mostly this exposing differences in the swift implementation of s3, which
doesn't support signed urls without additional middleware, and apparently
creates buckets public by default (the opposite of s3). The openstack_s3
component exists primarily for installations without swift/objectstore
installations.
On Mon, Oct 8, 2012 at 11:29 PM, Ryan Finnie <email address hidden>wrote:
> It appears the bootstrap node is trying to get $BUCKET/juju_master_id
> using an invalid query string authentication method.
>
> JUJU_CLIENT_IP - - [09/Oct/2012:02:40:33 +0000] "GET
> /juju-rfinnie-metadata-swift/provider-state HTTP/1.0" 404 4747 "-" "Twisted
> PageGetter"
> JUJU_CLIENT_IP - - [09/Oct/2012:02:40:34 +0000] "PUT
> /juju-rfinnie-metadata-swift/bootstrap-verify HTTP/1.0" 404 4747 "-"
> "Twisted PageGetter"
> JUJU_CLIENT_IP - - [09/Oct/2012:02:40:35 +0000] "PUT
> /juju-rfinnie-metadata-swift/ HTTP/1.0" 200 4678 "-" "Twisted PageGetter"
> JUJU_CLIENT_IP - - [09/Oct/2012:02:40:36 +0000] "PUT
> /juju-rfinnie-metadata-swift/bootstrap-verify HTTP/1.0" 200 4630 "-"
> "Twisted PageGetter"
> JUJU_CLIENT_IP - - [09/Oct/2012:02:40:42 +0000] "PUT
> /juju-rfinnie-metadata-swift/juju_master_id HTTP/1.0" 200 4630 "-" "Twisted
> PageGetter"
> JUJU_CLIENT_IP - - [09/Oct/2012:02:40:43 +0000] "PUT
> /juju-rfinnie-metadata-swift/provider-state HTTP/1.0" 200 4630 "-" "Twisted
> PageGetter"
> BOOTSTRAP_IP - - [09/Oct/2012:02:44:38 +0000] "GET
> /juju-rfinnie-metadata-swift/juju_master_id?Signature=REMOVED HTTP/1.1" 401
> 4895 "-" "curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1
> zlib/1.2.3.4 libidn/1.23 librtmp/2.3"
>
> According to http://s3.amazonaws.com/doc/s3-developer-
> guide/RESTAuthentication.html, query string authentication requires
> AWSAccessKeyId, Expires and Signature, while the bootstrap node is only
> providing Signature. I'm guessing this is papered over in real S3
> because Juju is setting the bucket to full global read (!!!), and swift3
> does not support S3 ACLs, so the container/bucket is still restricted to
> only the owner.
>
> --
> You received this bug notification because you are subscribed to juju.
> https://bugs.launchpad.net/bugs/1064015
>
> Title:
> openstack_s3 with Swift S3 API does not bootstrap correctly
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/juju/+bug/1064015/+subscriptions
>
mostly this exposing differences in the swift implementation of s3, which
doesn't support signed urls without additional middleware, and apparently
creates buckets public by default (the opposite of s3). The openstack_s3
component exists primarily for installations without swift/objectstore
installations.
On Mon, Oct 8, 2012 at 11:29 PM, Ryan Finnie <email address hidden>wrote:
> It appears the bootstrap node is trying to get $BUCKET/ juju_master_ id 2012:02: 40:33 +0000] "GET metadata- swift/provider- state HTTP/1.0" 404 4747 "-" "Twisted 2012:02: 40:34 +0000] "PUT metadata- swift/bootstrap -verify HTTP/1.0" 404 4747 "-" 2012:02: 40:35 +0000] "PUT metadata- swift/ HTTP/1.0" 200 4678 "-" "Twisted PageGetter" 2012:02: 40:36 +0000] "PUT metadata- swift/bootstrap -verify HTTP/1.0" 200 4630 "-" 2012:02: 40:42 +0000] "PUT metadata- swift/juju_ master_ id HTTP/1.0" 200 4630 "-" "Twisted 2012:02: 40:43 +0000] "PUT metadata- swift/provider- state HTTP/1.0" 200 4630 "-" "Twisted 2012:02: 44:38 +0000] "GET metadata- swift/juju_ master_ id?Signature= REMOVED HTTP/1.1" 401 pc-linux- gnu) libcurl/7.22.0 OpenSSL/1.0.1 s3.amazonaws. com/doc/ s3-developer- ntication. html, query string authentication requires /bugs.launchpad .net/bugs/ 1064015 /bugs.launchpad .net/juju/ +bug/1064015/ +subscriptions
> using an invalid query string authentication method.
>
> JUJU_CLIENT_IP - - [09/Oct/
> /juju-rfinnie-
> PageGetter"
> JUJU_CLIENT_IP - - [09/Oct/
> /juju-rfinnie-
> "Twisted PageGetter"
> JUJU_CLIENT_IP - - [09/Oct/
> /juju-rfinnie-
> JUJU_CLIENT_IP - - [09/Oct/
> /juju-rfinnie-
> "Twisted PageGetter"
> JUJU_CLIENT_IP - - [09/Oct/
> /juju-rfinnie-
> PageGetter"
> JUJU_CLIENT_IP - - [09/Oct/
> /juju-rfinnie-
> PageGetter"
> BOOTSTRAP_IP - - [09/Oct/
> /juju-rfinnie-
> 4895 "-" "curl/7.22.0 (x86_64-
> zlib/1.2.3.4 libidn/1.23 librtmp/2.3"
>
> According to http://
> guide/RESTAuthe
> AWSAccessKeyId, Expires and Signature, while the bootstrap node is only
> providing Signature. I'm guessing this is papered over in real S3
> because Juju is setting the bucket to full global read (!!!), and swift3
> does not support S3 ACLs, so the container/bucket is still restricted to
> only the owner.
>
> --
> You received this bug notification because you are subscribed to juju.
> https:/
>
> Title:
> openstack_s3 with Swift S3 API does not bootstrap correctly
>
> To manage notifications about this bug go to:
> https:/
>