Thanks Yehuda, With the POST and the X-Container-Read header (without HTTP-) is running perfectly.
Many thanks! Álvaro. -----Mensaje original----- De: Yehuda Sadeh [mailto:yeh...@inktank.com] Enviado el: martes, 09 de julio de 2013 9:25 Para: Alvaro Izquierdo Jimeno CC: ceph-users@lists.ceph.com Asunto: Re: [ceph-users] (keystone + radosgw ) users I looked at the code and it seems that the HTTP-X-Container-Read is only expected when updating the object / container metadata. Therefore, try to do a POST operation after the container's creation with that specific field. On Tue, Jul 9, 2013 at 12:04 AM, Alvaro Izquierdo Jimeno <aizquie...@aubay.es> wrote: > And now attached the log from creating bucket with the header > X-Container-read (without http). > > > > -----Mensaje original----- > De: ceph-users-boun...@lists.ceph.com > [mailto:ceph-users-boun...@lists.ceph..com] En nombre de Alvaro > Izquierdo Jimeno Enviado el: martes, 09 de julio de 2013 8:55 > Para: Yehuda Sadeh > CC: ceph-users@lists.ceph.com > Asunto: Re: [ceph-users] (keystone + radosgw ) users > > The same result. > > Attached the log from creating bucket with the header 'HTTP-X-Container-Read' > > Response of HEAD of the bucket1 > < HTTP/1.1 204 > < Date: Tue, 09 Jul 2013 06:53:55 GMT > < Server: Apache/2.2.15 (Red Hat) > < X-Container-Object-Count: 1 > < X-Container-Bytes-Used: 6163 > < X-Container-Bytes-Used-Actual: 8192 > < Connection: close > < Content-Type: text/plain; charset=utf-8 > > > > -----Mensaje original----- > De: Yehuda Sadeh [mailto:yeh...@inktank.com] Enviado el: martes, 09 de > julio de 2013 8:37 > Para: Alvaro Izquierdo Jimeno > CC: ceph-users@lists.ceph.com > Asunto: Re: [ceph-users] (keystone + radosgw ) users > > Can you try using 'HTTP-X-Container-Read' instead? > > On Mon, Jul 8, 2013 at 11:31 PM, Alvaro Izquierdo Jimeno > <aizquie...@aubay.es> wrote: >> Hi, >> >> I´m using RedHat 6.4. >> Attached two files: one with the log output from GET bucket1 from >> ytenant and the other with the log output from GET object1 from >> ytenant (both with 401 response) >> >> When I get the bucket (after the Put request with X-Container-Read >> header) from xtenant, I can see >> >> < HTTP/1.1 200 >> < Date: Tue, 09 Jul 2013 06:24:27 GMT < Server: Apache/2.2.15 (Red >> Hat) < Connection: close < Transfer-Encoding: chunked < Content-Type: >> text/plain; charset=utf-8 < >> Object1 >> * Closing connection #0 >> >> But, where is the X-Container-Read header? it should appear? Maybe the >> problem is saving the metadata header.... >> >> Thanks a lot, >> Álvaro >> >> >> >> -----Mensaje original----- >> De: Yehuda Sadeh [mailto:yeh...@inktank.com] Enviado el: martes, 09 >> de julio de 2013 7:53 >> Para: Alvaro Izquierdo Jimeno >> CC: ceph-users@lists.ceph.com >> Asunto: Re: [ceph-users] (keystone + radosgw ) users >> >> From what I can tell, this should be enough. I'll need to see more concrete >> logs to figure out what went wrong though. >> >> Yehuda >> >> On Mon, Jul 8, 2013 at 10:47 PM, Alvaro Izquierdo Jimeno >> <aizquie...@aubay.es> wrote: >>> Any idea? >>> >>> Thanks a lot, >>> Álvaro. >>> >>> -----Mensaje original----- >>> De: ceph-users-boun...@lists.ceph.com >>> [mailto:ceph-users-boun...@lists.ceph..com] En nombre de Alvaro >>> Izquierdo Jimeno Enviado el: viernes, 05 de julio de 2013 11:58 >>> Para: Yehuda Sadeh >>> CC: ceph-users@lists.ceph.com >>> Asunto: Re: [ceph-users] (keystone + radosgw ) users >>> >>> Hi, >>> >>> Maybe i forgot something but i can't use this behavior: >>> >>> I will try to explain my setting: >>> >>> I have two keystone users: 'x' and 'y' >>> And two keystone tenants: 'xtenant' and 'ytenant' >>> >>> In ceph.conf I have the option: >>> rgw enforce swift acls = true >>> >>> I have got the token for x and xtenant with curl -k -X 'POST' -v >>> http://mykeystone:5000/v2.0/tokens -d >>> '{"auth":{"passwordCredentials":{"username": "x", "password":"pass"}, >>> "tenantId":"the_id_of_xtenant"}}' -H 'Content-type: application/json' >>> >>> Create a container (with permissions to ytenant) and an object curl >>> -v -X PUT -H 'X-Container-Read: the_id_of_ytenant' -H 'X-Auth-Token: >>> x_token' http://myradosgw/swift/v1/bucket1 curl -v -X PUT -H >>> 'X-Auth-Token: x_token' http://myradosgw/swift/v1/bucket1/object1 >>> >>> I can get the container and object with x_token: >>> curl -v -X GET -H 'X-Auth-Token: x_token' >>> http://myradosgw/swift/v1/bucket1 curl -v -X GET -H 'X-Auth-Token: >>> x_token' http://myradosgw/swift/v1/bucket1/object1 >>> >>> until this moment, all ok. >>> >>> I have got the token for y and ytenant with >>> >>> curl -k -X 'POST' -v http://mykeystone:5000/v2.0/tokens -d >>> '{"auth":{"passwordCredentials":{"username": "y", "password":"pass2"}, >>> "tenantId":"the_id_of_ytenant"}}' -H 'Content-type: application/json' >>> >>> But, radosgw returns a 401 when I try to get the container or the bucket: >>> curl -v -X GET -H 'X-Auth-Token: y_token' >>> http://myradosgw/swift/v1/bucket1 curl -v -X GET -H 'X-Auth-Token: >>> y_token' http://myradosgw/swift/v1/bucket1/object1 >>> >>> >>> What have I forgotten? >>> >>> Thanks and regards, >>> Álvaro. >>> >>> -----Mensaje original----- >>> De: Yehuda Sadeh [mailto:yeh...@inktank.com] Enviado el: viernes, 05 >>> de julio de 2013 8:39 >>> Para: Alvaro Izquierdo Jimeno >>> CC: ceph-users@lists.ceph.com >>> Asunto: Re: [ceph-users] (keystone + radosgw ) users >>> >>> The rados gateway supports swift form of ACLs on buckets in which it is >>> possible to set read/write permissions for each bucket to allow access for >>> its objects. This can be done by setting the X-Container-Read, and >>> X-Container-Write attributes on the containers. >>> Each attribute is a comma delimited list of permitted users that are given >>> the specific permission. Note that when using the keystone backed, the >>> permissions are given at the tenant level, so they should be referred as >>> such (using the tenant hex id). >>> >>> On Thu, Jul 4, 2013 at 11:27 PM, Alvaro Izquierdo Jimeno >>> <aizquie...@aubay.es> wrote: >>>> May anybody help me? >>>> >>>> >>>> >>>> Many thanks and regards, >>>> >>>> Álvaro. >>>> >>>> >>>> >>>> >>>> >>>> De: ceph-users-boun...@lists.ceph.com >>>> [mailto:ceph-users-boun...@lists.ceph.com] En nombre de Alvaro >>>> Izquierdo Jimeno Enviado el: martes, 02 de julio de 2013 14:30 >>>> Para: ceph-users@lists.ceph.com >>>> Asunto: [ceph-users] (keystone + radosgw ) users >>>> >>>> >>>> >>>> Hi all, >>>> >>>> >>>> >>>> I have been able to bind openstack keystone and radosgw and have >>>> checked users created from keystone can make requests on radosgw. >>>> >>>> >>>> >>>> But, how can we handle several tenants and users from keystone? In >>>> swift, we have the option of setting up ACLs in the config file >>>> and headers to mark which user can make an operation in each >>>> container in a specific tenant (for example). Does it exist that option >>>> with radosgw instead of swift? >>>> >>>> >>>> >>>> Many thanks in advanced and best regards, >>>> >>>> Álvaro. >>>> >>>> >>>> >>>> >>>> >>>> >>>> ____________ >>>> Verificada la ausencia de virus por G Data AntiVirus Versión: AVA >>>> 22.10661 del 02.07.2013 Noticias de virus: www.antiviruslab.com >>>> >>>> >>>> _______________________________________________ >>>> ceph-users mailing list >>>> ceph-users@lists.ceph.com >>>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >>>> >>> ____________ >>> Verificada la ausencia de virus por G Data AntiVirus >>> Versión: AVA 22.10718 del 05.07.2013 Noticias de virus: >>> www.antiviruslab.com _______________________________________________ >>> ceph-users mailing list >>> ceph-users@lists.ceph.com >>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >>> ____________ >>> Verificada la ausencia de virus por G Data AntiVirus >>> Versión: AVA 22.10827 del 09.07.2013 Noticias de virus: >>> www.antiviruslab.com >> >> ____________ >> Verificada la ausencia de virus por G Data AntiVirus >> Versión: AVA 22.10829 del 09.07.2013 >> Noticias de virus: www.antiviruslab.com > > ____________ > Verificada la ausencia de virus por G Data AntiVirus > Versión: AVA 22.10829 del 09.07.2013 > Noticias de virus: www.antiviruslab.com > > ____________ > Verificada la ausencia de virus por G Data AntiVirus > Versión: AVA 22.10829 del 09.07.2013 > Noticias de virus: www.antiviruslab.com ____________ Verificada la ausencia de virus por G Data AntiVirus Versión: AVA 22.10830 del 09.07.2013 Noticias de virus: www.antiviruslab.com _______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
