Hi
I've deployed Ceph using Ceph-deploy and following the official
documentation. I've created a user to use with Swift and everything is
working fine, my users can create buckets and upload files if they use
Horizon Dashboard or Swift CLI.
However, everything changes if they try to do it with S3 API. When they
download their credentials from Horizon dashboard to get their keys, they
can't connect to ceph using S3 API. They only get a "403 Access Denied"
error message. I'm using Ceph 0.70 so, if i'm not wrong, ceph should be
able to validate S3 tokens against keystone since 0.69 version.
Here is my ceph.conf:
[client.radosgw.gateway]
host = server2
keyring = /etc/ceph/keyring.radosgw.gateway
rgw socket path = /var/run/ceph/radosgw.sock
log file = /var/log/ceph/radosgw.log
rgw keystone url = server4:35357
rgw keystone admin token = admintoken
rgw keystone accepted roles = admin _member_ Member
rgw print continue = false
rgw keystone token cache size = 500
rgw keystone revocation interval = 500
nss db path = /var/ceph/nss
#Add DNS hostname to enable S3 subdomain calls
rgw dns name = server2
And this is the error message (with s3-curl):
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: host_ip
> Accept: */*
> Date: Tue, 15 Oct 2013 14:07:24 +0000
> Authorization: AWS
3a1ecdea87d6493a9922c13a06d392cf:SNu/sjTuDtvunOQKJaU8Besm1RQ=
>
< HTTP/1.1 403 Forbidden
< Date: Tue, 15 Oct 2013 14:07:24 GMT
< Server: Apache/2.2.22 (Ubuntu)
< Accept-Ranges: bytes
< Content-Length: 78
< Content-Type: application/xml
<
{ [data not shown]
<?xml version="1.0" encoding="UTF-8"?>
<Error>
<Code>AccessDenied</Code>
</Error>
Regards
_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
