7fbb697a27001 ====== starting new request
>>> req=0x7fbbe910c3d0 =====
>>> 2014-07-15 22:45:22.654844 7fbb697a27002 req 16:0.000091::GET
>>> /auth/1.0::initializing
>>> 2014-07-15 22:45:22.655062 7fbb697a27002 req 16:0.000308:swift-auth:GET
>>> /auth/1.0::getting op
>>> 2014-07-15 22:45:22.655073 7fbb697a27002 req 16:0.000321:swift-auth:GET
>>> /auth/1.0:swift_auth_get:authorizing
>>> 2014-07-15 22:45:22.655088 7fbb697a27002 req 16:0.000335:swift-auth:GET
>>> /auth/1.0:swift_auth_get:reading permissions
>>> 2014-07-15 22:45:22.655095 7fbb697a27002 req 16:0.000342:swift-auth:GET
>>> /auth/1.0:swift_auth_get:init op
>>> 2014-07-15 22:45:22.655108 7fbb697a27002 req 16:0.000355:swift-auth:GET
>>> /auth/1.0:swift_auth_get:verifying op mask
>>> 2014-07-15 22:45:22.655119 7fbb697a2700 20 required_mask= 0 user.op_mask=7
>>> 2014-07-15 22:45:22.655125 7fbb697a27002 req 16:0.000372:swift-auth:GET
>>> /auth/1.0:swift_auth_get:verifying op permissions
>>> 2014-07-15 22:45:22.655132 7fbb697a27002 req 16:0.000379:swift-auth:GET
>>> /auth/1.0:swift_auth_get:verifying op params
>>> 2014-07-15 22:45:22.655138 7fbb697a27002 req 16:0.000385:swift-auth:GET
>>> /auth/1.0:swift_auth_get:executing
>>> 2014-07-15 22:45:22.655363 7fbb697a2700 20 get_obj_state:
>>> rctx=0x7fbba0048cc0 obj=.users.swift:ganapati:swift state=0x7fbba0010fd8
>>> s->prefetch_data=0
>>> 2014-07-15 22:45:22.655427 7fbb697a2700 10 cache get:
>>> name=.users.swift+ganapati:swift : type miss (requested=6, cached=0)
>>> 2014-07-15 22:45:22.662199 7fbb697a2700 10 cache put:
>>> name=.users.swift+ganapati:swift
>>> 2014-07-15 22:45:22.662239 7fbb697a2700 10 moving
>>> .users.swift+ganapati:swift to cache LRU end
>>> 2014-07-15 22:45:22.662357 7fbb697a27002 req 16:0.007603:swift-auth:GET
>>> /auth/1.0:swift_auth_get:http status=403
>>> 2014-07-15 22:45:22.662379 7fbb697a27001 ====== req done
>>> req=0x7fbbe910c3d0 http_status=403 ======
>>> ceph.conf
>>> [global]
>>> fsid = ecb2d0d4-cfc9-4fb9-a98d-002fa1b228f1
>>> mon_initial_members = node1
>>> mon_host = 192.168.122.108
>>> auth_cluster_required = cephx
>>> auth_service_required = cephx
>>> auth_client_required = cephx
>>> filestore_xattr_use_omap = true
>>>
>>> [client.admin]
>>> keyring = /etc/ceph/ceph.client.admin.keyring
>>>
>>> [client.radosgw.gateway]
>>> host = ceph-gateway
>>> keyring = /etc/ceph/ceph.client.radosgw.keyring
>>> rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
>>> log file = /var/log/ceph/client.radosgw.gateway.log
>>> rgw dns name = ceph-gateway.ex.com
>>> rgw print continue = false
>>> rgw debug = 20
>>> rgw enable usage log = true
>>>
>>> Appreciate your help.
>>> Thanks,
>>> Lakshmi.
>>>
>>>
>>>
>>> _______________________________________________
>>> ceph-users mailing list
>>> ceph-users at lists.ceph.com
>>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>>>
>>
>>
>>--
>>Wido den Hollander
>>42on B.V.
>>Ceph trainer and consultant
>>
>>Phone: +31 (0)20 700 9902
>>Skype: contact42on
>>_______________________________________________
>>ceph-users mailing list
>>ceph-users at lists.ceph.com
>>http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>>
>
>
>
>
-- 
>
>Vincenzo Pii
>
Researcher, InIT Cloud Computing Lab
>Zurich University of Applied Sciences (ZHAW)
>http://www.cloudcomp.ch/
>
>_______________________________________________
>ceph-users mailing list
>ceph-users at lists.ceph.com
>http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
>
>


-- 

Vincenzo Pii
Researcher, InIT Cloud Computing Lab
Zurich University of Applied Sciences (ZHAW)
http://www.cloudcomp.ch/

_______________________________________________
ceph-users mailing list
ceph-users at lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ceph.com/pipermail/ceph-users-ceph.com/attachments/20140716/3d535fde/attachment.htm>
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux