Thank you very much Yehuda, that was the missing piece of my puzzle!
I think that this should be added to the official documentation.
Regards
2013/10/15 Yehuda Sadeh <yeh...@inktank.com>
> On Tue, Oct 15, 2013 at 7:17 AM, Carlos Gimeno Yañez <cgim...@bifi.es>
> wrote:
> > Hi
> >
> > I've deployed Ceph using Ceph-deploy and following the official
> > documentation. I've created a user to use with Swift and everything is
> > working fine, my users can create buckets and upload files if they use
> > Horizon Dashboard or Swift CLI.
> >
> > However, everything changes if they try to do it with S3 API. When they
> > download their credentials from Horizon dashboard to get their keys, they
> > can't connect to ceph using S3 API. They only get a "403 Access Denied"
> > error message. I'm using Ceph 0.70 so, if i'm not wrong, ceph should be
> able
> > to validate S3 tokens against keystone since 0.69 version.
> >
> > Here is my ceph.conf:
> >
> > [client.radosgw.gateway]
> > host = server2
> > keyring = /etc/ceph/keyring.radosgw.gateway
> > rgw socket path = /var/run/ceph/radosgw.sock
> > log file = /var/log/ceph/radosgw.log
> > rgw keystone url = server4:35357
> > rgw keystone admin token = admintoken
> > rgw keystone accepted roles = admin _member_ Member
> > rgw print continue = false
> > rgw keystone token cache size = 500
> > rgw keystone revocation interval = 500
> > nss db path = /var/ceph/nss
> >
> > #Add DNS hostname to enable S3 subdomain calls
> > rgw dns name = server2
> >
> >
> > And this is the error message (with s3-curl):
> >
> >
> >> GET / HTTP/1.1
> >> User-Agent: curl/7.29.0
> >> Host: host_ip
> >> Accept: */*
> >> Date: Tue, 15 Oct 2013 14:07:24 +0000
> >> Authorization: AWS
> >> 3a1ecdea87d6493a9922c13a06d392cf:SNu/sjTuDtvunOQKJaU8Besm1RQ=
> >>
> > < HTTP/1.1 403 Forbidden
> > < Date: Tue, 15 Oct 2013 14:07:24 GMT
> > < Server: Apache/2.2.22 (Ubuntu)
> > < Accept-Ranges: bytes
> > < Content-Length: 78
> > < Content-Type: application/xml
> > <
> > { [data not shown]
> > <?xml version="1.0" encoding="UTF-8"?>
> > <Error>
> > <Code>AccessDenied</Code>
> > </Error>
> >
> > Regards
>
>
> Try adding:
>
> rgw s3 auth use keystone = true
>
> to your ceph.conf
>
>
> Yehuda
>
_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
