Also what version of s3cmd you are using ?? To me the error “S3 error: 403 (SignatureDoesNotMatch)” seems to be from s3cmd side rather RGW.
But lets diagnose. **************************************************************** Karan Singh Systems Specialist , Storage Platforms CSC - IT Center for Science, Keilaranta 14, P. O. Box 405, FIN-02101 Espoo, Finland mobile: +358 503 812758 tel. +358 9 4572001 fax +358 9 4572302 http://www.csc.fi/ **************************************************************** > On 13 Apr 2015, at 15:43, Karan Singh <karan.si...@csc.fi> wrote: > > You can give a try with swift API as well. > > **************************************************************** > Karan Singh > Systems Specialist , Storage Platforms > CSC - IT Center for Science, > Keilaranta 14, P. O. Box 405, FIN-02101 Espoo, Finland > mobile: +358 503 812758 > tel. +358 9 4572001 > fax +358 9 4572302 > http://www.csc.fi/ <http://www.csc.fi/> > **************************************************************** > >> On 13 Apr 2015, at 15:19, Francois Lafont <flafdiv...@free.fr >> <mailto:flafdiv...@free.fr>> wrote: >> >> Karan Singh wrote: >> >>> Things you can check >>> >>> * Is RGW node able to resolve bucket-2.ostore.athome.priv , try ping >>> bucket-2.ostore.athome.priv >> >> Yes, my DNS configuration is ok. In fact, I test s3cmd directly >> on my radosgw (its hostname is "ceph-radosgw1" but its fqdn is >> "ostore.athome.priv"): >> >> ----------------------------------- >> ~# hostname >> ceph-radosgw1 >> >> ~# ip addr show dev eth0 | grep 'inet ' >> inet 172.31.10.6/16 brd 172.31.255.255 scope global eth0 >> >> ~# dig +short ostore.athome.priv \ >> bucket-2.ostore.athome.priv \ >> foo.ostore.athome.priv \ >> bar.ostore.athome.priv \ >> hjffhkj.ostore.athome.priv >> 172.31.10.6 >> 172.31.10.6 >> 172.31.10.6 >> 172.31.10.6 >> 172.31.10.6 >> >> ~# getent hosts ostore.athome.priv >> 172.31.10.6 ostore.athome.priv >> >> ~# getent hosts jfkjfl.ostore.athome.priv >> 172.31.10.6 jfkjfl.ostore.athome.priv >> ----------------------------------- >> >>> * Is # s3cmd ls working or throwing errors ? >> >> It doesn't work after upgrading with Hammer too. More >> precisely, in Firefly radosgw, It works: >> >> ----------------------------------- >> ~# s3cmd ls s3://bucket <s3://bucket> >> 2015-04-12 23:35 735985664 s3://bucket/les_evades.avi >> <s3://bucket/les_evades.avi> >> >> ~# s3cmd ls >> 2015-04-12 23:28 s3://bucket <s3://bucket> >> ----------------------------------- >> >> But after the upgrade to Hammer, it doesn't work: >> >> ----------------------------------- >> ~# s3cmd ls s3://bucket <s3://bucket> >> ERROR: S3 error: 403 (SignatureDoesNotMatch): >> >> ~# s3cmd ls >> 2015-04-12 23:28 s3://bucket <s3://bucket> >> ----------------------------------- >> >> As you can see, the second command works but not the first. >> [1] At the end of this message, I put the output of the first >> command with the debug option, just in case. >> >>> Are you sure the below entries are correct ? Generally host_base and >>> host_bucket should point to RGW FQDN in your case ceph-radosgw1 FQDN . >>> ostore.athome.priv looks like a different host to me. >>> >>> host_base->ostore.athome.priv >>> host_bucket->%(bucket)s.ostore.athome.priv >> >> For me it's ok: >> >> ----------------------------------- >> ~# grep 'host_' ~/.s3cfg >> host_base = ostore.athome.priv >> host_bucket = %(bucket)s.ostore.athome.priv >> ----------------------------------- >> >> And ostore.athome.priv is really my radosgw (see the dig >> commands above). And when I try a s3cmd command, I can >> see new lines in the apache logs of my radosgw. >> >> Thanks for your help Karan. >> >> [1] >> >> ----------------------------------- >> ~# s3cmd -d ls s3://bucket <s3://bucket> >> DEBUG: ConfigParser: Reading file '/root/.s3cfg' >> DEBUG: ConfigParser: bucket_location->US >> DEBUG: ConfigParser: cloudfront_host->ostore.athome.priv >> DEBUG: ConfigParser: default_mime_type->binary/octet-stream >> DEBUG: ConfigParser: delete_removed->False >> DEBUG: ConfigParser: dry_run->False >> DEBUG: ConfigParser: enable_multipart->True >> DEBUG: ConfigParser: encoding->UTF-8 >> DEBUG: ConfigParser: encrypt->False >> DEBUG: ConfigParser: follow_symlinks->False >> DEBUG: ConfigParser: force->False >> DEBUG: ConfigParser: get_continue->False >> DEBUG: ConfigParser: gpg_command->/usr/bin/gpg >> DEBUG: ConfigParser: gpg_decrypt->%(gpg_command)s -d --verbose >> --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o >> %(output_file)s %(input_file)s >> DEBUG: ConfigParser: gpg_encrypt->%(gpg_command)s -c --verbose >> --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o >> %(output_file)s %(input_file)s >> DEBUG: ConfigParser: gpg_passphrase->...-3_chars... >> DEBUG: ConfigParser: guess_mime_type->True >> DEBUG: ConfigParser: host_base->ostore.athome.priv >> DEBUG: ConfigParser: access_key->1Q...17_chars...Y >> DEBUG: ConfigParser: secret_key->92...37_chars...W >> DEBUG: ConfigParser: host_bucket->%(bucket)s.ostore.athome.priv >> DEBUG: ConfigParser: human_readable_sizes->False >> DEBUG: ConfigParser: invalidate_on_cf->False >> DEBUG: ConfigParser: list_md5->False >> DEBUG: ConfigParser: log_target_prefix-> >> DEBUG: ConfigParser: mime_type-> >> DEBUG: ConfigParser: multipart_chunk_size_mb->15 >> DEBUG: ConfigParser: preserve_attrs->True >> DEBUG: ConfigParser: progress_meter->True >> DEBUG: ConfigParser: proxy_host-> >> DEBUG: ConfigParser: proxy_port->0 >> DEBUG: ConfigParser: recursive->False >> DEBUG: ConfigParser: recv_chunk->4096 >> DEBUG: ConfigParser: reduced_redundancy->False >> DEBUG: ConfigParser: send_chunk->4096 >> DEBUG: ConfigParser: simpledb_host->ostore.athome.priv >> DEBUG: ConfigParser: skip_existing->False >> DEBUG: ConfigParser: socket_timeout->300 >> DEBUG: ConfigParser: urlencoding_mode->normal >> DEBUG: ConfigParser: use_https->False >> DEBUG: ConfigParser: verbosity->WARNING >> DEBUG: ConfigParser: website_endpoint->http://%(bucket)s.ostore.athome.priv >> <http://%(bucket)s.ostore.athome.priv> >> DEBUG: ConfigParser: website_error-> >> DEBUG: ConfigParser: website_index->index.html >> DEBUG: Updating Config.Config encoding -> UTF-8 >> DEBUG: Updating Config.Config follow_symlinks -> False >> DEBUG: Updating Config.Config verbosity -> 10 >> DEBUG: Unicodising 'ls' using UTF-8 >> DEBUG: Unicodising 's3://bucket' <s3://bucket'> using UTF-8 >> DEBUG: Command: ls >> DEBUG: Bucket 's3://bucket': <s3://bucket':> >> DEBUG: SignHeaders: 'GET\n\n\n\nx-amz-date:Mon, 13 Apr 2015 12:15:16 >> +0000\n/bucket/' >> DEBUG: CreateRequest: resource[uri]=/ >> DEBUG: SignHeaders: 'GET\n\n\n\nx-amz-date:Mon, 13 Apr 2015 12:15:16 >> +0000\n/bucket/' >> DEBUG: Processing request, please wait... >> DEBUG: get_hostname(bucket): bucket.ostore.athome.priv >> DEBUG: format_uri(): /?delimiter=/ >> DEBUG: Sending request method_string='GET', uri='/?delimiter=/', >> headers={'content-length': '0', 'Authorization': 'AWS >> 1QU7QGCIPM8NC4HE3VMY:mICckIc15h0xIHkpCUhguNqnhRo=', 'x-amz-date': 'Mon, 13 >> Apr 2015 12:15:16 +0000'}, body=(0 bytes) >> DEBUG: Response: {'status': 403, 'headers': {'date': 'Mon, 13 Apr 2015 >> 12:15:16 GMT', 'accept-ranges': 'bytes', 'content-type': 'application/xml', >> 'content-length': '87', 'server': 'Apache/2.4.7 (Ubuntu)'}, 'reason': >> 'Forbidden', 'data': '<?xml version="1.0" >> encoding="UTF-8"?><Error><Code>SignatureDoesNotMatch</Code></Error>'} >> DEBUG: S3Error: 403 (Forbidden) >> DEBUG: HttpHeader: date: Mon, 13 Apr 2015 12:15:16 GMT >> DEBUG: HttpHeader: accept-ranges: bytes >> DEBUG: HttpHeader: content-type: application/xml >> DEBUG: HttpHeader: content-length: 87 >> DEBUG: HttpHeader: server: Apache/2.4.7 (Ubuntu) >> DEBUG: ErrorXML: Code: 'SignatureDoesNotMatch' >> ERROR: S3 error: 403 (SignatureDoesNotMatch): >> ----------------------------------- >> >> -- >> François Lafont >> _______________________________________________ >> ceph-users mailing list >> ceph-users@lists.ceph.com <mailto:ceph-users@lists.ceph.com> >> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
