Re: ERROR: S3 error: 403 (SignatureDoesNotMatch)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Seems like the issue is this line in the radosgw-configuration:

rgw_dns_name = 

It is only binded to the one which is listed there and ignore the cname totally and haproxy ...
Is there a way to have 2 rgw_dns_name?

When I've pleayed around to put 2 names or 2 complete entries doesn't work.

Istvan Szabo
Senior Infrastructure Engineer
---------------------------------------------------
Agoda Services Co., Ltd.
e: istvan.szabo@xxxxxxxxx
---------------------------------------------------

-----Original Message-----
From: Szabo, Istvan (Agoda) <Istvan.Szabo@xxxxxxxxx> 
Sent: Friday, March 12, 2021 10:33 AM
To: Ceph Users <ceph-users@xxxxxxx>
Subject:  ERROR: S3 error: 403 (SignatureDoesNotMatch)

Email received from outside the company. If in doubt don't click links nor open attachments!
________________________________

Hi,

I'm struggling with my old cluster cnamed address.
The s3 and curl commands are working properly with the not cnamed address, but with the cnamed one, I got this in the ciwetweb log:

2021-03-12 10:24:18.812329 7f6b0c527700  1 ====== starting new request req=0x7f6b0c520f90 =====
2021-03-12 10:24:18.812387 7f6b0c527700  2 req 10:0.000058::HEAD /::initializing for trans_id = tx00000000000000000000a-00604adee2-8e4fc3-default
2021-03-12 10:24:18.812412 7f6b0c527700 10 rgw api priority: s3=5 s3website=4
2021-03-12 10:24:18.812417 7f6b0c527700 10 host=cnamedhostname
2021-03-12 10:24:18.812484 7f6b0c527700 10 handler=25RGWHandler_REST_Bucket_S3
2021-03-12 10:24:18.812490 7f6b0c527700  2 req 10:0.000163:s3:HEAD /::getting op 3
2021-03-12 10:24:18.812499 7f6b0c527700 10 op=25RGWStatBucket_ObjStore_S3
2021-03-12 10:24:18.812503 7f6b0c527700  2 req 10:0.000176:s3:HEAD /:stat_bucket:verifying requester
2021-03-12 10:24:18.812541 7f6b0c527700  2 req 10:0.000214:s3:HEAD /:stat_bucket:normalizing buckets and tenants
2021-03-12 10:24:18.812548 7f6b0c527700 10 s->object=<NULL> s->bucket= cnamedhostname
2021-03-12 10:24:18.812556 7f6b0c527700  2 req 10:0.000229:s3:HEAD /:stat_bucket:init permissions
2021-03-12 10:24:18.812594 7f6b0c527700 10 cache get: name=default.rgw.meta+root+ cnamedhostname : type miss (requested=0x16, cached=0x0)
2021-03-12 10:24:18.813525 7f6b0c527700 10 cache put: name=default.rgw.meta+root+ cnamedhostname info.flags=0x0
2021-03-12 10:24:18.813554 7f6b0c527700 10 moving default.rgw.meta+root+ cnamedhostname to cache LRU end
2021-03-12 10:24:18.813664 7f6b0c527700 10 read_permissions on cnamedhostname [] ret=-2002
2021-03-12 10:24:18.813833 7f6b0c527700  2 req 10:0.001506:s3:HEAD /:stat_bucket:op status=0
2021-03-12 10:24:18.813848 7f6b0c527700  2 req 10:0.001520:s3:HEAD /:stat_bucket:http status=404
2021-03-12 10:24:18.813855 7f6b0c527700  1 ====== req done req=0x7f6b0c520f90 op status=0 http_status=404 ======
2021-03-12 10:24:18.813962 7f6b0c527700  1 civetweb: 0x557d45468000: 10.118.199.248 - - [12/Mar/2021:10:24:18 +0700] "HEAD / HTTP/1.1" 404 0 - curl/7.29.0

And I got this on the s3cmd verbose output:
DEBUG: s3cmd version 2.1.0
DEBUG: ConfigParser: Reading file '.s3cfg-testuser-http'
DEBUG: ConfigParser: access_key->29...17_chars...J
DEBUG: ConfigParser: secret_key->fK...37_chars...R
DEBUG: ConfigParser: host_base->cnamedhostname:80
DEBUG: ConfigParser: host_bucket->cnamedhostname:80/%(bucket)
DEBUG: ConfigParser: use_https->False
DEBUG: ConfigParser: signature_v2->True
DEBUG: Updating Config.Config cache_file ->
DEBUG: Updating Config.Config follow_symlinks -> False
DEBUG: Updating Config.Config verbosity -> 10
DEBUG: Unicodising 'ls' using UTF-8
DEBUG: Command: ls
DEBUG: CreateRequest: resource[uri]=/
DEBUG: Using signature v2
DEBUG: SignHeaders: u'GET\n\n\n\nx-amz-date:Fri, 12 Mar 2021 03:31:39 +0000\n/'
DEBUG: Processing request, please wait...
DEBUG: get_hostname(None): cnamedhostname
DEBUG: ConnMan.get(): creating new connection: http://cnamedhostname
DEBUG: non-proxied HTTPConnection(cnamedhostname, None)
DEBUG: format_uri(): /
DEBUG: Sending request method_string='GET', uri=u'/', headers={'Authorization': u'AWS 293WEU2ADWGIUO4RN39J:Q7kh7kzWXWSqMvUqqWwLOY6QKUE=', 'x-amz-date': 'Fri, 12 Mar 2021 03:31:39 +0000'}, body=(0 bytes)
DEBUG: ConnMan.put(): connection put back to pool (http://cnamedhostname#1)
DEBUG: Response:
{'data': '<?xml version="1.0" encoding="UTF-8"?><Error><Code>SignatureDoesNotMatch</Code><RequestId>tx00000000000000000000b-00604ae09b-8e4fbd-default</RequestId><HostId>8e4fbd-default-default</HostId></Error>',
'headers': {'accept-ranges': 'bytes',
             'content-length': '198',
             'content-type': 'application/xml',
             'date': 'Fri, 12 Mar 2021 03:31:39 GMT',
             'x-amz-request-id': 'tx00000000000000000000b-00604ae09b-8e4fbd-default'},
'reason': 'Forbidden',
'status': 403}
DEBUG: S3Error: 403 (Forbidden)
DEBUG: HttpHeader: date: Fri, 12 Mar 2021 03:31:39 GMT
DEBUG: HttpHeader: content-length: 198
DEBUG: HttpHeader: x-amz-request-id: tx00000000000000000000b-00604ae09b-8e4fbd-default
DEBUG: HttpHeader: content-type: application/xml
DEBUG: HttpHeader: accept-ranges: bytes
DEBUG: ErrorXML: Code: 'SignatureDoesNotMatch'
DEBUG: ErrorXML: RequestId: 'tx00000000000000000000b-00604ae09b-8e4fbd-default'
DEBUG: ErrorXML: HostId: '8e4fbd-default-default'
ERROR: S3 error: 403 (SignatureDoesNotMatch)

Any idea?

Thank you

________________________________
This message is confidential and is for the sole use of the intended recipient(s). It may also be privileged or otherwise protected by copyright or other legal rules. If you have received it by mistake please let us know by reply email and delete it from your system. It is prohibited to copy this message or disclose its content to anyone. Any confidentiality or privilege is not waived or lost by any mistaken delivery or unauthorized disclosure of the message. All messages sent to and from Agoda may be monitored to ensure compliance with company policies, to protect the company's interests and to remove potential malware. Electronic messages may be intercepted, amended, lost or deleted, or contain viruses.
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx




[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux