Re: [ceph-users] assume_role() ：http_code 400 error

essKey and secret_Key’. > > And I am sure that the ‘tom’s key’ is correct. > > > > *发件人**: *Yuan Minghui > *日期**: *2019年5月28日 星期二 上午11:35 > *收件人**: *Pritha Srivastava > *抄送**: *"ceph-users@lists.ceph.com" > *主题**: *[ceph-users] assume_role() ：http_code 400 e

Re: [ceph-users] assume_role() ：http_code 405 error

t. > > kyle > > > > *发件人**: *Pritha Srivastava > *日期**: *2019年5月23日 星期四 上午11:49 > *收件人**: *Yuan Minghui > *抄送**: *"ceph-users@lists.ceph.com" > *主题**: *Re: [ceph-users] assume_role() ：http_code 405 error > > > > Hello, > > It looks like

Re: [ceph-users] assume_role() ：http_code 405 error

Hello, It looks like the version that you are trying this on, doesn't support AssumeRole or STS. What version of Ceph are you using? Thanks, Pritha On Thu, May 23, 2019 at 9:10 AM Yuan Minghui wrote: > Hello : > >When I try to make a secure-temp-sesstion(STS), I try the following >

Re: [ceph-users] Could someone can help me to solve this problem about ceph-STS(secure token session)

Hello Yuan, While creating the role, can you try setting the Principal to the user you want the role to be assumed by, and the Action to - sts:AssumeRole, like below: policy_document =

Re: [ceph-users] How to attach permission policy to user?

gt; /?Action=PutUserPolicy=Policy1=TESTER={"Version":"2012-10-17","Statement":[{"Effect":"Deny","Action":"s3:*","Resource":["*"],"Condition":{"BoolIfExists":{"sts:authentication&q

Re: [ceph-users] How to attach permission policy to user?

*发件人：* myxingkong > *发送时间：* 2019-03-11 18:13:33 > *收件人：* prsri...@redhat.com > *抄送：* ceph-users@lists.ceph.com > *主题：* Re: [ceph-users] How to attach permission policy to user? > > Hi Pritha: > > This is the documentation for configuring restful modules: > http://docs.cep

Re: [ceph-users] How to attach permission policy to user?

/docs/nautilus/radosgw/STSLite/ > > My version of ceph is: ceph version 14.1.0 > (adfd524c32325562f61c055a81dba4cb1b117e84) nautilus (dev) > > Thanks, > myxingkong > On 3/11/2019 18:06，Pritha Srivastava > wrote： > > Hi Myxingkong, > > Can you explain what you

Re: [ceph-users] How to attach permission policy to user?

Hi Myxingkong, Can you explain what you mean by 'enabling restful modules', particularly which document are you referring to? Right now there is no other way to attach a permission policy to a user. There is work in progress for adding functionality to RGW using which such calls can be scripted

Re: [ceph-users] GetRole Error:405 Method Not Allowed

A separate 'iam' namespace is still not supported in RGW, hence the REST APIs for Roles using boto will not work. The REST APIs have been tested using another client (s3curl) for the time being. On Thu, Mar 7, 2019 at 12:00 PM myxingkong wrote: > > I created a role and attached a permission

Re: [ceph-users] How to use STS Lite correctly?

Botocore/1.12.106 > > > Action=AssumeRole=3600=arn%3Aaws%3Aiam%3A%3A%3Arole%2Fapplication_abc%2Fcomponent_xyz%2Fcgtw-STS=2011-06-15=Bob > > > Response: > > > AccessDenied > tx00010-005c7de39f-1217e-default > 1217e-default-default > > > C

Re: [ceph-users] How to use STS Lite correctly?

There are two steps that have to be performed before calling AssumeRole: 1. A role named S3Access needs to be created to which it is mandatory to attach an assume role policy document. For example, radosgw-admin role create --role-name=S3Access --path=/application_abc/component_xyz/

Re: [ceph-users] [Ceph-community] How does ceph use the STS service?

Sorry I overlooked the ceph versions in the email. STS Lite is not a part of ceph version 12.2.11 or ceph version 13.2.2. Thanks, Pritha On Wed, Feb 27, 2019 at 9:09 PM Pritha Srivastava wrote: > You need to attach a policy to be able to invoke GetSessionToken. Please > read the documen

Re: [ceph-users] [Ceph-community] How does ceph use the STS service?

You need to attach a policy to be able to invoke GetSessionToken. Please read the documentation below at: https://github.com/ceph/ceph/pull/24818/commits/512b6d8bd951239d44685b25dccaf904f19872b2 Thanks, Pritha On Wed, Feb 27, 2019 at 8:59 PM Sage Weil wrote: > Moving this to ceph-users. > >

Re: [ceph-users] Bucket policies in Luminous

- Original Message - > From: "Pritha Srivastava" <prsri...@redhat.com> > To: "Graham Allan" <g...@umn.edu> > Cc: "Adam C. Emerson" <aemer...@redhat.com>, "Ceph Users" > <ceph-users@lists.ceph.com> > Sent

Re: [ceph-users] Bucket policies in Luminous

- Original Message - > From: "Graham Allan" <g...@umn.edu> > To: "Pritha Srivastava" <prsri...@redhat.com>, "Adam C. Emerson" > <aemer...@redhat.com> > Cc: "Ceph Users" <ceph-users@lists.ceph.com> > Sen

Re: [ceph-users] Bucket policies in Luminous

- Original Message - > From: "Adam C. Emerson" > To: "Graham Allan" > Cc: "Ceph Users" > Sent: Thursday, July 13, 2017 1:23:27 AM > Subject: Re: [ceph-users] Bucket policies in Luminous > > Graham Allan Wrote: > > I thought

Re: [ceph-users] how to get radosgw ops log

- Original Message - > From: "码云" > To: "ceph-users" > Sent: Thursday, March 30, 2017 9:25:54 AM > Subject: [ceph-users] how to get radosgw ops log > > Hi all, > I have configured "rgw enable ops log = true" in ceph.conf, > and now i

Re: [ceph-users] Jewel Multisite RGW Memory Issues

Corrected the formatting of the e-mail sent earlier. - Original Message - > From: "Pritha Srivastava" <prsri...@redhat.com> > To: ceph-users@lists.ceph.com > Sent: Monday, June 27, 2016 9:15:36 AM > Subject: Re: [ceph-users] Jewel Multisite RGW Memory Issu

Re: [ceph-users] Jewel Multisite RGW Memory Issues

I have 2 distinct clusters configured, in 2 different locations, and 1 zonegroup. Cluster 1 has ~11TB of data currently on it, S3 / Swift backups via the duplicity backup tool - each file is 25Mb and probably 20% are multipart uploads from S3 (so 4Mb stripes) - in total 3217kobjects. This