Re: [ceph-users] Questions about federated gateways configure

Thu, 10 Apr 2014 16:41:05 -0700 


*Craig Lewis*
Senior Systems Engineer
Office +1.714.602.1309
Email cle...@centraldesktop.com <mailto:cle...@centraldesktop.com>

*Central Desktop. Work together in ways you never thought possible.*
Connect with us Website <http://www.centraldesktop.com/> | Twitter <http://www.twitter.com/centraldesktop> | Facebook <http://www.facebook.com/CentralDesktop> | LinkedIn <http://www.linkedin.com/groups?gid=147417> | Blog <http://cdblog.centraldesktop.com/> 

On 4/10/14 02:54 , wsnote wrote:

Now my configure is normal, but there are still some mistake.
Bucket list can rsync, but object not.
In the secondary zone, with secondary zone's key, I can't see the bucket list;But with master zone's key, I can see the bucket list. 
The log is following:
the master zone:
Thu, 10 Apr 2014 09:35:31 GMT
/admin/log
2014-04-10 17:35:31.184939 7f0ea79d8700 15 calculated digest=dffaFPagxbrKq4OIGUW37/p/LZ0= 2014-04-10 17:35:31.184941 7f0ea79d8700 15 auth_sign=dffaFPagxbrKq4OIGUW37/p/LZ0= 
2014-04-10 17:35:31.184943 7f0ea79d8700 15 compare=0
2014-04-10 17:35:31.184945 7f0ea79d8700 20 system request
2014-04-10 17:35:31.184948 7f0ea79d8700 2 req 27796:0.000323::GET /admin/log:list_data_changes_log:reading permissions 2014-04-10 17:35:31.184950 7f0ea79d8700 2 req 27796:0.000326::GET /admin/log:list_data_changes_log:verifying op mask 
2014-04-10 17:35:31.184952 7f0ea79d8700 20 required_mask= 0 user.op_mask=7
2014-04-10 17:35:31.184953 7f0ea79d8700 2 req 27796:0.000329::GET /admin/log:list_data_changes_log:verifying op permissions *2014-04-10 17:35:31.184956 7f0ea79d8700 2 overriding permissions due to system operation* 2014-04-10 17:35:31.184957 7f0ea79d8700 2 req 27796:0.000333::GET /admin/log:list_data_changes_log:verifying op params 2014-04-10 17:35:31.184959 7f0ea79d8700 2 req 27796:0.000335::GET /admin/log:list_data_changes_log:executing 2014-04-10 17:35:31.186112 7f0ea79d8700 2 req 27796:0.001488::GET /admin/log:list_data_changes_log:http status=404 2014-04-10 17:35:31.186276 7f0ea79d8700 1 ====== req done req=0x1cf1b10 http_status=404 ====== 

The secondary zone:
Thu, 10 Apr 2014 09:32:48 GMT
/admin/replica_log
2014-04-10 17:32:49.388584 7fd6a17fb700 15 calculated digest=0ZQB/sBiIIsDLExsbzzmF9G02Js= 2014-04-10 17:32:49.388586 7fd6a17fb700 15 auth_sign=0ZQB/sBiIIsDLExsbzzmF9G02Js= 
2014-04-10 17:32:49.388587 7fd6a17fb700 15 compare=0
2014-04-10 17:32:49.388589 7fd6a17fb700 20 system request
2014-04-10 17:32:49.388592 7fd6a17fb700 2 req 79527:0.000359::GET /admin/replica_log:replicadatalog_getbounds:reading permissions 2014-04-10 17:32:49.388596 7fd6a17fb700 2 req 79527:0.000363::GET /admin/replica_log:replicadatalog_getbounds:verifying op mask 
2014-04-10 17:32:49.388617 7fd6a17fb700 20 required_mask= 0 user.op_mask=7
2014-04-10 17:32:49.388619 7fd6a17fb700 2 req 79527:0.000386::GET /admin/replica_log:replicadatalog_getbounds:verifying op permissions *2014-04-10 17:32:49.388622 7fd6a17fb700 2 overriding permissions due to system operation* 2014-04-10 17:32:49.388624 7fd6a17fb700 2 req 79527:0.000391::GET /admin/replica_log:replicadatalog_getbounds:verifying op params 2014-04-10 17:32:49.388626 7fd6a17fb700 2 req 79527:0.000393::GET /admin/replica_log:replicadatalog_getbounds:executing 2014-04-10 17:32:49.389355 7fd6a17fb700 2 req 79527:0.001122::GET /admin/replica_log:replicadatalog_getbounds:http status=404 2014-04-10 17:32:49.389586 7fd6a17fb700 1 ====== req done req=0xcc69b0 http_status=404 ======
Both users are given system permissions (see bold section above). If you created the buckets in the master zone using the master system user, then those buckets are owned by that user. You shouldn't use these system users to create buckets and objects. Since they have the system permission, they're very powerful accounts. You should create an ordinary user (one without the --system flag) in the master zone, and let that user replicate to the slave zones. Then buckets that user creates in the master zone should be visible to that same user in the slave zone.
You said bucket list syncs, but not objects. Are you running radosgw-agent with --metadata-only? 


_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Reply via email to