Hi Yehuda,
We are using the same above method to call the api and used the way
which described in the
http://ceph.com/docs/master/radosgw/s3/authentication/#access-control-lists-acls
for connection. The method in the
http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html
is for generating the hash of the header string and secret keys, since
these keys are created already and i think we don't need this method,
right ?
I also tried one function to list out the bucket data as like
curl -i 'http://gateway.3linux.com/test?format=json' -X GET -H
'Authorization: AWS
KGXJJGKDM5G7G4CNKC7R:LC7S0twZdhtXA1XxthfMDsj5TgJpeKhZrloWa9WN' -H 'Host:
gateway.3linux.com' -H 'Date: Mon, 28 April 2014 07:25:00 GMT ' -H
'Content-Length: 0'
but its also getting the access denied error. But i can view the bucket
details by directly entering http://gateway.3linux.com/test?format=json
in the browser. What do you think ? what may be the reason ? I am able
to connect and list buckets etc using cyberduck ftp clients these access
keys but unable to do with the function calls.
On Saturday 26 April 2014 10:17 AM, Punit Dambiwal wrote:
Hi Shanil,
I got the following reply from community :-
Still signing issues. If you're manually constructing the auth header
you need to make it look like the above (copy pasted here):
> 2014-04-25 15:52:56.988239 7f00d37c6700 10 auth_hdr:
> GET
>
>
> Fri, 25 April 2014 07:50:00 GMT
> /admin/usage
Then you need to run hmac-sha1 on it, as described here:
http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html
If you have any backslash in the key then you need to remove it, it's
just an escape character for representing slashes in json.
---------- Forwarded message ----------
From: *Yehuda Sadeh* <yeh...@inktank.com <mailto:yeh...@inktank.com>>
Date: Sat, Apr 26, 2014 at 12:22 AM
Subject: Re: [ceph-users] Access denied error
To: Punit Dambiwal <hypu...@gmail.com <mailto:hypu...@gmail.com>>
Cc: "ceph-users@lists.ceph.com <mailto:ceph-users@lists.ceph.com>"
<ceph-users@lists.ceph.com <mailto:ceph-users@lists.ceph.com>>
On Fri, Apr 25, 2014 at 1:03 AM, Punit Dambiwal <hypu...@gmail.com
<mailto:hypu...@gmail.com>> wrote:
> Hi Yehuda,
>
> Thanks for your help...that missing date error gone but still i am
getting
> the access denied error :-
>
> -----------------------------
> 2014-04-25 15:52:56.988025 7f00d37c6700 1 ====== starting new request
> req=0x237a090 =====
> 2014-04-25 15:52:56.988072 7f00d37c6700 2 req 24:0.000046::GET
> /admin/usage::initializing
> 2014-04-25 15:52:56.988077 7f00d37c6700 10 host=gateway.3linux.com
<http://gateway.3linux.com>
> rgw_dns_name=gateway.3linux.com <http://gateway.3linux.com>
> 2014-04-25 15:52:56.988102 7f00d37c6700 20 FCGI_ROLE=RESPONDER
> 2014-04-25 15:52:56.988103 7f00d37c6700 20 SCRIPT_URL=/admin/usage
> 2014-04-25 15:52:56.988104 7f00d37c6700 20
> SCRIPT_URI=http://gateway.3linux.com/admin/usage
> 2014-04-25 15:52:56.988105 7f00d37c6700 20 HTTP_AUTHORIZATION=AWS
> KGXJJGKDM5G7G4CNKC7R:LC7S0twZdhtXA1XxthfMDsj5TgJpeKhZrloWa9WN
> 2014-04-25 15:52:56.988107 7f00d37c6700 20 HTTP_USER_AGENT=curl/7.22.0
> (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4
<http://1.2.3.4> libidn/1.23
> librtmp/2.3
> 2014-04-25 15:52:56.988108 7f00d37c6700 20 HTTP_ACCEPT=*/*
> 2014-04-25 15:52:56.988109 7f00d37c6700 20
HTTP_HOST=gateway.3linux.com <http://gateway.3linux.com>
> 2014-04-25 15:52:56.988110 7f00d37c6700 20 HTTP_DATE=Fri, 25 April 2014
> 07:50:00 GMT
> 2014-04-25 15:52:56.988111 7f00d37c6700 20 CONTENT_LENGTH=0
> 2014-04-25 15:52:56.988112 7f00d37c6700 20
PATH=/usr/local/bin:/usr/bin:/bin
> 2014-04-25 15:52:56.988113 7f00d37c6700 20 SERVER_SIGNATURE=
> 2014-04-25 15:52:56.988114 7f00d37c6700 20 SERVER_SOFTWARE=Apache/2.2.22
> (Ubuntu)
> 2014-04-25 15:52:56.988115 7f00d37c6700 20
SERVER_NAME=gateway.3linux.com <http://gateway.3linux.com>
> 2014-04-25 15:52:56.988116 7f00d37c6700 20 SERVER_ADDR=117.18.79.110
> 2014-04-25 15:52:56.988117 7f00d37c6700 20 SERVER_PORT=80
> 2014-04-25 15:52:56.988117 7f00d37c6700 20 REMOTE_ADDR=122.166.115.191
> 2014-04-25 15:52:56.988118 7f00d37c6700 20 DOCUMENT_ROOT=/var/www
> 2014-04-25 15:52:56.988119 7f00d37c6700 20
SERVER_ADMIN=c...@3linux.com <mailto:c...@3linux.com>
> 2014-04-25 15:52:56.988120 7f00d37c6700 20
> SCRIPT_FILENAME=/var/www/s3gw.fcgi
> 2014-04-25 15:52:56.988120 7f00d37c6700 20 REMOTE_PORT=28840
> 2014-04-25 15:52:56.988121 7f00d37c6700 20 GATEWAY_INTERFACE=CGI/1.1
> 2014-04-25 15:52:56.988122 7f00d37c6700 20 SERVER_PROTOCOL=HTTP/1.1
> 2014-04-25 15:52:56.988123 7f00d37c6700 20 REQUEST_METHOD=GET
> 2014-04-25 15:52:56.988123 7f00d37c6700 20
> QUERY_STRING=page=admin¶ms=/usage&format=json
> 2014-04-25 15:52:56.988124 7f00d37c6700 20
> REQUEST_URI=/admin/usage?format=json
> 2014-04-25 15:52:56.988125 7f00d37c6700 20 SCRIPT_NAME=/admin/usage
> 2014-04-25 15:52:56.988126 7f00d37c6700 2 req 24:0.000101::GET
> /admin/usage::getting op
> 2014-04-25 15:52:56.988129 7f00d37c6700 2 req 24:0.000104::GET
> /admin/usage:get_usage:authorizing
> 2014-04-25 15:52:56.988141 7f00d37c6700 20 get_obj_state:
> rctx=0x7effbc004aa0 obj=.users:KGXJJGKDM5G7G4CNKC7R state=0x7effbc00e718
> s->prefetch_data=0
> 2014-04-25 15:52:56.988148 7f00d37c6700 10 moving
> .users+KGXJJGKDM5G7G4CNKC7R to cache LRU end
> 2014-04-25 15:52:56.988150 7f00d37c6700 10 cache get:
> name=.users+KGXJJGKDM5G7G4CNKC7R : hit
> 2014-04-25 15:52:56.988155 7f00d37c6700 20 get_obj_state: s->obj_tag
was set
> empty
> 2014-04-25 15:52:56.988160 7f00d37c6700 10 moving
> .users+KGXJJGKDM5G7G4CNKC7R to cache LRU end
> 2014-04-25 15:52:56.988161 7f00d37c6700 10 cache get:
> name=.users+KGXJJGKDM5G7G4CNKC7R : hit
> 2014-04-25 15:52:56.988179 7f00d37c6700 20 get_obj_state:
> rctx=0x7effbc001ce0 obj=.users.uid:admin state=0x7effbc00ec58
> s->prefetch_data=0
> 2014-04-25 15:52:56.988185 7f00d37c6700 10 moving .users.uid+admin
to cache
> LRU end
> 2014-04-25 15:52:56.988186 7f00d37c6700 10 cache get:
name=.users.uid+admin
> : hit
> 2014-04-25 15:52:56.988190 7f00d37c6700 20 get_obj_state: s->obj_tag
was set
> empty
> 2014-04-25 15:52:56.988193 7f00d37c6700 10 moving .users.uid+admin
to cache
> LRU end
> 2014-04-25 15:52:56.988195 7f00d37c6700 10 cache get:
name=.users.uid+admin
> : hit
> 2014-04-25 15:52:56.988236 7f00d37c6700 10 get_canon_resource():
> dest=/admin/usage
> 2014-04-25 15:52:56.988239 7f00d37c6700 10 auth_hdr:
> GET
>
>
> Fri, 25 April 2014 07:50:00 GMT
> /admin/usage
> 2014-04-25 15:52:56.988325 7f00d37c6700 15 calculated
> digest=nLKirQEEPeSS0Lzvr52NAB2phpA=
> 2014-04-25 15:52:56.988329 7f00d37c6700 15
> auth_sign=LC7S0twZdhtXA1XxthfMDsj5TgJpeKhZrloWa9WN
> 2014-04-25 15:52:56.988330 7f00d37c6700 15 compare=-34
Still signing issues. If you're manually constructing the auth header
you need to make it look like the above (copy pasted here):
> 2014-04-25 15:52:56.988239 7f00d37c6700 10 auth_hdr:
> GET
>
>
> Fri, 25 April 2014 07:50:00 GMT
> /admin/usage
Then you need to run hmac-sha1 on it, as described here:
http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html
If you have any backslash in the key then you need to remove it, it's
just an escape character for representing slashes in json.
Yehuda
--
Regards
Shanil
_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
