On 11/13/2013 09:06 PM, lixuehui wrote:
And on the slave zone gateway instence ,the info is like this :2013-11-14 12:54:24.516840 7f51e7fef700 1 ====== starting new request req=0xb1e3b0 ===== 2013-11-14 12:54:24.526640 7f51e7fef700 1 ====== req done req=0xb1e3b0 http_status=200 ====== 2013-11-14 12:54:24.545440 7f51e4fe9700 1 ====== starting new request req=0xb1c690 ===== 2013-11-14 12:54:24.551696 7f51e4fe9700 0 WARNING: couldn't find acl header for bucket, generating default 2013-11-14 12:54:24.566005 7f51e4fe9700 0 > HTTP_DATE -> Thu Nov 14 04:54:24 2013 2013-11-14 12:54:24.566046 7f51e4fe9700 0 > HTTP_X_AMZ_COPY_SOURCE -> sss%2Frgwconf 2013-11-14 12:54:24.607998 7f51e4fe9700 1 ====== req done req=0xb1c690 http_status=403 ====== 2013-11-14 12:54:24.626466 7f51e27e4700 1 ====== starting new request req=0xb24260 ===== Any one could help to find the problem ? Does it mean , we should set acl for the bucket . In fact ,the information goes the same as it before , after setting acl for the bucket . bucket-name sss object-name rgwconf Or is there something wrong with either the "HTTP_DATE" or "HTTP_X_AMS_COPY_SOURCE"?
Those headers are fine, and it's unrelated to acls since the gateway is using a system user for cross-zone copies, which has full access. Does the system user for the destination zone exist with the same access secret and key in the source zone? Josh
------------------------------------------------------------------------ lixuehui *发件人:* lixuehui <mailto:lixue...@chinacloud.com.cn> *发送时间:* 2013-11-13 16:16 *收件人:* ceph-users <mailto:ceph-users@lists.ceph.com> *主题:* radosgw-agent AccessDenied 403 Hi ,list We've ever reflected that ,radosgw-agent sync data failed all the time ,before. We paste the concert log here to seek any help now . application/json; charset=UTF-8 Wed, 13 Nov 2013 07:24:45 GMT x-amz-copy-source:sss%2Frgwconf /sss/rgwconf 2013-11-13T15:24:45.510 11171:DEBUG:boto:Signature: AWS CQHH7O4XULLINBNQQSPB:9ktSGas0/iuekklDmHRuU+OItek= 2013-11-13T15:24:45.511 11171:DEBUG:boto:url = 'http://ceph-rgw41.com/sss/rgwconf' params={'rgwx-op-id': 'ceph-rgw41:11160:2', 'rgwx-source-zone': u'us-east', 'rgwx-client-id': 'radosgw-agent'} headers={'Content-Length': '0', 'User-Agent': 'Boto/2.16.0 Python/2.7.3 Linux/3.5.0-23-generic', 'x-amz-copy-source': 'sss%2Frgwconf', 'Date': 'Wed, 13 Nov 2013 07:24:45 GMT', 'Content-Type': 'application/json; charset=UTF-8', 'Authorization': 'AWS CQHH7O4XULLINBNQQSPB:9ktSGas0/iuekklDmHRuU+OItek='} data=None 2013-11-13T15:24:45.519 11171:INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): ceph-rgw41.com 2013-11-13T15:24:45.580 11171:DEBUG:requests.packages.urllib3.connectionpool:"PUT /sss/rgwconf?rgwx-op-id=ceph-rgw41%3A11160%3A2&rgwx-source-zone=us-east&rgwx-client-id=radosgw-agent HTTP/1.1" 403 78 2013-11-13T15:24:45.584 11171:DEBUG:radosgw_agent.worker:exception during sync: Http error code 403 content <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code></Error> 2013-11-13T15:24:45.587 11171:DEBUG:boto:StringToSign: GET Wed, 13 Nov 2013 07:24:45 GMT /admin/opstate 2013-11-13T15:24:45.589 11171:DEBUG:boto:Signature: AWS CQHH7O4XULLINBNQQSPB:JZwaFKhZEsQUj50jLxjNzni8n5Q= 2013-11-13T15:24:45.590 11171:DEBUG:boto:url = 'http://ceph-rgw41.com/admin/opstate' params={'client-id': 'radosgw-agent', 'object': 'sss/rgwconf', 'op-id': 'ceph-rgw41:11160:2'} headers={'Date': 'Wed, 13 Nov 2013 07:24:45 GMT', 'Content-Length': '0', 'Authorization': 'AWS CQHH7O4XULLINBNQQSPB:JZwaFKhZEsQUj50jLxjNzni8n5Q=', 'User-Agent': 'Boto/2.16.0 Python/2.7.3 Linux/3.5.0-23-generic'} data=None 2013-11-13T15:24:45.594 11171:INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): ceph-rgw41.com 2013-11-13T15:24:45.607 11171:DEBUG:requests.packages.urllib3.connectionpool:"GET /admin/opstate?client-id=radosgw-agent&object=sss%2Frgwconf&op-id=ceph-rgw41%3A11160%3A2 HTTP/1.1" 200 None 2013-11-13T15:24:45.612 11171:DEBUG:radosgw_agent.worker:op state is [{u'timestamp': u'2013-11-13 07:24:45.561401Z', u'op_id': u'ceph-rgw41:11160:2', u'object': u'sss/rgwconf', u'state': u'error', u'client_id': u'radosgw-agent'}] 2013-11-13T15:24:45.614 11171:ERROR:radosgw_agent.worker:failed to sync object sss/rgwconf: state is error 2013-11-13T15:24:45.616 11171:DEBUG:radosgw_agent.worker:syncing object "sss/iso" 2013-11-13T15:24:45.617 11171:DEBUG:radosgw_agent.worker:sync_object sss/iso 2013-11-13T15:24:45.620 11171:DEBUG:boto:StringToSign: PUT From the radosgw-agent log,we find the radosgw_agent.worker can not access the slave zone gateway instence .Finally , radosgw-agent returned the info: state is error.We've changed the users with "*"permission. [client.radosgw.us-east-1] key = AQAp5IJSmF+hNBAAdVHvbYJYVW9coWF6INm+LA== caps mon = "allow *" caps osd = "allow *" [client.radosgw.us-west-1] key = AQAq5IJSkJ2PMxAAYmAH1wQaE08z+dA0F5INZQ== caps mon = "allow *" caps osd = "allow *" The region configured file:us.json { "name": "us", "api_name": "us", "is_master": "true", "endpoints": [ "http:\/\/ceph-rgw40.com:80\/"], "master_zone": "us-east", "zones": [ { "name": "us-east", "endpoints": [ "http:\/\/ceph-rgw40.com:80\/"], "log_meta": "true", "log_data": "true"}, { "name": "us-west", "endpoints": [ "http:\/\/ceph-rgw41.com:80\/"], "log_meta": "true", "log_data": "true"}], "placement_targets": [], "default_placement": ""} radosgw-agent's configure file is: src_access_key: 471FCR73KPEY0EF8Q0AC src_secret_key: BF0t5ESBIvT+GlIL+fxB6N7HmjhdbS3VXcFq5mA0 destination : http://ceph-rgw41.com:80 dest_access_key: CQHH7O4XULLINBNQQSPB dest_secret_key: BR/UUadpxebiyTH7So42J/87F6jWMw4ddkjKxPRT log_file: /var/log/radosgw/radosgw-sync-us-east-west.log Addtional, we encountered another problem ,when we configured radosgw-agent. The destination means to protoca+zone2-name+fqdn+port ,while we can only write as protocal+fqdn+port. If we added the slave zone name ,the info is like that : /admin/config DEBUG:boto:Signature: AWS CQHH7O4XULLINBNQQSPB:4zdcvi1QVBSfTrKasHtauIdw3XY= DEBUG:boto:url = 'http://us-west.ceph-rgw41.com/admin/config' params={} headers={'Date': 'Wed, 13 Nov 2013 08:13:54 GMT', 'Content-Length': '0', 'Authorization': 'AWS CQHH7O4XULLINBNQQSPB:4zdcvi1QVBSfTrKasHtauIdw3XY=', 'User-Agent': 'Boto/2.16.0 Python/2.7.3 Linux/3.5.0-23-generic'} data=None INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): us-west.ceph-rgw41.com DEBUG:requests.packages.urllib3.connectionpool:"GET /admin/config HTTP/1.1" 200 None region map is: {u'us': [u'us-west', u'us-east']} ERROR:root:http://us-west.ceph-rgw41.com:80 not found in region map Does it matter ,or we made any mistake form the us.json? ------------------------------------------------------------------------ lixuehui _______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
