Hi,
Zitat von Iztok Gregori via ceph-users <[email protected]>:
On 27/05/26 09:36, Eugen Block via ceph-users wrote:
The description in this tracker [0] looks identical, but it is
supposed to be fixed. Do you have rgw_dns_name set?
Yes, at certain point I configured client.rgw rgw_dns_name to the
FQDN belonging to the virtual IP of the ingress service.
does it mean that it works now?
BTW, how you 'unset' a configuration variable, you just put a empty
string or you use the rm option?
ceph config set client.rgw rgw_dns_name ''
or
ceph config rm client.rgw rgw_dns_name
?
That's the correct one (config rm).
[0] https://tracker.ceph.com/issues/62396
Zitat von Iztok Gregori via ceph-users <[email protected]>:
Hi Eugen!
On 23/05/26 23:54, Eugen Block via ceph-users wrote:
Hi,
I might be wrong, but I don't think it's a cert issue. If you
look in the mgr log, do you see more information that just the
SignatureDoesNotMatch error?
On further investigations I'm also convinced that is nothing to do
with the certificates but more about the permissions of the
'dashboard' user. This is the exception that is thrown from the
mgr logs:
[dashboard INFO rgw_client] Found RGW daemon with configuration:
host=node-01.domain.com, port=4443, ssl=True
[dashboard INFO rgw_client] Found RGW daemon with configuration:
host=node-03.domain.com, port=4443, ssl=True
[dashboard INFO rgw_client] Found RGW daemon with configuration:
host=node-02.domain.com, port=4443, ssl=True
[dashboard INFO rgw_client] Found RGW daemon with configuration:
host=node-04.domain.com, port=4443, ssl=True
[dashboard INFO rgw_client] Found RGW daemon with configuration:
host=node-05.domain.com, port=4443, ssl=True
[dashboard INFO request] [::ffff:140.105.2.28:41732] [GET] [200]
[0.005s] [admin] [308.0B] /api/health/snapshot
[dashboard INFO request] [::ffff:140.105.2.28:41732] [GET] [200]
[0.007s] [admin] [22.0B] /api/prometheus/alertgroup
[dashboard INFO request] [::ffff:140.105.2.28:41732] [GET] [200]
[0.012s] [admin] [376.0B] /api/multi-cluster/get_config
[dashboard INFO request] [::ffff:140.105.2.28:41760] [GET] [200]
[0.028s] [admin] [1.2K] /api/summary
[dashboard ERROR rest_client] RGW REST API failed GET req status: 403
[dashboard ERROR rgw_client] RGW REST API failed request with
status code 403
(b'{"Code":"SignatureDoesNotMatch","Message":"","RequestId":"tx00000629cfb33d5e'
b'da4c7-006a141bf6-308299-eros","HostId":"308299-zone-zonegroup"}')
Traceback (most recent call last):
File "/usr/share/ceph/mgr/dashboard/services/rgw_client.py",
line 413, in __init__
self.userid = self._get_user_id(self.admin_path) if
self.got_keys_from_config \
File "/usr/share/ceph/mgr/dashboard/rest_client.py", line 538,
in func_wrapper
return func(
File "/usr/share/ceph/mgr/dashboard/services/rgw_client.py",
line 448, in _get_user_id
response = request()
File "/usr/share/ceph/mgr/dashboard/rest_client.py", line 324,
in __call__
resp = self.rest_client.do_request(method, self._gen_path(), params,
File "/usr/share/ceph/mgr/dashboard/rest_client.py", line 422,
in do_request
raise RequestException(
dashboard.rest_client.RequestException: RGW REST API failed
request with status code 403
(b'{"Code":"SignatureDoesNotMatch","Message":"","RequestId":"tx00000629cfb33d5e'
b'da4c7-006a141bf6-308299-zone","HostId":"308299-zone-zonegroup"}')
Could it be mismatching dashboard-rgw-api settings? Have you
checked these settings?
ceph dashboard get-rgw-api-admin-resource
It's the default, 'admin'. I also reset the value with
"reset-rgw-api- admin-resource", so technically now is 'unset'.
Question what should be the value if not 'admin'?
ceph dashboard get-rgw-api-access-key
ceph dashboard get-rgw-api-secret-key
They should match with:
radosgw-admin user info --uid dashboard | jq -r '.keys'
The values are matching, I'see in both get-rgw-api-secret-key and
get- rgw-api-access-key something like this:
{'<REALM>': '<(ACCESS}SECRET)_KEY>'}
But as I wrote, it might something else, I would expect the mgr
log to contain more details.
Indeed, I'll tried to backtrace the error in the code and I see
that is failing in the rgw_client.py when is trying to get the
user_id "of the user that is used to communicate with the RGW
Admin Ops API". I suppose that is the 'admin' user from
rgw-api-admin-resource, am I right?
I didn't had time till now to investigate further.
Thanks!
Iztok
_______________________________________________
ceph-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
ceph-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
ceph-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
ceph-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
