Re: How do I troubleshoot radosgw errors STS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

What version of ceph are you using? Can you share the trust policy that is
attached to the role being assumed?

Thanks,
Pritha

On Wed, Mar 1, 2023 at 9:07 PM <mat@xxxxxxxxxx> wrote:

> I've setup RadosGW with STS ontop of my ceph cluster. It works great and
> fine but I'm also trying to setup authentication with an OpenIDConnect
> provider. I'm have a hard time troubleshooting issues because the radosgw
> log file doesn't have much information in it. For example when I try to use
> the `sts:AssumeRoleWithWebIdentity` API it fails with `{'Code':
> 'AccessDenied', ...}` and all I see is the beat log showing an HTTP 403.
>
> Is there a way to enable more verbose logging so I can see what is failing
> and why I'm getting certain errors with STS, S3, or IAM apis?
>
> My ceph.conf looks like this for each node (mildly redacted):
>
> ```
> [client.radosgw.pve4]
>     host = pve4
>     keyring = /etc/pve/priv/ceph.client.radosgw.keyring
>     log file = /var/log/ceph/client.radosgw.$host.log
>     rgw_dns_name = s3.lab
>     rgw_frontends = beast endpoint=0.0.0.0:7480 ssl_endpoint=0.0.0.0:443
> ssl_certificate=/etc/pve/priv/ceph/s3.lab.crt
> ssl_private_key=/etc/pve/priv/ceph/s3.lab.key
>     rgw_sts_key = 1111111111111111
>     rgw_s3_auth_use_sts = true
>     rgw_enable_apis = s3, s3website, admin, sts, iam
> ```
> _______________________________________________
> ceph-users mailing list -- ceph-users@xxxxxxx
> To unsubscribe send an email to ceph-users-leave@xxxxxxx
>
>
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx




[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux