I forgot to reply all. On Wed, Nov 11, 2015 at 10:58 PM, Kazuhiro Suzuki <k...@basho.com> wrote: > One possibility is that riak_cs and stanchion have different admin.key > and admin secret. So, please make sure whether your riak-cs.conf and > stanchion.conf have the same admin.key and admin.secret. If not, > stanchion responds 403 as a signature does not match. > > On Wed, Nov 11, 2015 at 5:12 PM, 野島 裕輔 <yusuke-noj...@cybozu.co.jp> wrote: >> I have installed the Riak, Stanchion and Riak CS to Ubuntu 14.04, and >> created an admin user. >> Then I attempted to create the new bucket with s3cmd, but it resulted in >> AccessDenied error. >> >> I tried the solution of >> http://riak-users.197444.n3.nabble.com/RIAK-CS-Unable-to-create-bucket-using-s3cmd-AccessDenied-td4032375.html, >> but still does not work. >> >> I found another thread >> http://riak-users.197444.n3.nabble.com/ERROR-S3-error-403-AccessDenied-Access-Denied-with-s3cmd-tt4033610.html, >> but no one answered the thread. >> >> Any ideas what was wrong with my setup? >> Thanks for the help in advance. >> >> ------------------------- >> $ s3cmd mb s3://test >> DEBUG: Updating Config.Config encoding -> UTF-8 >> DEBUG: Updating Config.Config follow_symlinks -> False >> DEBUG: Updating Config.Config verbosity -> 30 >> DEBUG: Unicodising 'mb' using UTF-8 >> DEBUG: Unicodising 's3://test' using UTF-8 >> DEBUG: Command: mb >> DEBUG: SignHeaders: 'PUT\n\n\n\nx-amz-date:Wed, 11 Nov 2015 07:36:55 >> +0000\n/test/' >> DEBUG: CreateRequest: resource[uri]=/ >> DEBUG: SignHeaders: 'PUT\n\n\n\nx-amz-date:Wed, 11 Nov 2015 07:36:55 >> +0000\n/test/' >> DEBUG: Processing request, please wait... >> DEBUG: get_hostname(test): test.s3.amazonaws.com >> DEBUG: format_uri(): http://test.s3.amazonaws.com/ >> DEBUG: Sending request method_string='PUT', >> uri='http://test.s3.amazonaws.com/', headers={'content-length': '0', >> 'Authorization': 'AWS LS_P9JF815TCCKTFOD4O:USeKvJH40fSHJy8kZFnRyJxGgcY=', >> 'x-amz-date': 'Wed, 11 Nov 2015 07:36:55 +0000'}, body=(0 bytes) >> DEBUG: Response: {'status': 403, 'headers': {'date': 'Wed, 11 Nov 2015 >> 07:36:55 GMT', 'content-length': '159', 'content-type': 'application/xml', >> 'server': 'Riak CS'}, 'reason': 'Forbidden', 'data': '<?xml version="1.0" >> encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access >> Denied</Message><Resource>/test</Resource><RequestId></RequestId></Error>'} >> DEBUG: S3Error: 403 (Forbidden) >> DEBUG: HttpHeader: date: Wed, 11 Nov 2015 07:36:55 GMT >> DEBUG: HttpHeader: content-length: 159 >> DEBUG: HttpHeader: content-type: application/xml >> DEBUG: HttpHeader: server: Riak CS >> DEBUG: ErrorXML: Code: 'AccessDenied' >> DEBUG: ErrorXML: Message: 'Access Denied' >> DEBUG: ErrorXML: Resource: '/test' >> DEBUG: ErrorXML: RequestId: None >> ERROR: Access to bucket 'test' was denied >> >> ------------------------- >> /var/log/stanchion/console.log says that the presented signature does not >> match: >> >> 2015-11-11 07:36:55.683 [debug] <0.169.0>@stanchion_auth:authenticate:41 >> Presented Signature: "rVYpULyFn0zsqUhizDUlQI+LfzA=" >> Calculated Signature: "aHCNYOFa7XT8PKS64fKNYyh7JGc=" >> >> ------------------------- >> My .s3cfg looks like: >> >> [default] >> access_key = LS_P9JF815TCCKTFOD4O >> bucket_location = US >> cloudfront_host = cloudfront.amazonaws.com >> default_mime_type = binary/octet-stream >> delete_removed = False >> dry_run = False >> enable_multipart = True >> encoding = UTF-8 >> encrypt = False >> follow_symlinks = False >> force = False >> get_continue = False >> gpg_command = /usr/bin/gpg >> gpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes >> --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s >> gpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes >> --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s >> gpg_passphrase = cybozu123 >> guess_mime_type = True >> host_base = s3.amazonaws.com >> host_bucket = %(bucket)s.s3.amazonaws.com >> human_readable_sizes = False >> invalidate_on_cf = False >> list_md5 = False >> log_target_prefix = >> mime_type = >> multipart_chunk_size_mb = 15 >> preserve_attrs = True >> progress_meter = True >> proxy_host = 127.0.0.1 >> proxy_port = 8080 >> recursive = False >> recv_chunk = 4096 >> reduced_redundancy = False >> secret_key = dz0oUJqZBowOmTobwyaCaZcrO7PgL69ArCSnfQ== >> send_chunk = 4096 >> simpledb_host = sdb.amazonaws.com >> skip_existing = False >> socket_timeout = 300 >> urlencoding_mode = normal >> use_https = False >> verbosity = DEBUG >> website_endpoint = http://%(bucket)s.s3-website-%(location)s.amazonaws.com/ >> website_error = >> website_index = index.html >> signature_v2 = True >> >> >> ------------------------- >> Versions: >> >> riak: 2.0.5 >> riak-cs: 2.0.1 >> stanchion: 2.0.0 >> s3cmd: 1.1.0-beta3 >> >> ------------------------- >> Traffic between Riak CS and Stanchion aquired by tcpdump is: >> >> POST /buckets HTTP/1.1 >> content-type: application/json >> content-md5: owB6xF/s2H7XLFzMR3vYnw== >> content-length: 462 >> te: >> host: 127.0.0.1:8085 >> authorization: MOSS LS_P9JF815TCCKTFOD4O:rVYpULyFn0zsqUhizDUlQI+LfzA= >> date: Wed, 11 Nov 2015 07:36:55 GMT >> connection: keep-alive >> >> {"bucket":"test","requester":"LS_P9JF815TCCKTFOD4O","acl":{"version":1,"owner":{"display_name":"yusuke-nojima","canonical_id":"7a48a8c7c33b1f9e72793cd06e4ca9b505389543bf17f3c056be289d17d10bc0","key_id":"LS_ >> P9JF815TCCKTFOD4O"},"grants":[{"display_name":"yusuke-nojima","canonical_id":"7a48a8c7c33b1f9e72793cd06e4ca9b505389543bf17f3c056be289d17d10bc0","permissions":["FULL_CONTROL"]}],"creation_time":{"mega_seconds":1447,"seconds":227415,"micro_seconds":682371}}} >> >> >> HTTP/1.1 403 Forbidden >> Server: MochiWeb/1.1 WebMachine/1.10.8 (that head fake, tho) >> Date: Wed, 11 Nov 2015 07:36:55 GMT >> Content-Length: 162 >> >> <?xml version="1.0" >> encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access >> Denied</Message><Resource>/test</Resource><RequestId></RequestId></Error> >> >> >> ------------------------- >> "s3cmd ls" works fine: >> >> $ s3cmd ls >> DEBUG: Updating Config.Config encoding -> UTF-8 >> DEBUG: Updating Config.Config follow_symlinks -> False >> DEBUG: Updating Config.Config verbosity -> 30 >> DEBUG: Unicodising 'ls' using UTF-8 >> DEBUG: Command: ls >> DEBUG: SignHeaders: 'GET\n\n\n\nx-amz-date:Wed, 11 Nov 2015 07:47:00 >> +0000\n/' >> DEBUG: CreateRequest: resource[uri]=/ >> DEBUG: SignHeaders: 'GET\n\n\n\nx-amz-date:Wed, 11 Nov 2015 07:47:00 >> +0000\n/' >> DEBUG: Processing request, please wait... >> DEBUG: get_hostname(None): s3.amazonaws.com >> DEBUG: format_uri(): http://s3.amazonaws.com/ >> DEBUG: Sending request method_string='GET', uri='http://s3.amazonaws.com/', >> headers={'content-length': '0', 'Authorization': 'AWS >> LS_P9JF815TCCKTFOD4O:y6iQZ6mli0mMQ7n7V/a1hJti0r8=', 'x-amz-date': 'Wed, 11 >> Nov 2015 07:47:00 +0000'}, body=(0 bytes) >> DEBUG: Response: {'status': 200, 'headers': {'date': 'Wed, 11 Nov 2015 >> 07:47:00 GMT', 'content-length': '273', 'content-type': 'application/xml', >> 'server': 'Riak CS'}, 'reason': 'OK', 'data': '<?xml version="1.0" >> encoding="UTF-8"?><ListAllMyBucketsResult >> xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>7a48a8c7c33b1f9e72793cd06e4ca9b505389543bf17f3c056be289d17d10bc0</ID><DisplayName>yusuke-nojima</DisplayName></Owner><Buckets/></ListAllMyBucketsResult>'} >> >> ------------------------- >> >> _______________________________________________ >> riak-users mailing list >> riak-users@lists.basho.com >> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com > > > > -- > Kazuhiro Suzuki | Basho Japan KK
-- Kazuhiro Suzuki | Basho Japan KK _______________________________________________ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com