Ceph S3 API is broken out of the box
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fuel for OpenStack |
Fix Released
|
High
|
Maksim Malchuk | ||
6.0.x |
Won't Fix
|
High
|
MOS Maintenance | ||
6.1.x |
Fix Released
|
High
|
Bartłomiej Piotrowski | ||
7.0.x |
Won't Fix
|
High
|
Alexey Stupnikov | ||
8.0.x |
Won't Fix
|
High
|
Alexey Stupnikov |
Bug Description
HA+Ubuntu+Ceph for all, RBD, RadosGW
3 controllers, 2 compute+OSD
When trying to connect using S3 API I got "AccessDenied"
Was tried different conbinations of access_
If open into browser or get via curl the link to the bucket (http://
Utilites that was used: dragondisk, s3cmd, s3curl, shell script (attached), boto
VERSION:
feature_groups:
- mirantis
production: "docker"
release: "6.0"
api: "1.0"
build_number: "58"
build_id: "2014-12-
astute_sha: "16b252d93be6aa
fuellib_sha: "fde8ba5e11a1ac
ostf_sha: "a9afb68710d809
nailgun_sha: "5f91157daa6798
fuelmain_sha: "81d38d6f2903b5
HA+Ubuntu+Ceph for all, RBD, RadosGW
3 controllers, 2 compute+OSD
root@node-6:~# radosgw-admin user info --uid=s3test
{ "user_id": "s3test",
"display_name": "S3Test",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [
{ "id": "s3test:stest",
"keys": [
{ "user": "s3test",
{ "user": "s3test:stest",
"swift_keys": [
{ "user": "s3test:stest",
"caps": [],
"op_mask": "read, write, delete",
"default_
"placement_tags": [],
"bucket_quota": { "enabled": false,
"
"
"user_quota": { "enabled": false,
"
"
"temp_url_keys": []}
root@node-6:~# swift stat -v
X-Account-
curl http://
<ListBucketResult xmlns="http://
<Name>s3-
<Prefix/>
<Marker/>
<MaxKeys>
<IsTruncated>
<Contents>
<Key>Selection_
<LastModified>
<ETag>"
<Size>187191</Size>
<StorageClass>
<Owner>
<ID>6849069053f
<DisplayName>
</Owner>
</Contents>
</ListBucketResult>
Controller IP 172.16.0.6
HTTP/1.1 403 Forbidden
Date: Tue, 21 Apr 2015 14:30:21 GMT
Server: Apache/2.2.22 (Ubuntu)
Accept-Ranges: bytes
Content-Length: 78
Content-Type: application/xml
<?xml version="1.0" encoding=
was used any of available pair access_
#./s3curl.pl --id 3VJ8Y2SY5ZSLWQH
* Rebuilt URL to: http://
* Hostname was NOT found in DNS cache
* Trying 172.16.0.6...
* Connected to 172.16.0.6 (172.16.0.6) port 8080 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: 172.16.0.6:8080
> Accept: */*
> Date: wed, 22 apr 2015 06:26:33 +0000
> Authorization: AWS 3VJ8Y2SY5ZSLWQH
>
< HTTP/1.1 403 Forbidden
< Date: Wed, 22 Apr 2015 06:26:28 GMT
* Server Apache/2.2.22 (Ubuntu) is not blacklisted
< Server: Apache/2.2.22 (Ubuntu)
< Accept-Ranges: bytes
< Content-Length: 78
< Content-Type: application/xml
<
* Connection #0 to host 172.16.0.6 left intact
<?xml version="1.0" encoding=
script to test swift API attached (test.tar.gz)
./test.sh
Objects in bucket s3-test:
authHeader : JdcitS/
authHeader : 3VJ8Y2SY5ZSLWQH
HTTP/1.1 200 OK
Date: Tue, 21 Apr 2015 14:36:31 GMT
Server: Apache/2.2.22 (Ubuntu)
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/plain; charset=utf-8
Selection_167.png
description: | updated |
Changed in fuel: | |
importance: | Undecided → Critical |
tags: | added: customer-found |
summary: |
- Unable to connect via S3 API + Ceph S3 API is broken out of the box |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
tags: | added: on-verification |
no longer affects: | fuel/future |
tags: | added: area-library |
tags: | added: team-bugfixx |
tags: |
added: team-bugfix removed: team-bugfixx |
tags: | added: wontfix-feature |
no longer affects: | fuel/future |
no longer affects: | fuel/mitaka |
@Denis, thank you for posting this bug. But I am not sure that this is a bug at all - can you describe the actual sequence of actions you performed and what should have happened if everything was configured correctly according to your expectations?
I see that you are using some custom script to authenticate through s3 api of radosgw, but I am not sure that you are providing correct credentials.
First of all, I cannot understand what test.sh script is actually doing. As far as I see it returned error code 200. What does this mean?
Secondly, there is no code of ./s3curl.pl, so we cannot be sure that s3curl actually passes credentials as S3 API is expecting.
Next, I see that you are using curl to access S3 API without providing any access information. Why do you think it should give you anything than 403/401 error code?
We would really appreciate if you provided more info on this as it would make bugfixing process much easier.
Thank you.