The reason for the hostname having to be equal on both hosts is because the HMAC which is generated as part of the S3 API uses this information. The following document contains more information.
http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html - Chris -- Christopher Meiklejohn Software Engineer Basho Technologies, Inc. On Wednesday, October 9, 2013 at 2:22 PM, Dmitri Zagidulin wrote: > Ok, yes, I think the hostname mismatch betwen CS and CS Control is at issue > (it's somewhat confusing, I agree). > > So: > Since you have > > {cs_root_host, "s3.amazonaws.com (http://s3.amazonaws.com)"}, > > in CS Config, you want your cs_hostname to match that in CS Control's config. > So, my CS Control config looks like: > %% Instance of Riak CS you wish to talk to. > {cs_hostname, "s3.amazonaws.com (http://s3.amazonaws.com)" }, > {cs_port, 80 }, > {cs_protocol, "http" }, > > %% Proxy information; necessary if you are using s3.amazonaws.com > (http://s3.amazonaws.com) as > %% your hostname. > {cs_proxy_host, "localhost" }, > {cs_proxy_port, 8080 }, > > (Your cs_proxy_host would be 10.0.1.202 or 127.0.0.1, depending on your > setup). > > Does that make sense? > > Dmitri > > > > > On Wed, Oct 9, 2013 at 12:22 PM, Siddhu Warrier (siwarrie) > <siwar...@cisco.com (mailto:siwar...@cisco.com)> wrote: > > Hi Dmitri, > > > > Sorry I failed to attach the s3cfg file. > > > > Cheers, > > > > Siddhu > > > > From: Dmitri Zagidulin <dzagidu...@basho.com (mailto:dzagidu...@basho.com)> > > Date: Wednesday, 9 October 2013 16:51 > > > > To: Siddhu Warrier <siwar...@cisco.com (mailto:siwar...@cisco.com)> > > Cc: "riak-users@lists.basho.com (mailto:riak-users@lists.basho.com)" > > <riak-users@lists.basho.com (mailto:riak-users@lists.basho.com)> > > Subject: Re: Unable to configure Riak-CS-Control to manage users > > > > Ok, I suspect it has to do with a mismatch between cs_root_host setting in > > riakcs.app.config and the corresponding setting in > > riak-cs-control.app.config. Can you attach your .s3cfg, so I can confirm? > > > > Dmitri > > > > > > On Wed, Oct 9, 2013 at 11:16 AM, Siddhu Warrier (siwarrie) > > <siwar...@cisco.com (mailto:siwar...@cisco.com)> wrote: > > > Hi Dmitri, > > > > > > Thanks again for your rapid reply! > > > > > > 1, 2) I have attached my riak, stanchion, riak-cs and riak-cs-control > > > app.config files here > > > 3) > > > Things that work with s3cmd (s3 config attached): > > > Create a bucket, upload a file, download a file, delete buckets > > > recursively, list contents of buckets > > > > > > [root@cpn-int-store-03 ~]# s3cmd mb s3://cloudcuckooland > > > Bucket 's3://cloudcuckooland/' created > > > [root@cpn-int-store-03 ~]# s3cmd put cobbler.ks > > > s3://cloudcuckooland/shoemaker > > > cobbler.ks -> s3://cloudcuckooland/shoemaker [1 of 1] > > > 6964 of 6964 100% in 0s 114.14 kB/s done > > > [root@cpn-int-store-03 ~]# s3cmd la > > > 2013-10-09 14:47 6964 s3://cloudcuckooland/shoemaker > > > > > > [root@cpn-int-store-03 ~]# s3cmd get s3://cloudcuckooland/shoemaker > > > /tmp/shoemaker.tmp > > > s3://cloudcuckooland/shoemaker -> /tmp/shoemaker.tmp [1 of 1] > > > 6964 of 6964 100% in 0s 659.50 kB/s done > > > > > > [root@cpn-int-store-03 ~]# s3cmd rb --force s3://cloudcuckooland > > > WARNING: Bucket is not empty. Removing all the objects from it first. > > > This may take some time... > > > File s3://cloudcuckooland/shoemaker deleted > > > Bucket 's3://cloudcuckooland/' removed > > > > > > > > > Things that do not work: > > > Riak CS Control: Create user > > > Riak CS Control: List users > > > > > > Note: With anonymous user creation set to true, I was able to view > > > information about users and modify them. > > > > > > I was however able to view the information about a particular user. > > > [root@cpn-int-store-03 ~]# s3cmd get s3://riak-cs/user - > > > s3://riak-cs/user -> <stdout> [1 of 1] > > > <?xml version="1.0" encoding="UTF-8"?><User><Email>x...@cisco.com > > > (mailto:x...@cisco.com)</Email><DisplayName>xxxxx</DisplayName><Name>Rory > > > Irvine</Name><KeyId>5VI-NIFLNIHKRNGKPBVX</KeyId><KeySec 338 of 338 100% > > > in 0s 4.57 kB/s > > > doneeySecret><Id>c26c71a140f18b6853b45fd3ce4a672e0471b62a04920c2a77def7a0bfbcde0d</Id><Status>enabled</Status></User> > > > > > > [root@cpn-int-store-03 ~]# s3cmd get > > > s3://riak-cs/user/9UND62Q1-EIDE9YO1GI0 - > > > s3://riak-cs/user/9UND62Q1-EIDE9YO1GI0 -> <stdout> [1 of 1] > > > <?xml version="1.0" encoding="UTF-8"?><User><Email>foo...@example.com > > > (mailto:foo...@example.com)</Email><DisplayName>foobar</DisplayName><Name>foo > > > bar</Name><KeyId>9UND62Q1-EIDE9YO1GI0</KeyId><KeySecret>4o 333 of 333 > > > 100% in 0s 43.04 kB/s > > > doneet><Id>6057fd7d3a7c43b06f839441585d35de197baa57a4696318803afd81c5887aec</Id><Status>disabled</Status></User> > > > > > > > > > Thanks, > > > > > > Siddhu > > > > > > From: Dmitri Zagidulin <dzagidu...@basho.com > > > (mailto:dzagidu...@basho.com)> > > > Date: Wednesday, 9 October 2013 16:02 > > > > > > To: Siddhu Warrier <siwar...@cisco.com (mailto:siwar...@cisco.com)> > > > Cc: "riak-users@lists.basho.com (mailto:riak-users@lists.basho.com)" > > > <riak-users@lists.basho.com (mailto:riak-users@lists.basho.com)> > > > Subject: Re: Unable to configure Riak-CS-Control to manage users > > > > > > Thanks Siddhu, > > > Couple more questions. > > > > > > 1) Can you include a couple more sections from the Riak CS config > > > (specifically, the anonymous_user_creation section and the admin_key). > > > > > > 2) Just to double-check, can you re-include the Riak CS Control config? > > > (the whole riak_cs_control section). > > > > > > 3) Describe again exactly which parts are working and which aren't. What > > > do you see when you open the Riak CS Control web interface? (And which > > > commands are working with s3cmd?) > > > > > > > > > > > > On Wed, Oct 9, 2013 at 10:50 AM, Siddhu Warrier (siwarrie) > > > <siwar...@cisco.com (mailto:siwar...@cisco.com)> wrote: > > > > Hi Dimitri, > > > > > > > > Thank you for your email. I just tried this. I still have the same > > > > problem, except that I no longer get 403 errors in my Riak CS error log > > > > (as a matter of fact, I get nothing at all in my Riak CS, Riak CS > > > > Control, Stanchion, and Riak error logs). > > > > > > > > I've put the basic config section of my riak-cs/app.config here for > > > > your reference. > > > > > > > > %% Riak CS http/https port and IP address to listen at > > > > %% for object storage activity > > > > {cs_ip, "10.0.1.202"}, > > > > {cs_port, 8080 } , > > > > > > > > %% Riak node to which Riak CS accesses > > > > {riak_ip, "10.0.1.202"}, > > > > {riak_pb_port, 8087 } , > > > > > > > > %% Configuration for access to request > > > > %% serialization service > > > > {stanchion_ip, "10.0.1.202"}, > > > > {stanchion_port, 8085 }, > > > > {stanchion_ssl, false }, > > > > > > > > > > > > Thanks, > > > > > > > > Siddhu > > > > > > > > From: Dmitri Zagidulin <dzagidu...@basho.com > > > > (mailto:dzagidu...@basho.com)> > > > > Date: Wednesday, 9 October 2013 15:38 > > > > To: Siddhu Warrier <siwar...@cisco.com (mailto:siwar...@cisco.com)> > > > > Cc: "riak-users@lists.basho.com (mailto:riak-users@lists.basho.com)" > > > > <riak-users@lists.basho.com (mailto:riak-users@lists.basho.com)> > > > > Subject: Re: Unable to configure Riak-CS-Control to manage users > > > > > > > > (Just to be extra clear, that's meant to be a comma at the end of that > > > > directive, not a period. Also, don't forget to restart Riak CS Control, > > > > after changing the proxy host). > > > > > > > > > > > > On Wed, Oct 9, 2013 at 10:36 AM, Dmitri Zagidulin <dzagidu...@basho.com > > > > (mailto:dzagidu...@basho.com)> wrote: > > > > > Hi Siddhu, > > > > > > > > > > Can you try changing 'cs_proxy_host' to localhost? So: > > > > > > > > > > {cs_proxy_host, "127.0.0.1" }. > > > > > > > > > > and retry. > > > > > > > > > > > > > > > > > > > > > > > > > On Wed, Oct 9, 2013 at 9:55 AM, Siddhu Warrier (siwarrie) > > > > > <siwar...@cisco.com (mailto:siwar...@cisco.com)> wrote: > > > > > > Hi, > > > > > > > > > > > > I have a two node Riak CS (1.4) cluster set up on two nodes (node-1 > > > > > > and node-2 henceforth). Node-1 is the headnode. Both node-1 and > > > > > > node-2 are running CentOS-6.4. > > > > > > > > > > > > Node-1 > > > > > > Riak 1.4.2 > > > > > > Stanchion 1.4.1 > > > > > > Riak-CS 1.4.1 > > > > > > Riak-CS-Control 1.0.2 > > > > > > > > > > > > Node-2 > > > > > > Riak 1.4.2 > > > > > > Riak-CS 1.4.1 > > > > > > > > > > > > I have got Riak CS working, and have created admin credentials that > > > > > > I've set correctly on stanchion, riak-cs, and riak-cs-control on > > > > > > node 1, and on riak-cs on node 2. I am able to use the admin > > > > > > credentials to perform operations on the bucket using s3cmd. > > > > > > > > > > > > However, when I try to list riak-cs users using the > > > > > > riak-cs-control, I get no results. The error that comes up in > > > > > > /var/log/riak-cs.log is: > > > > > > 10.0.1.202 - - [09/Oct/2013:13:09:31 +0000] "GET > > > > > > /buckets/users/objects HTTP/1.1" 403 160 "" "" > > > > > > > > > > > > I also receive a 403 when I try to create an admin user. > > > > > > > > > > > > I saw https://github.com/basho/riak_cs_control/issues/31 and set my > > > > > > /etc/riak-cs-control/app.config file up to use the cs_proxy_host > > > > > > parameter as well, though I'm not using proxies, but to no avail. I > > > > > > have reproduced the relevant section of my > > > > > > riak-cs-control/app.config here: > > > > > > {riak_cs_control, [ > > > > > > %% What port to run the application on. > > > > > > {port, 8000 }, > > > > > > > > > > > > %% Instance of Riak CS you wish to talk to. > > > > > > {cs_hostname, "10.0.1.202" }, > > > > > > {cs_port, 8080 }, > > > > > > {cs_protocol, "http" }, > > > > > > > > > > > > %% Proxy information; necessary if you are using s3.amazonaws.com > > > > > > (http://s3.amazonaws.com) as > > > > > > %% your hostname. > > > > > > {cs_proxy_host, "10.0.1.202" }, > > > > > > {cs_proxy_port, 8080 }, > > > > > > > > > > > > %% Credentials you want the application to run as. > > > > > > {cs_admin_key, "5VI-NIFLNIHKRNGKPBVX" }, > > > > > > {cs_admin_secret, "xxxxxxx" }, > > > > > > > > > > > > %% Specify the bucket name for administration options. > > > > > > {cs_administration_bucket, "riak-cs" } > > > > > > ]}, > > > > > > > > > > > > > > > > > > Is there something I am missing/doing wrong? > > > > > > > > > > > > Thanks, > > > > > > > > > > > > Siddhu > > > > > > _______________________________________________ > > > > > > riak-users mailing list > > > > > > riak-users@lists.basho.com (mailto:riak-users@lists.basho.com) > > > > > > http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com > > > > > > > > > > > > > > > > > _______________________________________________ > riak-users mailing list > riak-users@lists.basho.com (mailto:riak-users@lists.basho.com) > http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com _______________________________________________ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
