Re: [ceph-users] Access denied error

Thu, 24 Apr 2014 08:05:12 -0700 

Hi Yehuda,

I am getting the following from the radosgw logs :-

-----------------------
2014-04-22 09:36:00.024618 7ff16ccf6700  1 ====== starting new request
req=0x1ec7270 =====
2014-04-22 09:36:00.024719 7ff16ccf6700  2 req 15:0.000100::GET
/admin/usage::initializing
2014-04-22 09:36:00.024731 7ff16ccf6700 10 host=gateway.3linux.comrgw_dns_name=
gateway.3linux.com
2014-04-22 09:36:00.024763 7ff16ccf6700 20 FCGI_ROLE=RESPONDER
2014-04-22 09:36:00.024764 7ff16ccf6700 20 SCRIPT_URL=/admin/usage
2014-04-22 09:36:00.024765 7ff16ccf6700 20 SCRIPT_URI=
http://gateway.3linux.com/admin/usage
2014-04-22 09:36:00.024766 7ff16ccf6700 20 HTTP_AUTHORIZATION=AWS
KGXJJGKDM5G7G4CNKC7R:LC{ "user_id": "admin",
2014-04-22 09:36:00.024767 7ff16ccf6700 20 HTTP_USER_AGENT=curl/7.22.0
(x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23
librtmp/2.3
2014-04-22 09:36:00.024769 7ff16ccf6700 20 HTTP_ACCEPT=*/*
2014-04-22 09:36:00.024770 7ff16ccf6700 20 HTTP_HOST=gateway.3linux.com
2014-04-22 09:36:00.024772 7ff16ccf6700 20 CONTENT_LENGTH=0
2014-04-22 09:36:00.024772 7ff16ccf6700 20 PATH=/usr/local/bin:/usr/bin:/bin
2014-04-22 09:36:00.024774 7ff16ccf6700 20 SERVER_SIGNATURE=
2014-04-22 09:36:00.024775 7ff16ccf6700 20 SERVER_SOFTWARE=Apache/2.2.22
(Ubuntu)
2014-04-22 09:36:00.024775 7ff16ccf6700 20 SERVER_NAME=gateway.3linux.com
2014-04-22 09:36:00.024776 7ff16ccf6700 20 SERVER_ADDR=117.18.79.110
2014-04-22 09:36:00.024777 7ff16ccf6700 20 SERVER_PORT=80
2014-04-22 09:36:00.024778 7ff16ccf6700 20 REMOTE_ADDR=117.18.79.110
2014-04-22 09:36:00.024779 7ff16ccf6700 20 DOCUMENT_ROOT=/var/www
2014-04-22 09:36:00.024780 7ff16ccf6700 20 SERVER_ADMIN=c...@3linux.com
2014-04-22 09:36:00.024781 7ff16ccf6700 20
SCRIPT_FILENAME=/var/www/s3gw.fcgi
2014-04-22 09:36:00.024782 7ff16ccf6700 20 REMOTE_PORT=33320
2014-04-22 09:36:00.024783 7ff16ccf6700 20 GATEWAY_INTERFACE=CGI/1.1
2014-04-22 09:36:00.024788 7ff16ccf6700 20 SERVER_PROTOCOL=HTTP/1.1
2014-04-22 09:36:00.024788 7ff16ccf6700 20 REQUEST_METHOD=GET
2014-04-22 09:36:00.024789 7ff16ccf6700 20
QUERY_STRING=page=admin&params=/usage&format=json
2014-04-22 09:36:00.024790 7ff16ccf6700 20
REQUEST_URI=/admin/usage?format=json
2014-04-22 09:36:00.024791 7ff16ccf6700 20 SCRIPT_NAME=/admin/usage
2014-04-22 09:36:00.024792 7ff16ccf6700  2 req 15:0.000174::GET
/admin/usage::getting op
2014-04-22 09:36:00.024795 7ff16ccf6700  2 req 15:0.000177::GET
/admin/usage:get_usage:authorizing
2014-04-22 09:36:00.024810 7ff16ccf6700 20 get_obj_state:
rctx=0x7ff0f00271e0 obj=.users:KGXJJGKDM5G7G4CNKC7R state=0x7ff0f0025778
s->prefetch_data=0
2014-04-22 09:36:00.024817 7ff16ccf6700 10 moving
.users+KGXJJGKDM5G7G4CNKC7R to cache LRU end
2014-04-22 09:36:00.024819 7ff16ccf6700 10 cache get:
name=.users+KGXJJGKDM5G7G4CNKC7R : type miss (requested=6, cached=3)
2014-04-22 09:36:00.026317 7ff16ccf6700 10 cache put:
name=.users+KGXJJGKDM5G7G4CNKC7R
2014-04-22 09:36:00.026330 7ff16ccf6700 10 moving
.users+KGXJJGKDM5G7G4CNKC7R to cache LRU end
2014-04-22 09:36:00.026340 7ff16ccf6700 20 get_obj_state: s->obj_tag was
set empty
2014-04-22 09:36:00.026350 7ff16ccf6700 10 moving
.users+KGXJJGKDM5G7G4CNKC7R to cache LRU end
2014-04-22 09:36:00.026352 7ff16ccf6700 10 cache get:
name=.users+KGXJJGKDM5G7G4CNKC7R : hit
2014-04-22 09:36:00.026371 7ff16ccf6700 20 get_obj_state:
rctx=0x7ff0f00259d0 obj=.users.uid:admin state=0x7ff0f0023b78
s->prefetch_data=0
2014-04-22 09:36:00.026380 7ff16ccf6700 10 moving .users.uid+admin to cache
LRU end
2014-04-22 09:36:00.026382 7ff16ccf6700 10 cache get: name=.users.uid+admin
: type miss (requested=6, cached=19)
2014-04-22 09:36:00.028214 7ff16ccf6700 10 cache put: name=.users.uid+admin
2014-04-22 09:36:00.028227 7ff16ccf6700 10 moving .users.uid+admin to cache
LRU end
2014-04-22 09:36:00.028235 7ff16ccf6700 20 get_obj_state: s->obj_tag was
set empty
2014-04-22 09:36:00.028244 7ff16ccf6700 10 moving .users.uid+admin to cache
LRU end
2014-04-22 09:36:00.028247 7ff16ccf6700 10 cache get: name=.users.uid+admin
: hit
2014-04-22 09:36:00.028279 7ff16ccf6700  0 NOTICE: missing date for auth
header
2014-04-22 09:36:00.028282 7ff16ccf6700 10 failed to create auth header

2014-04-22 09:36:00.028284 7ff16ccf6700 10 failed to authorize request
2014-04-22 09:36:00.028306 7ff16ccf6700  2 req 15:0.003688::GET
/admin/usage:get_usage:http status=403
2014-04-22 09:36:00.028390 7ff16ccf6700  1 ====== req done req=0x1ec7270
http_status=403 ======
2014-04-22 09:36:09.046933 7ff16effd700  2
RGWDataChangesLog::ChangesRenewThread: start
2014-04-22 09:36:31.047075 7ff16effd700  2
RGWDataChangesLog::ChangesRenewThread: start
2014-04-22 09:36:45.526088 7ff1887a1780 20 enqueued request req=0x1ec2b70
2014-04-22 09:36:45.526102 7ff1887a1780 20 RGWWQ:
2014-04-22 09:36:45.526103 7ff1887a1780 20 req: 0x1ec2b70
2014-04-22 09:36:45.526106 7ff1887a1780 10 allocated request req=0x1ec7270
2014-04-22 09:36:45.526121 7ff106fb5700 20 dequeued request req=0x1ec2b70
2014-04-22 09:36:45.526124 7ff106fb5700 20 RGWWQ: empty
2014-04-22 09:36:45.526128 7ff106fb5700  1 ====== starting new request
req=0x1ec2b70 =====
2014-04-22 09:36:45.526233 7ff106fb5700  2 req 16:0.000106::GET
/admin/usage::initializing
2014-04-22 09:36:45.526239 7ff106fb5700 10 host=gateway.3linux.comrgw_dns_name=
gateway.3linux.com
2014-04-22 09:36:45.526273 7ff106fb5700 20 FCGI_ROLE=RESPONDER
2014-04-22 09:36:45.526275 7ff106fb5700 20 SCRIPT_URL=/admin/usage
2014-04-22 09:36:45.526276 7ff106fb5700 20 SCRIPT_URI=
http://gateway.3linux.com/admin/usage
2014-04-22 09:36:45.526277 7ff106fb5700 20 HTTP_AUTHORIZATION=AWS
KGXJJGKDM5G7G4CNKC7R:LC7S0twZdhtXA1XxthfMDsj5TgJpeKhZrloWa9WN{ "user_id":
"admin",
2014-04-22 09:36:45.526278 7ff106fb5700 20 HTTP_USER_AGENT=curl/7.22.0
(x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23
librtmp/2.3
2014-04-22 09:36:45.526279 7ff106fb5700 20 HTTP_ACCEPT=*/*
2014-04-22 09:36:45.526280 7ff106fb5700 20 HTTP_HOST=gateway.3linux.com
2014-04-22 09:36:45.526281 7ff106fb5700 20 CONTENT_LENGTH=0
2014-04-22 09:36:45.526282 7ff106fb5700 20 PATH=/usr/local/bin:/usr/bin:/bin
2014-04-22 09:36:45.526283 7ff106fb5700 20 SERVER_SIGNATURE=
2014-04-22 09:36:45.526284 7ff106fb5700 20 SERVER_SOFTWARE=Apache/2.2.22
(Ubuntu)
2014-04-22 09:36:45.526285 7ff106fb5700 20 SERVER_NAME=gateway.3linux.com
2014-04-22 09:36:45.526287 7ff106fb5700 20 SERVER_ADDR=117.18.79.110
2014-04-22 09:36:45.526288 7ff106fb5700 20 SERVER_PORT=80
2014-04-22 09:36:45.526289 7ff106fb5700 20 REMOTE_ADDR=117.18.79.110
2014-04-22 09:36:45.526290 7ff106fb5700 20 DOCUMENT_ROOT=/var/www
2014-04-22 09:36:45.526291 7ff106fb5700 20 SERVER_ADMIN=c...@3linux.com
2014-04-22 09:36:45.526291 7ff106fb5700 20
SCRIPT_FILENAME=/var/www/s3gw.fcgi
2014-04-22 09:36:45.526293 7ff106fb5700 20 REMOTE_PORT=33321
2014-04-22 09:36:45.526294 7ff106fb5700 20 GATEWAY_INTERFACE=CGI/1.1
2014-04-22 09:36:45.526295 7ff106fb5700 20 SERVER_PROTOCOL=HTTP/1.1
2014-04-22 09:36:45.526295 7ff106fb5700 20 REQUEST_METHOD=GET
2014-04-22 09:36:45.526297 7ff106fb5700 20
QUERY_STRING=page=admin&params=/usage&format=json
2014-04-22 09:36:45.526298 7ff106fb5700 20
REQUEST_URI=/admin/usage?format=json
2014-04-22 09:36:45.526299 7ff106fb5700 20 SCRIPT_NAME=/admin/usage
2014-04-22 09:36:45.526300 7ff106fb5700  2 req 16:0.000173::GET
/admin/usage::getting op
2014-04-22 09:36:45.526304 7ff106fb5700  2 req 16:0.000177::GET
/admin/usage:get_usage:authorizing
2014-04-22 09:36:45.526326 7ff106fb5700 20 get_obj_state:
rctx=0x7ff100049230 obj=.users:KGXJJGKDM5G7G4CNKC7R state=0x7ff10000e4d8
s->prefetch_data=0
2014-04-22 09:36:45.526335 7ff106fb5700 10 moving
.users+KGXJJGKDM5G7G4CNKC7R to cache LRU end
2014-04-22 09:36:45.526338 7ff106fb5700 10 cache get:
name=.users+KGXJJGKDM5G7G4CNKC7R : hit
2014-04-22 09:36:45.526346 7ff106fb5700 20 get_obj_state: s->obj_tag was
set empty
2014-04-22 09:36:45.526352 7ff106fb5700 10 moving
.users+KGXJJGKDM5G7G4CNKC7R to cache LRU end
2014-04-22 09:36:45.526354 7ff106fb5700 10 cache get:
name=.users+KGXJJGKDM5G7G4CNKC7R : hit
2014-04-22 09:36:45.526367 7ff106fb5700 20 get_obj_state:
rctx=0x7ff10003f010 obj=.users.uid:admin state=0x7ff10000e4d8
s->prefetch_data=0
2014-04-22 09:36:45.526373 7ff106fb5700 10 moving .users.uid+admin to cache
LRU end
2014-04-22 09:36:45.526375 7ff106fb5700 10 cache get: name=.users.uid+admin
: hit
2014-04-22 09:36:45.526379 7ff106fb5700 20 get_obj_state: s->obj_tag was
set empty
2014-04-22 09:36:45.526382 7ff106fb5700 10 moving .users.uid+admin to cache
LRU end
2014-04-22 09:36:45.526384 7ff106fb5700 10 cache get: name=.users.uid+admin
: hit
2014-04-22 09:36:45.526404 7ff106fb5700  0 NOTICE: missing date for auth
header
2014-04-22 09:36:45.526407 7ff106fb5700 10 failed to create auth header

2014-04-22 09:36:45.526408 7ff106fb5700 10 failed to authorize request
2014-04-22 09:36:45.526431 7ff106fb5700  2 req 16:0.000304::GET
/admin/usage:get_usage:http status=403
2014-04-22 09:36:45.526571 7ff106fb5700  1 ====== req done req=0x1ec2b70
http_status=403 ======
2014-04-22 09:36:53.047233 7ff16effd700  2
RGWDataChangesLog::ChangesRenewThread: start
2014-04-22 09:37:15.047365 7ff16effd700  2
RGWDataChangesLog::ChangesRenewThread: start
2014-04-22 09:37:37.047488 7ff16effd700  2
RGWDataChangesLog::ChangesRenewThread: start
2014-04-22 09:37:59.047561 7ff16effd700  2
RGWDataChangesLog::ChangesRenewThread: start
------------------------

Thanks,


On Tue, Apr 22, 2014 at 12:42 AM, Yehuda Sadeh <yeh...@inktank.com> wrote:

>
>
>
> On Fri, Apr 18, 2014 at 10:07 PM, Punit Dambiwal <hypu...@gmail.com>wrote:
>
>> Hi Yehuda,
>>
>> I have used the method in this blog to pass the header information
>> http://blog.defunct.ca/2013/10/10/using-the-radosgw-admin-api/ and gave
>> like
>>
>> Authorization: AWS {access-key}:{hash-of-header-
>> and-secret}
>>
>> and the complete command like
>>
>> curl -i 'http://gateway.3linux.com/admin/usage?format=json' -X GET -H
>> 'Authorization: AWS KGXJJGKDM5G7G4CNKC7R:
>> LC7S0twZdhtXA1XxthfMDsj5TgJpeKhZrloWa9WN' -H 'Host: gateway.3linux.com'
>> -H 'Content-Length: 0'
>>
>> After running the above command execution getting an access denied error
>> message. Is there any issues in the above header information ? or could you
>> please explain how we can authenticate using access keys and access tokens
>> ? or how we can pass the header information ?
>>
>>
> If done correctly it should work. What does the rgw log say? (add 'debug
> rgw = 20' to your ceph.conf).
>
> Yehuda
>
>
>>
>> On Sat, Apr 19, 2014 at 1:05 PM, Punit Dambiwal <hypu...@gmail.com>wrote:
>>
>>> Hi Yehuda,
>>>
>>> I have used the method in this blog to pass the header information
>>> http://blog.defunct.ca/2013/10/10/using-the-radosgw-admin-api/ and gave
>>> like
>>>
>>> Authorization: AWS {access-key}:{hash-of-header-
>>> and-secret}
>>>
>>> and the complete command like
>>>
>>> curl -i 'http://s3.linux.com/admin/usage?format=json' -X GET -H
>>> 'Authorization: AWS
>>> KGXJJGKDM5G7G4CNKC7R:LC7S0twZdhtXA1XxthfMDsj5TgJpeKhZrloWa9WN' -H 'Host:
>>> gateway.3linux.com' -H 'Content-Length: 0'
>>>
>>> After running the above command execution getting an access denied error
>>> message. Is there any issues in the above header information ? or could you
>>> please explain how we can authenticate using access keys and access tokens
>>> ? or how we can pass the header information ?
>>>
>>>
>>> On Thu, Apr 17, 2014 at 12:10 AM, Yehuda Sadeh <yeh...@inktank.com>wrote:
>>>
>>>> On Tue, Apr 15, 2014 at 11:33 PM, Punit Dambiwal <hypu...@gmail.com>
>>>> wrote:
>>>> > Hi,
>>>> >
>>>> > Still i am getting the same error,when i run the following :-
>>>> >
>>>> > ----------------------
>>>> > curl -i 'http://xxx.xlinux.com/admin/usage?format=json' -X GET -H
>>>> > 'Authorization: AWS
>>>> > YHFQ4D8BM835BCGERHTN:kXpM0XB9UjOadexDu2ZoP8s4nKjuoL0iIZhE\/+Gv' -H
>>>> 'Host:
>>>>
>>>>
>>>> Where did you come up with this authorization field? You need to sign
>>>> the message appropriately.
>>>>
>>>> Yehuda
>>>>
>>>> > xxx.xlinux.com' -H 'Content-Length: 0'
>>>> > HTTP/1.1 403 Forbidden
>>>> > Date: Wed, 16 Apr 2014 06:26:45 GMT
>>>> >
>>>> > Server: Apache/2.2.22 (Ubuntu)
>>>> > Accept-Ranges: bytes
>>>> > Content-Length: 23
>>>> > Content-Type: application/json
>>>> >
>>>> > {"Code":"AccessDenied"}
>>>> > -------------------
>>>> >
>>>> > Can any body help me to resolve this issue..
>>>> >
>>>> > Thanks,
>>>> > punit
>>>> >
>>>> >
>>>> > On Mon, Apr 14, 2014 at 11:55 AM, Punit Dambiwal <hypu...@gmail.com>
>>>> wrote:
>>>> >>
>>>> >> Hi,
>>>> >>
>>>> >> I am trying to list out all users using the Ceph S3 api and php.
>>>> These are
>>>> >> the lines of code which i used for
>>>> >>
>>>> >>
>>>> >>
>>>> >>
>>>> >>
>>>> --------------------------------------------------------------------------------------------------
>>>> >>
>>>> >>
>>>> >>
>>>> >>
>>>> >>
>>>> >> $url = "http://XXXX.Xlinux.com/admin/user?format=json";;
>>>> >>
>>>> >> $ch = curl_init ($url);
>>>> >>
>>>> >> curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET"); curl_setopt($ch,
>>>> >> CURLOPT_USERPWD,
>>>> >> "P8K3750Z3PP5MGUKQYBL:CB+Ioydr1XsmQF\/gQmE\/X3YsDjtDbxLZzByaU9t\/");
>>>> >>
>>>> >> curl_setopt($ch, CURLOPT_HTTPHEADER, array("Authorization: AWS
>>>> >> P8K3750Z3PP5MGUKQYBL:CB+Ioydr1XsmQF\/gQmE\/X3YsDjtDbxLZzByaU9t\/"));
>>>> >>
>>>> >> curl_setopt($ch, CURLOPT_HEADER, 0);
>>>> >>
>>>> >> curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch,
>>>> >> CURLOPT_BINARYTRANSFER,1); $response = curl_exec($ch); $output =
>>>> >> json_encode($response);
>>>> >>
>>>> >>
>>>> >>
>>>> >>     print_r($output);
>>>> >>
>>>> >>
>>>> >>
>>>> >>
>>>> >>
>>>> --------------------------------------------------------------------------------------------------
>>>> >>
>>>> >>
>>>> >>
>>>> >>
>>>> >>
>>>> >> I am getting an error: access denied as output. Could you please
>>>> check it
>>>> >> ?
>>>> >>
>>>> >>
>>>> >>
>>>> >> I have also tried the same using the curl command like
>>>> >>
>>>> >>
>>>> >>
>>>> >> curl -i 'http://XXX.Xlinux.com/admin/usage?format=json' -X GET -H
>>>> >>
>>>> >> 'Authorization: AWS
>>>> >>
>>>> >> P8K3750Z3PP5MGUKQYBL:CB+Ioydr1XsmQF\/gQmE\/X3YsDjtDbxLZzByaU9t\/' -H
>>>> >>
>>>> >> 'Host: XXX.Xlinux.com' -H 'Content-Length: 0'
>>>> >>
>>>> >>
>>>> >>
>>>> >> HTTP/1.1 403 Forbidden
>>>> >>
>>>> >> Date: Fri, 11 Apr 2014 10:08:20 GMT
>>>> >>
>>>> >> Server: Apache/2.2.22 (Ubuntu)
>>>> >>
>>>> >> Accept-Ranges: bytes
>>>> >>
>>>> >> Content-Length: 23
>>>> >>
>>>> >> Content-Type: application/json
>>>> >>
>>>> >>
>>>> >>
>>>> >> {"Code":"AccessDenied"}
>>>> >>
>>>> >>
>>>> >>
>>>> >> Can any body let me know if anything wrong in the above... ??
>>>> >>
>>>> >>
>>>> >>
>>>> >>
>>>> >>
>>>> >
>>>> >
>>>> > _______________________________________________
>>>> > ceph-users mailing list
>>>> > ceph-users@lists.ceph.com
>>>> > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>>>> >
>>>>
>>>
>>>
>>
>

_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Reply via email to