After setting admin.key and admin.secret in /etc/stanchion/stanchion.conf, "s3cmd mb" succeeded! Thank you very much!
----- Original Message ----- Subject: Re: Creating a new bucket by s3cmd results in access denied Date: Wed, 11 Nov 2015 23:04:17 +0900 From: Kazuhiro Suzuki <k...@basho.com> To: "野島 裕輔"<yusuke-noj...@cybozu.co.jp> Cc: riak-users <riak-users@lists.basho.com> Kazuhiro Suzuki wrote: > I forgot to reply all. > > On Wed, Nov 11, 2015 at 10:58 PM, Kazuhiro Suzuki <k...@basho.com> wrote: > > One possibility is that riak_cs and stanchion have different admin.key > > and admin secret. So, please make sure whether your riak-cs.conf and > > stanchion.conf have the same admin.key and admin.secret. If not, > > stanchion responds 403 as a signature does not match. > > > > On Wed, Nov 11, 2015 at 5:12 PM, 野島 裕輔 <yusuke-noj...@cybozu.co.jp> wrote: > >> I have installed the Riak, Stanchion and Riak CS to Ubuntu 14.04, and > >> created an admin user. > >> Then I attempted to create the new bucket with s3cmd, but it resulted in > >> AccessDenied error. > >> > >> I tried the solution of > >> http://riak-users.197444.n3.nabble.com/RIAK-CS-Unable-to-create-bucket-using-s3cmd-AccessDenied-td4032375.html, > >> but still does not work. > >> > >> I found another thread > >> http://riak-users.197444.n3.nabble.com/ERROR-S3-error-403-AccessDenied-Access-Denied-with-s3cmd-tt4033610.html, > >> but no one answered the thread. > >> > >> Any ideas what was wrong with my setup? > >> Thanks for the help in advance. > >> > >> ------------------------- > >> $ s3cmd mb s3://test > >> DEBUG: Updating Config.Config encoding -> UTF-8 > >> DEBUG: Updating Config.Config follow_symlinks -> False > >> DEBUG: Updating Config.Config verbosity -> 30 > >> DEBUG: Unicodising 'mb' using UTF-8 > >> DEBUG: Unicodising 's3://test' using UTF-8 > >> DEBUG: Command: mb > >> DEBUG: SignHeaders: 'PUT\n\n\n\nx-amz-date:Wed, 11 Nov 2015 07:36:55 > >> +0000\n/test/' > >> DEBUG: CreateRequest: resource[uri]=/ > >> DEBUG: SignHeaders: 'PUT\n\n\n\nx-amz-date:Wed, 11 Nov 2015 07:36:55 > >> +0000\n/test/' > >> DEBUG: Processing request, please wait... > >> DEBUG: get_hostname(test): test.s3.amazonaws.com > >> DEBUG: format_uri(): http://test.s3.amazonaws.com/ > >> DEBUG: Sending request method_string='PUT', > >> uri='http://test.s3.amazonaws.com/', headers={'content-length': '0', > >> 'Authorization': 'AWS LS_P9JF815TCCKTFOD4O:USeKvJH40fSHJy8kZFnRyJxGgcY=', > >> 'x-amz-date': 'Wed, 11 Nov 2015 07:36:55 +0000'}, body=(0 bytes) > >> DEBUG: Response: {'status': 403, 'headers': {'date': 'Wed, 11 Nov 2015 > >> 07:36:55 GMT', 'content-length': '159', 'content-type': 'application/xml', > >> 'server': 'Riak CS'}, 'reason': 'Forbidden', 'data': '<?xml version="1.0" > >> encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access > >> Denied</Message><Resource>/test</Resource><RequestId></RequestId></Error>'} > >> DEBUG: S3Error: 403 (Forbidden) > >> DEBUG: HttpHeader: date: Wed, 11 Nov 2015 07:36:55 GMT > >> DEBUG: HttpHeader: content-length: 159 > >> DEBUG: HttpHeader: content-type: application/xml > >> DEBUG: HttpHeader: server: Riak CS > >> DEBUG: ErrorXML: Code: 'AccessDenied' > >> DEBUG: ErrorXML: Message: 'Access Denied' > >> DEBUG: ErrorXML: Resource: '/test' > >> DEBUG: ErrorXML: RequestId: None > >> ERROR: Access to bucket 'test' was denied > >> > >> ------------------------- > >> /var/log/stanchion/console.log says that the presented signature does not > >> match: > >> > >> 2015-11-11 07:36:55.683 [debug] <0.169.0>@stanchion_auth:authenticate:41 > >> Presented Signature: "rVYpULyFn0zsqUhizDUlQI+LfzA=" > >> Calculated Signature: "aHCNYOFa7XT8PKS64fKNYyh7JGc=" > >> > >> ------------------------- > >> My .s3cfg looks like: > >> > >> [default] > >> access_key = LS_P9JF815TCCKTFOD4O > >> bucket_location = US > >> cloudfront_host = cloudfront.amazonaws.com > >> default_mime_type = binary/octet-stream > >> delete_removed = False > >> dry_run = False > >> enable_multipart = True > >> encoding = UTF-8 > >> encrypt = False > >> follow_symlinks = False > >> force = False > >> get_continue = False > >> gpg_command = /usr/bin/gpg > >> gpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes > >> --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s > >> gpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes > >> --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s > >> gpg_passphrase = cybozu123 > >> guess_mime_type = True > >> host_base = s3.amazonaws.com > >> host_bucket = %(bucket)s.s3.amazonaws.com > >> human_readable_sizes = False > >> invalidate_on_cf = False > >> list_md5 = False > >> log_target_prefix = > >> mime_type = > >> multipart_chunk_size_mb = 15 > >> preserve_attrs = True > >> progress_meter = True > >> proxy_host = 127.0.0.1 > >> proxy_port = 8080 > >> recursive = False > >> recv_chunk = 4096 > >> reduced_redundancy = False > >> secret_key = dz0oUJqZBowOmTobwyaCaZcrO7PgL69ArCSnfQ== > >> send_chunk = 4096 > >> simpledb_host = sdb.amazonaws.com > >> skip_existing = False > >> socket_timeout = 300 > >> urlencoding_mode = normal > >> use_https = False > >> verbosity = DEBUG > >> website_endpoint = http://%(bucket)s.s3-website-%(location)s.amazonaws.com/ > >> website_error = > >> website_index = index.html > >> signature_v2 = True > >> > >> > >> ------------------------- > >> Versions: > >> > >> riak: 2.0.5 > >> riak-cs: 2.0.1 > >> stanchion: 2.0.0 > >> s3cmd: 1.1.0-beta3 > >> > >> ------------------------- > >> Traffic between Riak CS and Stanchion aquired by tcpdump is: > >> > >> POST /buckets HTTP/1.1 > >> content-type: application/json > >> content-md5: owB6xF/s2H7XLFzMR3vYnw== > >> content-length: 462 > >> te: > >> host: 127.0.0.1:8085 > >> authorization: MOSS LS_P9JF815TCCKTFOD4O:rVYpULyFn0zsqUhizDUlQI+LfzA= > >> date: Wed, 11 Nov 2015 07:36:55 GMT > >> connection: keep-alive > >> > >> {"bucket":"test","requester":"LS_P9JF815TCCKTFOD4O","acl":{"version":1,"owner":{"display_name":"yusuke-nojima","canonical_id":"7a48a8c7c33b1f9e72793cd06e4ca9b505389543bf17f3c056be289d17d10bc0","key_id":"LS_ > >> P9JF815TCCKTFOD4O"},"grants":[{"display_name":"yusuke-nojima","canonical_id":"7a48a8c7c33b1f9e72793cd06e4ca9b505389543bf17f3c056be289d17d10bc0","permissions":["FULL_CONTROL"]}],"creation_time":{"mega_seconds":1447,"seconds":227415,"micro_seconds":682371}}} > >> > >> > >> HTTP/1.1 403 Forbidden > >> Server: MochiWeb/1.1 WebMachine/1.10.8 (that head fake, tho) > >> Date: Wed, 11 Nov 2015 07:36:55 GMT > >> Content-Length: 162 > >> > >> <?xml version="1.0" > >> encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access > >> Denied</Message><Resource>/test</Resource><RequestId></RequestId></Error> > >> > >> > >> ------------------------- > >> "s3cmd ls" works fine: > >> > >> $ s3cmd ls > >> DEBUG: Updating Config.Config encoding -> UTF-8 > >> DEBUG: Updating Config.Config follow_symlinks -> False > >> DEBUG: Updating Config.Config verbosity -> 30 > >> DEBUG: Unicodising 'ls' using UTF-8 > >> DEBUG: Command: ls > >> DEBUG: SignHeaders: 'GET\n\n\n\nx-amz-date:Wed, 11 Nov 2015 07:47:00 > >> +0000\n/' > >> DEBUG: CreateRequest: resource[uri]=/ > >> DEBUG: SignHeaders: 'GET\n\n\n\nx-amz-date:Wed, 11 Nov 2015 07:47:00 > >> +0000\n/' > >> DEBUG: Processing request, please wait... > >> DEBUG: get_hostname(None): s3.amazonaws.com > >> DEBUG: format_uri(): http://s3.amazonaws.com/ > >> DEBUG: Sending request method_string='GET', > >> uri='http://s3.amazonaws.com/', headers={'content-length': '0', > >> 'Authorization': 'AWS LS_P9JF815TCCKTFOD4O:y6iQZ6mli0mMQ7n7V/a1hJti0r8=', > >> 'x-amz-date': 'Wed, 11 Nov 2015 07:47:00 +0000'}, body=(0 bytes) > >> DEBUG: Response: {'status': 200, 'headers': {'date': 'Wed, 11 Nov 2015 > >> 07:47:00 GMT', 'content-length': '273', 'content-type': 'application/xml', > >> 'server': 'Riak CS'}, 'reason': 'OK', 'data': '<?xml version="1.0" > >> encoding="UTF-8"?><ListAllMyBucketsResult > >> xmlns="http://s3.amazonaws.com/doc/2006-03-01/";><Owner><ID>7a48a8c7c33b1f9e72793cd06e4ca9b505389543bf17f3c056be289d17d10bc0</ID><DisplayName>yusuke-nojima</DisplayName></Owner><Buckets/></ListAllMyBucketsResult>'} > >> > >> ------------------------- > >> > >> _______________________________________________ > >> riak-users mailing list > >> riak-users@lists.basho.com > >> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com > > > > > > > > -- > > Kazuhiro Suzuki | Basho Japan KK > > > > -- > Kazuhiro Suzuki | Basho Japan KK _______________________________________________ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
