Any ideas on this? Anything I can do to further troubleshoot? -Steve
----- Original Message ----- > From: "Steve Carter" <scar...@liquidweb.com> > To: "Yehuda Sadeh" <yeh...@inktank.com> > Cc: ceph-users@lists.ceph.com > Sent: Tuesday, March 11, 2014 4:42:24 PM > Subject: Re: [ceph-users] Access Denied errors > Just to be complete, a TCP Dump: > Starting tcpick 0.2.1 at 2014-03-11 21 :11 UTC > Timeout for connections is 600 > tcpick: reading from test.pcap > 1 SYN-SENT 10.255.247.241 :39729 > 10.30.77.227 :http > 1 SYN-RECEIVED 10.255.247.241 :39729 > 10.30.77.227 :http > 1 ESTABLISHED 10.255.247.241 :39729 > 10.30.77.227 :http > GET /user HTTP/1.1 > TE: deflate,gzip;q=0.3 > Keep-Alive: 300 > Connection: Keep-Alive, TE > Date: Mon, 10 Mar 2014 22:51:06 GMT > Authorization: AWS 08V6K45V9KPVK7MIWWMG:tot0rXT4AeYohcRQ0iyGPnAQ+cg= > Host: admin.XXXX.liquidweb.com > User-Agent: libwww-perl/5.805 > display-name: Hello World > uid: atc > HTTP/1.1 403 Forbidden > Date: Mon, 10 Mar 2014 22:50:36 GMT > Server: Apache/2.2.22 (Ubuntu) > Accept-Ranges: bytes > Content-Length: 78 > Keep-Alive: timeout=5, max=100 > Connection: Keep-Alive > Content-Type: application/xml > <?xml version="1.0" > encoding="UTF-8"?><Error><Code>AccessDenied</Code></Error> > 1 FIN-WAIT- 1 10.255.247.241 :39729 > 10.30.77.227 :http > 1 TIME-WAIT 10.255.247.241 :39729 > 10.30.77.227 :http > 1 CLOSED 10.255.247.241 :39729 > 10.30.77.227 :http > tcpick: done reading from test.pcap > 10 packets captured > 1 tcp sessions detected > ----- Original Message ----- > > From: "Steve Carter" <scar...@liquidweb.com> > > > To: "Yehuda Sadeh" <yeh...@inktank.com> > > > Cc: ceph-users@lists.ceph.com > > > Sent: Tuesday, March 11, 2014 4:35:12 PM > > > Subject: Re: [ceph-users] Access Denied errors > > > On Mar 10, 2014, at 8:30 PM, Yehuda Sadeh < yeh...@inktank.com > wrote: > > > > > 2014-03-10 22:59:12.551012 7fec017fa700 10 auth_hdr: > > > > > > > > > > GET > > > > > > > > > > Mon, 10 Mar 2014 22:59:42 GMT > > > > > > > > > > /user > > > > > > > > > This is related to the issue. I assume it was signed as /admin/user, > > > > > > but here we just use /user because that what's passed in the URI. Are > > > > > > you accessing the gateway through virtual dns bucket name (e.g., > > > > > > admin.your-domain.com )? > > > > > > Yehuda > > > > > > > 2014-03-10 22:59:12.551103 7fec017fa700 15 calculated > > > > digest=R+4z9J6PyXugdHAYJDKJiLPKpWo= > > > > > > > > > > 2014-03-10 22:59:12.551113 7fec017fa700 15 > > > > auth_sign=OHAxWvf8U8t4CVWq0pKKwxZ2Xko= > > > > > > > > > > 2014-03-10 22:59:12.551114 7fec017fa700 15 compare=-3 > > > > > > > > > > 2014-03-10 22:59:12.551118 7fec017fa700 10 failed to authorize request > > > > > > > > > > 2014-03-10 22:59:12.551295 7fec017fa700 2 req 1:0.020363:s3:GET > > > > /user:list_bucket:http status=403 > > > > > > > > > > 2014-03-10 22:59:12.551496 7fec017fa700 1 ====== req done req=0x19497c0 > > > > http_status=403 ====== > > > > > > > > This what our request header looks like. ‘admin’ is the admin bucket. The > > request doesn’t appear to be signed as /admin/user. I wonder if the > > ordering > > of our header fields are incorrect insofar as they don’t match the > > canonical > > ordering expected by radosgw/S3 resulting in the digests not matching? > > > Request: GET http://admin.XXXX.liquidweb.com/user > > > Date: Tue, 11 Mar 2014 22:52:20 GMT > > > Authorization: AWS 08V6K45V9KPVK7MIWWMG:VPPhzMiF9bFywTxLbr1peLEwZK4= > > > User-Agent: libwww-perl/5.805 > > > display-name: Hello World > > > uid: atc > > > Format: json HTTP/1.1 > > > *** /home/etank/lwlibs/perl/Amazon/S3.pm [298]: Response: HTTP/1.1 403 > > Forbidden > > > Connection: Keep-Alive > > > Date: Tue, 11 Mar 2014 22:51:47 GMT > > > Accept-Ranges: bytes > > > Server: Apache/2.2.22 (Ubuntu) > > > Content-Length: 78 > > > Content-Type: application/xml > > > Client-Date: Tue, 11 Mar 2014 22:52:20 GMT > > > Client-Peer: 10.30.77.227:80 > > > Client-Response-Num: 1 > > > Keep-Alive: timeout=5, max=100 > > > _______________________________________________ > > > ceph-users mailing list > > > ceph-users@lists.ceph.com > > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > _______________________________________________ > ceph-users mailing list > ceph-users@lists.ceph.com > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
