Seems like the issue is this line in the radosgw-configuration: rgw_dns_name = It is only binded to the one which is listed there and ignore the cname totally and haproxy ... Is there a way to have 2 rgw_dns_name? When I've pleayed around to put 2 names or 2 complete entries doesn't work. Istvan Szabo Senior Infrastructure Engineer --------------------------------------------------- Agoda Services Co., Ltd. e: istvan.szabo@xxxxxxxxx --------------------------------------------------- -----Original Message----- From: Szabo, Istvan (Agoda) <Istvan.Szabo@xxxxxxxxx> Sent: Friday, March 12, 2021 10:33 AM To: Ceph Users <ceph-users@xxxxxxx> Subject: ERROR: S3 error: 403 (SignatureDoesNotMatch) Email received from outside the company. If in doubt don't click links nor open attachments! ________________________________ Hi, I'm struggling with my old cluster cnamed address. The s3 and curl commands are working properly with the not cnamed address, but with the cnamed one, I got this in the ciwetweb log: 2021-03-12 10:24:18.812329 7f6b0c527700 1 ====== starting new request req=0x7f6b0c520f90 ===== 2021-03-12 10:24:18.812387 7f6b0c527700 2 req 10:0.000058::HEAD /::initializing for trans_id = tx00000000000000000000a-00604adee2-8e4fc3-default 2021-03-12 10:24:18.812412 7f6b0c527700 10 rgw api priority: s3=5 s3website=4 2021-03-12 10:24:18.812417 7f6b0c527700 10 host=cnamedhostname 2021-03-12 10:24:18.812484 7f6b0c527700 10 handler=25RGWHandler_REST_Bucket_S3 2021-03-12 10:24:18.812490 7f6b0c527700 2 req 10:0.000163:s3:HEAD /::getting op 3 2021-03-12 10:24:18.812499 7f6b0c527700 10 op=25RGWStatBucket_ObjStore_S3 2021-03-12 10:24:18.812503 7f6b0c527700 2 req 10:0.000176:s3:HEAD /:stat_bucket:verifying requester 2021-03-12 10:24:18.812541 7f6b0c527700 2 req 10:0.000214:s3:HEAD /:stat_bucket:normalizing buckets and tenants 2021-03-12 10:24:18.812548 7f6b0c527700 10 s->object=<NULL> s->bucket= cnamedhostname 2021-03-12 10:24:18.812556 7f6b0c527700 2 req 10:0.000229:s3:HEAD /:stat_bucket:init permissions 2021-03-12 10:24:18.812594 7f6b0c527700 10 cache get: name=default.rgw.meta+root+ cnamedhostname : type miss (requested=0x16, cached=0x0) 2021-03-12 10:24:18.813525 7f6b0c527700 10 cache put: name=default.rgw.meta+root+ cnamedhostname info.flags=0x0 2021-03-12 10:24:18.813554 7f6b0c527700 10 moving default.rgw.meta+root+ cnamedhostname to cache LRU end 2021-03-12 10:24:18.813664 7f6b0c527700 10 read_permissions on cnamedhostname [] ret=-2002 2021-03-12 10:24:18.813833 7f6b0c527700 2 req 10:0.001506:s3:HEAD /:stat_bucket:op status=0 2021-03-12 10:24:18.813848 7f6b0c527700 2 req 10:0.001520:s3:HEAD /:stat_bucket:http status=404 2021-03-12 10:24:18.813855 7f6b0c527700 1 ====== req done req=0x7f6b0c520f90 op status=0 http_status=404 ====== 2021-03-12 10:24:18.813962 7f6b0c527700 1 civetweb: 0x557d45468000: 10.118.199.248 - - [12/Mar/2021:10:24:18 +0700] "HEAD / HTTP/1.1" 404 0 - curl/7.29.0 And I got this on the s3cmd verbose output: DEBUG: s3cmd version 2.1.0 DEBUG: ConfigParser: Reading file '.s3cfg-testuser-http' DEBUG: ConfigParser: access_key->29...17_chars...J DEBUG: ConfigParser: secret_key->fK...37_chars...R DEBUG: ConfigParser: host_base->cnamedhostname:80 DEBUG: ConfigParser: host_bucket->cnamedhostname:80/%(bucket) DEBUG: ConfigParser: use_https->False DEBUG: ConfigParser: signature_v2->True DEBUG: Updating Config.Config cache_file -> DEBUG: Updating Config.Config follow_symlinks -> False DEBUG: Updating Config.Config verbosity -> 10 DEBUG: Unicodising 'ls' using UTF-8 DEBUG: Command: ls DEBUG: CreateRequest: resource[uri]=/ DEBUG: Using signature v2 DEBUG: SignHeaders: u'GET\n\n\n\nx-amz-date:Fri, 12 Mar 2021 03:31:39 +0000\n/' DEBUG: Processing request, please wait... DEBUG: get_hostname(None): cnamedhostname DEBUG: ConnMan.get(): creating new connection: http://cnamedhostname DEBUG: non-proxied HTTPConnection(cnamedhostname, None) DEBUG: format_uri(): / DEBUG: Sending request method_string='GET', uri=u'/', headers={'Authorization': u'AWS 293WEU2ADWGIUO4RN39J:Q7kh7kzWXWSqMvUqqWwLOY6QKUE=', 'x-amz-date': 'Fri, 12 Mar 2021 03:31:39 +0000'}, body=(0 bytes) DEBUG: ConnMan.put(): connection put back to pool (http://cnamedhostname#1) DEBUG: Response: {'data': '<?xml version="1.0" encoding="UTF-8"?><Error><Code>SignatureDoesNotMatch</Code><RequestId>tx00000000000000000000b-00604ae09b-8e4fbd-default</RequestId><HostId>8e4fbd-default-default</HostId></Error>', 'headers': {'accept-ranges': 'bytes', 'content-length': '198', 'content-type': 'application/xml', 'date': 'Fri, 12 Mar 2021 03:31:39 GMT', 'x-amz-request-id': 'tx00000000000000000000b-00604ae09b-8e4fbd-default'}, 'reason': 'Forbidden', 'status': 403} DEBUG: S3Error: 403 (Forbidden) DEBUG: HttpHeader: date: Fri, 12 Mar 2021 03:31:39 GMT DEBUG: HttpHeader: content-length: 198 DEBUG: HttpHeader: x-amz-request-id: tx00000000000000000000b-00604ae09b-8e4fbd-default DEBUG: HttpHeader: content-type: application/xml DEBUG: HttpHeader: accept-ranges: bytes DEBUG: ErrorXML: Code: 'SignatureDoesNotMatch' DEBUG: ErrorXML: RequestId: 'tx00000000000000000000b-00604ae09b-8e4fbd-default' DEBUG: ErrorXML: HostId: '8e4fbd-default-default' ERROR: S3 error: 403 (SignatureDoesNotMatch) Any idea? Thank you ________________________________ This message is confidential and is for the sole use of the intended recipient(s). It may also be privileged or otherwise protected by copyright or other legal rules. If you have received it by mistake please let us know by reply email and delete it from your system. It is prohibited to copy this message or disclose its content to anyone. Any confidentiality or privilege is not waived or lost by any mistaken delivery or unauthorized disclosure of the message. All messages sent to and from Agoda may be monitored to ensure compliance with company policies, to protect the company's interests and to remove potential malware. Electronic messages may be intercepted, amended, lost or deleted, or contain viruses. _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |