Re: RadosGW over HTTPS

Yehuda Sadeh <yehuda@xxxxxxxxxx> · Wed, 8 Oct 2014 09:25:43 -0700

On Wed, Oct 8, 2014 at 9:21 AM, Marco Garcês <marco@xxxxxxxxx> wrote:
> I believe so:
> 2014-10-08 18:19:38.438133 7f9119b90700  2
> RGWDataChangesLog::ChangesRenewThread: start
> 2014-10-08 18:19:44.151527 7f90ea7fc700 20 enqueued request req=0x1b9e400
> 2014-10-08 18:19:44.151558 7f90ea7fc700 20 RGWWQ:
> 2014-10-08 18:19:44.151561 7f90ea7fc700 20 req: 0x1b9e400
> 2014-10-08 18:19:44.151569 7f90ea7fc700 10 allocated request req=0x1b9e6f0
> 2014-10-08 18:19:44.151595 7f90e97fa700 20 dequeued request req=0x1b9e400
> 2014-10-08 18:19:44.151600 7f90e97fa700 20 RGWWQ: empty
> 2014-10-08 18:19:44.151655 7f90e97fa700 20 CONTENT_LENGTH=
> 2014-10-08 18:19:44.151659 7f90e97fa700 20 CONTENT_TYPE=
> 2014-10-08 18:19:44.151660 7f90e97fa700 20 DOCUMENT_ROOT=/usr/local/nginx/html
> 2014-10-08 18:19:44.151662 7f90e97fa700 20 DOCUMENT_URI=/auth
> 2014-10-08 18:19:44.151663 7f90e97fa700 20 FCGI_ROLE=RESPONDER
> 2014-10-08 18:19:44.151665 7f90e97fa700 20 GATEWAY_INTERFACE=CGI/1.1
> 2014-10-08 18:19:44.151666 7f90e97fa700 20 HTTP_ACCEPT=*/*
> 2014-10-08 18:19:44.151668 7f90e97fa700 20 HTTP_HOST=gateway.local
> 2014-10-08 18:19:44.151669 7f90e97fa700 20 HTTP_SERVER_PORT_SECURE=443

This is not what we expect. The server translates it into
HTTP_SERVER_PORT_SECURE, whereas we need it to be SERVER_PORT_SECURE.
Maybe there's a way to configure the web server to send the needed
header?

Yehuda

> 2014-10-08 18:19:44.151670 7f90e97fa700 20 HTTP_USER_AGENT=curl/7.30.0
> 2014-10-08 18:19:44.151672 7f90e97fa700 20
> HTTP_X_AUTH_KEY=QoakiyY0tg8jULacsJLsmAbyZHJbY5g/Rc/dOHK3
> 2014-10-08 18:19:44.151673 7f90e97fa700 20 HTTP_X_AUTH_USER=frontend:swf0002
> 2014-10-08 18:19:44.151675 7f90e97fa700 20 HTTPS=on
> 2014-10-08 18:19:44.151676 7f90e97fa700 20 QUERY_STRING=
> 2014-10-08 18:19:44.151677 7f90e97fa700 20 REDIRECT_STATUS=200
> 2014-10-08 18:19:44.151678 7f90e97fa700 20 REMOTE_ADDR=10.5.5.222
> 2014-10-08 18:19:44.151679 7f90e97fa700 20 REMOTE_PORT=64145
> 2014-10-08 18:19:44.151680 7f90e97fa700 20 REQUEST_METHOD=GET
> 2014-10-08 18:19:44.151681 7f90e97fa700 20 REQUEST_URI=/auth
> 2014-10-08 18:19:44.151682 7f90e97fa700 20 SCRIPT_NAME=/auth
> 2014-10-08 18:19:44.151683 7f90e97fa700 20 SERVER_ADDR=10.2.27.80
> 2014-10-08 18:19:44.151684 7f90e97fa700 20 SERVER_NAME=gateway.local
> 2014-10-08 18:19:44.151685 7f90e97fa700 20 SERVER_PORT=443
> 2014-10-08 18:19:44.151686 7f90e97fa700 20 SERVER_PROTOCOL=HTTP/1.1
> 2014-10-08 18:19:44.151687 7f90e97fa700 20 SERVER_SOFTWARE=nginx/1.4.7
> 2014-10-08 18:19:44.151690 7f90e97fa700  1 ====== starting new request
> req=0x1b9e400 =====
> 2014-10-08 18:19:44.151711 7f90e97fa700  2 req 2:0.000022::GET
> /auth::initializing
> 2014-10-08 18:19:44.151718 7f90e97fa700 10 host=gateway.local
> rgw_dns_name=gateway.local
> 2014-10-08 18:19:44.151757 7f90e97fa700  2 req
> 2:0.000068:swift-auth:GET /auth::getting op
> 2014-10-08 18:19:44.151763 7f90e97fa700  2 req
> 2:0.000075:swift-auth:GET /auth:swift_auth_get:authorizing
> 2014-10-08 18:19:44.151767 7f90e97fa700  2 req
> 2:0.000078:swift-auth:GET /auth:swift_auth_get:reading permissions
> 2014-10-08 18:19:44.151770 7f90e97fa700  2 req
> 2:0.000082:swift-auth:GET /auth:swift_auth_get:init op
> 2014-10-08 18:19:44.151773 7f90e97fa700  2 req
> 2:0.000085:swift-auth:GET /auth:swift_auth_get:verifying op mask
> 2014-10-08 18:19:44.151797 7f90e97fa700 20 required_mask= 0 user.op_mask=7
> 2014-10-08 18:19:44.151799 7f90e97fa700  2 req
> 2:0.000111:swift-auth:GET /auth:swift_auth_get:verifying op
> permissions
> 2014-10-08 18:19:44.151803 7f90e97fa700  2 req
> 2:0.000115:swift-auth:GET /auth:swift_auth_get:verifying op params
> 2014-10-08 18:19:44.151806 7f90e97fa700  2 req
> 2:0.000117:swift-auth:GET /auth:swift_auth_get:executing
> 2014-10-08 18:19:44.151874 7f90e97fa700 20 get_obj_state:
> rctx=0x7f90d8018380 obj=.users.swift:frontend:swf0002
> state=0x7f90d8022c18 s->prefetch_data=0
> 2014-10-08 18:19:44.151895 7f90e97fa700 10 cache get:
> name=.users.swift+frontend:swf0002 : type miss (requested=6, cached=3)
> 2014-10-08 18:19:44.153757 7f90e97fa700 10 cache put:
> name=.users.swift+frontend:swf0002
> 2014-10-08 18:19:44.153763 7f90e97fa700 10 moving
> .users.swift+frontend:swf0002 to cache LRU end
> 2014-10-08 18:19:44.153770 7f90e97fa700 20 get_obj_state: s->obj_tag
> was set empty
> 2014-10-08 18:19:44.153780 7f90e97fa700 10 cache get:
> name=.users.swift+frontend:swf0002 : hit
> 2014-10-08 18:19:44.153828 7f90e97fa700 20 get_obj_state:
> rctx=0x7f90d8018380 obj=.users.uid:frontend state=0x7f90d8023578
> s->prefetch_data=0
> 2014-10-08 18:19:44.153837 7f90e97fa700 10 cache get:
> name=.users.uid+frontend : type miss (requested=6, cached=3)
> 2014-10-08 18:19:44.154943 7f90e97fa700 10 cache put: name=.users.uid+frontend
> 2014-10-08 18:19:44.154950 7f90e97fa700 10 moving .users.uid+frontend
> to cache LRU end
> 2014-10-08 18:19:44.154955 7f90e97fa700 20 get_obj_state: s->obj_tag
> was set empty
> 2014-10-08 18:19:44.154964 7f90e97fa700 10 cache get:
> name=.users.uid+frontend : hit
> 2014-10-08 18:19:44.155195 7f90e97fa700 20 build_token
> token=1000000066726f6e74656e643a73776630303032b17a9677d4308301a0b53654f8d73f09
> 2014-10-08 18:19:44.155760 7f90e97fa700  2 req
> 2:0.004071:swift-auth:GET /auth:swift_auth_get:http status=204
> 2014-10-08 18:19:44.155771 7f90e97fa700  1 ====== req done
> req=0x1b9e400 http_status=204 ======
> 2014-10-08 18:19:44.155779 7f90e97fa700 20 process_request() returned -1902
> 2014-10-08 18:19:50.503255 7f911e98e700  0 WARNING:
> RGWRados::log_usage(): user name empty (bucket=), skipping
>
>
> On Wed, Oct 8, 2014 at 5:46 PM, Yehuda Sadeh <yehuda@xxxxxxxxxx> wrote:
>> debug rgw = 20
>
>
> I
>
> Marco Garcês
> #sysadmin
> Maputo - Mozambique
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com