Hi All,
Does anyone know if it'll be possible to use the radosgw admin API when
using keystone users? I suspect not due to the user requiring specific
caps, however it'd be great if someone can validate (I'm still running
v0.67.4 so can't play with this much).
Thanks!
-Matt
On Tue, Oct 15, 2013 at 6:34 PM, Carlos Gimeno Yañez <cgim...@bifi.es>wrote:
> Thank you very much Yehuda, that was the missing piece of my puzzle!
>
> I think that this should be added to the official documentation.
>
> Regards
>
>
> 2013/10/15 Yehuda Sadeh <yeh...@inktank.com>
>
>> On Tue, Oct 15, 2013 at 7:17 AM, Carlos Gimeno Yañez <cgim...@bifi.es>
>> wrote:
>> > Hi
>> >
>> > I've deployed Ceph using Ceph-deploy and following the official
>> > documentation. I've created a user to use with Swift and everything is
>> > working fine, my users can create buckets and upload files if they use
>> > Horizon Dashboard or Swift CLI.
>> >
>> > However, everything changes if they try to do it with S3 API. When they
>> > download their credentials from Horizon dashboard to get their keys,
>> they
>> > can't connect to ceph using S3 API. They only get a "403 Access Denied"
>> > error message. I'm using Ceph 0.70 so, if i'm not wrong, ceph should be
>> able
>> > to validate S3 tokens against keystone since 0.69 version.
>> >
>> > Here is my ceph.conf:
>> >
>> > [client.radosgw.gateway]
>> > host = server2
>> > keyring = /etc/ceph/keyring.radosgw.gateway
>> > rgw socket path = /var/run/ceph/radosgw.sock
>> > log file = /var/log/ceph/radosgw.log
>> > rgw keystone url = server4:35357
>> > rgw keystone admin token = admintoken
>> > rgw keystone accepted roles = admin _member_ Member
>> > rgw print continue = false
>> > rgw keystone token cache size = 500
>> > rgw keystone revocation interval = 500
>> > nss db path = /var/ceph/nss
>> >
>> > #Add DNS hostname to enable S3 subdomain calls
>> > rgw dns name = server2
>> >
>> >
>> > And this is the error message (with s3-curl):
>> >
>> >
>> >> GET / HTTP/1.1
>> >> User-Agent: curl/7.29.0
>> >> Host: host_ip
>> >> Accept: */*
>> >> Date: Tue, 15 Oct 2013 14:07:24 +0000
>> >> Authorization: AWS
>> >> 3a1ecdea87d6493a9922c13a06d392cf:SNu/sjTuDtvunOQKJaU8Besm1RQ=
>> >>
>> > < HTTP/1.1 403 Forbidden
>> > < Date: Tue, 15 Oct 2013 14:07:24 GMT
>> > < Server: Apache/2.2.22 (Ubuntu)
>> > < Accept-Ranges: bytes
>> > < Content-Length: 78
>> > < Content-Type: application/xml
>> > <
>> > { [data not shown]
>> > <?xml version="1.0" encoding="UTF-8"?>
>> > <Error>
>> > <Code>AccessDenied</Code>
>> > </Error>
>> >
>> > Regards
>>
>>
>> Try adding:
>>
>> rgw s3 auth use keystone = true
>>
>> to your ceph.conf
>>
>>
>> Yehuda
>>
>
>
> _______________________________________________
> ceph-users mailing list
> ceph-users@lists.ceph.com
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
>
_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
