How do I troubleshoot radosgw errors STS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I've setup RadosGW with STS ontop of my ceph cluster. It works great and fine but I'm also trying to setup authentication with an OpenIDConnect provider. I'm have a hard time troubleshooting issues because the radosgw log file doesn't have much information in it. For example when I try to use the `sts:AssumeRoleWithWebIdentity` API it fails with `{'Code': 'AccessDenied', ...}` and all I see is the beat log showing an HTTP 403.

Is there a way to enable more verbose logging so I can see what is failing and why I'm getting certain errors with STS, S3, or IAM apis?

My ceph.conf looks like this for each node (mildly redacted):

```
[client.radosgw.pve4]
    host = pve4
    keyring = /etc/pve/priv/ceph.client.radosgw.keyring
    log file = /var/log/ceph/client.radosgw.$host.log
    rgw_dns_name = s3.lab
    rgw_frontends = beast endpoint=0.0.0.0:7480 ssl_endpoint=0.0.0.0:443 ssl_certificate=/etc/pve/priv/ceph/s3.lab.crt ssl_private_key=/etc/pve/priv/ceph/s3.lab.key
    rgw_sts_key = 1111111111111111
    rgw_s3_auth_use_sts = true
    rgw_enable_apis = s3, s3website, admin, sts, iam
```
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux