Hi Dmitri, Thanks, that was the problem! :-)
Btw, a related question: can I protect Riak CS Control from unauthenticated access, by requiring users to enter the admin credentials before they are allowed to view or edit information? Thanks, Siddhu From: Dmitri Zagidulin <dzagidu...@basho.com<mailto:dzagidu...@basho.com>> Date: Wednesday, 9 October 2013 19:22 To: Siddhu Warrier <siwar...@cisco.com<mailto:siwar...@cisco.com>> Cc: "riak-users@lists.basho.com<mailto:riak-users@lists.basho.com>" <riak-users@lists.basho.com<mailto:riak-users@lists.basho.com>> Subject: Re: Unable to configure Riak-CS-Control to manage users Ok, yes, I think the hostname mismatch betwen CS and CS Control is at issue (it's somewhat confusing, I agree). So: Since you have {cs_root_host, "s3.amazonaws.com<http://s3.amazonaws.com>"}, in CS Config, you want your cs_hostname to match that in CS Control's config. So, my CS Control config looks like: %% Instance of Riak CS you wish to talk to. {cs_hostname, "s3.amazonaws.com<http://s3.amazonaws.com>" }, {cs_port, 80 }, {cs_protocol, "http" }, %% Proxy information; necessary if you are using s3.amazonaws.com<http://s3.amazonaws.com> as %% your hostname. {cs_proxy_host, "localhost" }, {cs_proxy_port, 8080 }, (Your cs_proxy_host would be 10.0.1.202 or 127.0.0.1, depending on your setup). Does that make sense? Dmitri On Wed, Oct 9, 2013 at 12:22 PM, Siddhu Warrier (siwarrie) <siwar...@cisco.com<mailto:siwar...@cisco.com>> wrote: Hi Dmitri, Sorry I failed to attach the s3cfg file. Cheers, Siddhu From: Dmitri Zagidulin <dzagidu...@basho.com<mailto:dzagidu...@basho.com>> Date: Wednesday, 9 October 2013 16:51 To: Siddhu Warrier <siwar...@cisco.com<mailto:siwar...@cisco.com>> Cc: "riak-users@lists.basho.com<mailto:riak-users@lists.basho.com>" <riak-users@lists.basho.com<mailto:riak-users@lists.basho.com>> Subject: Re: Unable to configure Riak-CS-Control to manage users Ok, I suspect it has to do with a mismatch between cs_root_host setting in riakcs.app.config and the corresponding setting in riak-cs-control.app.config. Can you attach your .s3cfg, so I can confirm? Dmitri On Wed, Oct 9, 2013 at 11:16 AM, Siddhu Warrier (siwarrie) <siwar...@cisco.com<mailto:siwar...@cisco.com>> wrote: Hi Dmitri, Thanks again for your rapid reply! 1, 2) I have attached my riak, stanchion, riak-cs and riak-cs-control app.config files here 3) Things that work with s3cmd (s3 config attached): * Create a bucket, upload a file, download a file, delete buckets recursively, list contents of buckets [root@cpn-int-store-03 ~]# s3cmd mb s3://cloudcuckooland Bucket 's3://cloudcuckooland/' created [root@cpn-int-store-03 ~]# s3cmd put cobbler.ks s3://cloudcuckooland/shoemaker cobbler.ks -> s3://cloudcuckooland/shoemaker [1 of 1] 6964 of 6964 100% in 0s 114.14 kB/s done [root@cpn-int-store-03 ~]# s3cmd la 2013-10-09 14:47 6964 s3://cloudcuckooland/shoemaker [root@cpn-int-store-03 ~]# s3cmd get s3://cloudcuckooland/shoemaker /tmp/shoemaker.tmp s3://cloudcuckooland/shoemaker -> /tmp/shoemaker.tmp [1 of 1] 6964 of 6964 100% in 0s 659.50 kB/s done [root@cpn-int-store-03 ~]# s3cmd rb --force s3://cloudcuckooland WARNING: Bucket is not empty. Removing all the objects from it first. This may take some time... File s3://cloudcuckooland/shoemaker deleted Bucket 's3://cloudcuckooland/' removed Things that do not work: * Riak CS Control: Create user * Riak CS Control: List users Note: With anonymous user creation set to true, I was able to view information about users and modify them. I was however able to view the information about a particular user. [root@cpn-int-store-03 ~]# s3cmd get s3://riak-cs/user - s3://riak-cs/user -> <stdout> [1 of 1] <?xml version="1.0" encoding="UTF-8"?><User><Email>x...@cisco.com<mailto:x...@cisco.com></Email><DisplayName>xxxxx</DisplayName><Name>Rory Irvine</Name><KeyId>5VI-NIFLNIHKRNGKPBVX</KeyId><KeySec 338 of 338 100% in 0s 4.57 kB/s doneeySecret><Id>c26c71a140f18b6853b45fd3ce4a672e0471b62a04920c2a77def7a0bfbcde0d</Id><Status>enabled</Status></User> [root@cpn-int-store-03 ~]# s3cmd get s3://riak-cs/user/9UND62Q1-EIDE9YO1GI0 - s3://riak-cs/user/9UND62Q1-EIDE9YO1GI0 -> <stdout> [1 of 1] <?xml version="1.0" encoding="UTF-8"?><User><Email>foo...@example.com<mailto:foo...@example.com></Email><DisplayName>foobar</DisplayName><Name>foo bar</Name><KeyId>9UND62Q1-EIDE9YO1GI0</KeyId><KeySecret>4o 333 of 333 100% in 0s 43.04 kB/s doneet><Id>6057fd7d3a7c43b06f839441585d35de197baa57a4696318803afd81c5887aec</Id><Status>disabled</Status></User> Thanks, Siddhu From: Dmitri Zagidulin <dzagidu...@basho.com<mailto:dzagidu...@basho.com>> Date: Wednesday, 9 October 2013 16:02 To: Siddhu Warrier <siwar...@cisco.com<mailto:siwar...@cisco.com>> Cc: "riak-users@lists.basho.com<mailto:riak-users@lists.basho.com>" <riak-users@lists.basho.com<mailto:riak-users@lists.basho.com>> Subject: Re: Unable to configure Riak-CS-Control to manage users Thanks Siddhu, Couple more questions. 1) Can you include a couple more sections from the Riak CS config (specifically, the anonymous_user_creation section and the admin_key). 2) Just to double-check, can you re-include the Riak CS Control config? (the whole riak_cs_control section). 3) Describe again exactly which parts are working and which aren't. What do you see when you open the Riak CS Control web interface? (And which commands are working with s3cmd?) On Wed, Oct 9, 2013 at 10:50 AM, Siddhu Warrier (siwarrie) <siwar...@cisco.com<mailto:siwar...@cisco.com>> wrote: Hi Dimitri, Thank you for your email. I just tried this. I still have the same problem, except that I no longer get 403 errors in my Riak CS error log (as a matter of fact, I get nothing at all in my Riak CS, Riak CS Control, Stanchion, and Riak error logs). I've put the basic config section of my riak-cs/app.config here for your reference. %% Riak CS http/https port and IP address to listen at %% for object storage activity {cs_ip, "10.0.1.202"}, {cs_port, 8080 } , %% Riak node to which Riak CS accesses {riak_ip, "10.0.1.202"}, {riak_pb_port, 8087 } , %% Configuration for access to request %% serialization service {stanchion_ip, "10.0.1.202"}, {stanchion_port, 8085 }, {stanchion_ssl, false }, Thanks, Siddhu From: Dmitri Zagidulin <dzagidu...@basho.com<mailto:dzagidu...@basho.com>> Date: Wednesday, 9 October 2013 15:38 To: Siddhu Warrier <siwar...@cisco.com<mailto:siwar...@cisco.com>> Cc: "riak-users@lists.basho.com<mailto:riak-users@lists.basho.com>" <riak-users@lists.basho.com<mailto:riak-users@lists.basho.com>> Subject: Re: Unable to configure Riak-CS-Control to manage users (Just to be extra clear, that's meant to be a comma at the end of that directive, not a period. Also, don't forget to restart Riak CS Control, after changing the proxy host). On Wed, Oct 9, 2013 at 10:36 AM, Dmitri Zagidulin <dzagidu...@basho.com<mailto:dzagidu...@basho.com>> wrote: Hi Siddhu, Can you try changing 'cs_proxy_host' to localhost? So: {cs_proxy_host, "127.0.0.1" }. and retry. On Wed, Oct 9, 2013 at 9:55 AM, Siddhu Warrier (siwarrie) <siwar...@cisco.com<mailto:siwar...@cisco.com>> wrote: Hi, I have a two node Riak CS (1.4) cluster set up on two nodes (node-1 and node-2 henceforth). Node-1 is the headnode. Both node-1 and node-2 are running CentOS-6.4. Node-1 * Riak 1.4.2 * Stanchion 1.4.1 * Riak-CS 1.4.1 * Riak-CS-Control 1.0.2 Node-2 * Riak 1.4.2 * Riak-CS 1.4.1 I have got Riak CS working, and have created admin credentials that I've set correctly on stanchion, riak-cs, and riak-cs-control on node 1, and on riak-cs on node 2. I am able to use the admin credentials to perform operations on the bucket using s3cmd. However, when I try to list riak-cs users using the riak-cs-control, I get no results. The error that comes up in /var/log/riak-cs.log is: 10.0.1.202 - - [09/Oct/2013:13:09:31 +0000] "GET /buckets/users/objects HTTP/1.1" 403 160 "" "" I also receive a 403 when I try to create an admin user. I saw https://github.com/basho/riak_cs_control/issues/31 and set my /etc/riak-cs-control/app.config file up to use the cs_proxy_host parameter as well, though I'm not using proxies, but to no avail. I have reproduced the relevant section of my riak-cs-control/app.config here: {riak_cs_control, [ %% What port to run the application on. {port, 8000 }, %% Instance of Riak CS you wish to talk to. {cs_hostname, "10.0.1.202" }, {cs_port, 8080 }, {cs_protocol, "http" }, %% Proxy information; necessary if you are using s3.amazonaws.com<http://s3.amazonaws.com> as %% your hostname. {cs_proxy_host, "10.0.1.202" }, {cs_proxy_port, 8080 }, %% Credentials you want the application to run as. {cs_admin_key, "5VI-NIFLNIHKRNGKPBVX" }, {cs_admin_secret, "xxxxxxx" }, %% Specify the bucket name for administration options. {cs_administration_bucket, "riak-cs" } ]}, Is there something I am missing/doing wrong? Thanks, Siddhu _______________________________________________ riak-users mailing list riak-users@lists.basho.com<mailto:riak-users@lists.basho.com> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
_______________________________________________ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
