[ceph-users] Re: [Suspicious newsletter] radosgw-admin realm pull from the secondary site fails "(13) Permission denied"

2021-01-23 Thread Hayashida, Mami 
No, there is no proxy on either end.

*Mami Hayashida*
*Research Computing Associate*
Univ. of Kentucky ITS Research Computing Infrastructure



On Sat, Jan 23, 2021 at 8:22 AM Szabo, Istvan (Agoda) <
istvan.sz...@agoda.com> wrote:

> CAUTION: External Sender
>
>
> Hi,
>
> If you are using proxy, try to disable it.
>
> Istvan Szabo
> Senior Infrastructure Engineer
> ---
> Agoda Services Co., Ltd.
> e: istvan.sz...@agoda.com
> ---
>
> On 2021. Jan 23., at 1:45, Hayashida, Mami  wrote:
>
> Email received from outside the company. If in doubt don't click links
> nor open attachments!
> 
>
> I have been trying to create two virtual test clusters to learn about the
> RGW multisite setting.  So far, I have set up two small Nautilus
> (v.14.2.16) clusters, designated one of them as the "master zone site" and
> followed every step outlined in the doc (
> https://docs.ceph.com/en/nautilus/radosgw/multisite/), including create a
> system user, updating the period, and restarting the rgw daemon.  (For the
> sake of simplicity, there is only one RGW daemon running on each site.)
>
> Once I installed the RGW daemon on the secondary zone site, I tried pulling
> the realm from the master zone cluster, but ended up with this:
>
> ```
> $ radosgw-admin realm pull --url=http://:80
> --access-key=  --secret=
> request failed: (13) Permission denied
> If the realm has been changed on the master zone, the master zone's gateway
> may need to be restarted to recognize this user.
> ```
> I tried adding the --rgw-realm=, but the
> result was the same.   I restarted the rgw daemon on both sides -- that did
> not help, either.
>
> The output of all of the following on the master zone side, as far as I
> could tell, seems correct -- the realm, zonegroup, zone I created are the
> only ones and set to default.
> ```
> radosgw-admin zone/zonegroup/realm list
> radosgw-admin zone/zonegroup/realm get
> ```
>
> On the "master zone" side, the rgw log shows
> ```
> 2021-01-22 13:34:48.404 7fb9ca89e700  1 == starting new request
> req=0x7fb9ca897740 =
> 2021-01-22 13:34:48.428 7fb9ca89e700  1 == req done req=0x7fb9ca897740
> op status=0 http_status=403 latency=0.0240002s ==
> 2021-01-22 13:34:48.428 7fb9ca89e700  1 civetweb: 0x559d6509a000:
> 10.33.30.55 - - [22/Jan/2021:13:34:48 -0500] "GET /admin/realm HTTP/1.1"
> 403 318 - -
> ```
>
> I am using Ubuntu 18.04, Ceph v.14.2.16, deployed using `ceph-deploy`.
>
> *Mami Hayashida*
> *Research Computing Associate*
> Univ. of Kentucky ITS Research Computing Infrastructure
> ___
> ceph-users mailing list -- ceph-users@ceph.io
> To unsubscribe send an email to ceph-users-le...@ceph.io
>
> 
> This message is confidential and is for the sole use of the intended
> recipient(s). It may also be privileged or otherwise protected by copyright
> or other legal rules. If you have received it by mistake please let us know
> by reply email and delete it from your system. It is prohibited to copy
> this message or disclose its content to anyone. Any confidentiality or
> privilege is not waived or lost by any mistaken delivery or unauthorized
> disclosure of the message. All messages sent to and from Agoda may be
> monitored to ensure compliance with company policies, to protect the
> company's interests and to remove potential malware. Electronic messages
> may be intercepted, amended, lost or deleted, or contain viruses.
>
___
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io

[ceph-users] Re: [Suspicious newsletter] radosgw-admin realm pull from the secondary site fails "(13) Permission denied"

2021-01-23 Thread Szabo, Istvan (Agoda) 
Hi,

If you are using proxy, try to disable it.

Istvan Szabo
Senior Infrastructure Engineer
---
Agoda Services Co., Ltd.
e: istvan.sz...@agoda.com
---

On 2021. Jan 23., at 1:45, Hayashida, Mami  wrote:

Email received from outside the company. If in doubt don't click links nor 
open attachments!


I have been trying to create two virtual test clusters to learn about the
RGW multisite setting.  So far, I have set up two small Nautilus
(v.14.2.16) clusters, designated one of them as the "master zone site" and
followed every step outlined in the doc (
https://docs.ceph.com/en/nautilus/radosgw/multisite/), including create a
system user, updating the period, and restarting the rgw daemon.  (For the
sake of simplicity, there is only one RGW daemon running on each site.)

Once I installed the RGW daemon on the secondary zone site, I tried pulling
the realm from the master zone cluster, but ended up with this:

```
$ radosgw-admin realm pull --url=http://:80
--access-key=  --secret=
request failed: (13) Permission denied
If the realm has been changed on the master zone, the master zone's gateway
may need to be restarted to recognize this user.
```
I tried adding the --rgw-realm=, but the
result was the same.   I restarted the rgw daemon on both sides -- that did
not help, either.

The output of all of the following on the master zone side, as far as I
could tell, seems correct -- the realm, zonegroup, zone I created are the
only ones and set to default.
```
radosgw-admin zone/zonegroup/realm list
radosgw-admin zone/zonegroup/realm get
```

On the "master zone" side, the rgw log shows
```
2021-01-22 13:34:48.404 7fb9ca89e700  1 == starting new request
req=0x7fb9ca897740 =
2021-01-22 13:34:48.428 7fb9ca89e700  1 == req done req=0x7fb9ca897740
op status=0 http_status=403 latency=0.0240002s ==
2021-01-22 13:34:48.428 7fb9ca89e700  1 civetweb: 0x559d6509a000:
10.33.30.55 - - [22/Jan/2021:13:34:48 -0500] "GET /admin/realm HTTP/1.1"
403 318 - -
```

I am using Ubuntu 18.04, Ceph v.14.2.16, deployed using `ceph-deploy`.

*Mami Hayashida*
*Research Computing Associate*
Univ. of Kentucky ITS Research Computing Infrastructure
___
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io


This message is confidential and is for the sole use of the intended 
recipient(s). It may also be privileged or otherwise protected by copyright or 
other legal rules. If you have received it by mistake please let us know by 
reply email and delete it from your system. It is prohibited to copy this 
message or disclose its content to anyone. Any confidentiality or privilege is 
not waived or lost by any mistaken delivery or unauthorized disclosure of the 
message. All messages sent to and from Agoda may be monitored to ensure 
compliance with company policies, to protect the company's interests and to 
remove potential malware. Electronic messages may be intercepted, amended, lost 
or deleted, or contain viruses.
___
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io