[Ceph Rados Gateway] 403 when using S3 client

Jonathan Rosser jonathan.rosser at rd.bbc.co.uk
Wed Mar 30 08:43:51 UTC 2022


Hi Jean-Francois.

I have the following difference to your config:

rgw keystone url = http://xx.xx.xx.xx:5000

The normal OSA loadbalancer setup would have the keystone service on 
port 5000.

Jonathan.

On 30/03/2022 09:24, Taltavull Jean-François wrote:
>
> Hi Dmitriy,
>
> I just tried with s3cmd but I still get a 403.
>
> Here is the rgw section of ceph.conf:
>
> rgw_keystone_url = http://xxxxx.xxxx.xxx/identity
>
> rgw_keystone_api_version = 3
>
> rgw_keystone_admin_user = radosgw
>
> rgw_keystone_admin_password = xxxxxxxxxxxxxxxxxxxxxxxxx
>
> rgw_keystone_admin_project = service
>
> rgw_keystone_admin_domain = default
>
> rgw_keystone_accepted_roles = member, _member_, admin, swiftoperator
>
> rgw_keystone_accepted_admin_roles = ResellerAdmin
>
> rgw_keystone_implicit_tenants = true
>
> rgw_swift_account_in_url = true
>
> rgw_swift_versioning_enabled = true
>
> rgw_enable_apis = swift,s3
>
> rgw_s3_auth_use_keystone = true
>
> *From:*Dmitriy Rabotyagov <noonedeadpunk at ya.ru>
> *Sent:* mardi, 29 mars 2022 18:49
> *To:* openstack-discuss <openstack-discuss at lists.openstack.org>
> *Subject:* Re: [Ceph Rados Gateway] 403 when using S3 client
>
> 	
>
> */EXTERNAL MESSAGE /*- This email comes from *outside ELCA companies*.
>
> - все
>
> Hi Jean-Francois.
>
> It's quite hard to understand what exactly could went wrong based on 
> the information you've provided.
>
> Highly likely it's related to the RGW configuration itself and it's 
> integration with keystone to be specific.
>
> Would be helpful if you could provide your ceph.conf regarding rgw 
> configuration.
>
> I'm also not 100% sure if awscli does work with RGW... At least I 
> always used s3cmd or rclone to interact with RGW S3 API.
>
> 29.03.2022, 16:36, "Taltavull Jean-François" 
> <jean-francois.taltavull at elca.ch>:
>
>     Hi All,
>
>     I get an http 403 error code when I try to get the bucket list
>     with Ubuntu (Focal) S3 client (awscli).
>
>     S3 api has been activated in radosgw config file and EC2
>     credentials have been created and put in S3 client config file.
>
>     Otherwise, everything is working fine with OpenStack client.
>
>     My deployment:
>     - OSA 23.2.0
>     - OpenStack Wallaby
>     - Ceph and Rados GW Octopus
>
>     Has any of you already experienced this kind of behaviour ?
>
>     Many thanks,
>     Jean-Francois
>
> -- 
> Kind Regards,
>
> Dmitriy Rabotyagov
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20220330/f1dd82d3/attachment.htm>


More information about the openstack-discuss mailing list