Unable to configure Riak-CS-Control to manage users

Siddhu Warrier (siwarrie) siwarrie at cisco.com
Wed Oct 9 11:16:26 EDT 2013


Hi Dmitri,

Thanks again for your rapid reply!

1, 2) I have attached my riak, stanchion, riak-cs and riak-cs-control app.config files here
3)
Things that work with s3cmd (s3 config attached):

  *   Create a bucket, upload a file, download a file, delete buckets recursively, list contents of buckets

[root at cpn-int-store-03 ~]# s3cmd mb s3://cloudcuckooland
Bucket 's3://cloudcuckooland/' created
[root at cpn-int-store-03 ~]# s3cmd put cobbler.ks s3://cloudcuckooland/shoemaker
cobbler.ks -> s3://cloudcuckooland/shoemaker  [1 of 1]
 6964 of 6964   100% in    0s   114.14 kB/s  done
[root at cpn-int-store-03 ~]# s3cmd la
2013-10-09 14:47      6964   s3://cloudcuckooland/shoemaker

[root at cpn-int-store-03 ~]# s3cmd get s3://cloudcuckooland/shoemaker /tmp/shoemaker.tmp
s3://cloudcuckooland/shoemaker -> /tmp/shoemaker.tmp  [1 of 1]
 6964 of 6964   100% in    0s   659.50 kB/s  done
[root at cpn-int-store-03 ~]# s3cmd rb --force s3://cloudcuckooland
WARNING: Bucket is not empty. Removing all the objects from it first. This may take some time...
File s3://cloudcuckooland/shoemaker deleted
Bucket 's3://cloudcuckooland/' removed

Things that do not work:

  *   Riak CS Control: Create user
  *   Riak CS Control: List users

Note: With anonymous user creation set to true, I was able to view information about users and modify them.

I was however able to view the information about a particular user.
[root at cpn-int-store-03 ~]# s3cmd get s3://riak-cs/user -
s3://riak-cs/user -> <stdout>  [1 of 1]
<?xml version="1.0" encoding="UTF-8"?><User><Email>xxxx at cisco.com</Email><DisplayName>xxxxx</DisplayName><Name>Rory Irvine</Name><KeyId>5VI-NIFLNIHKRNGKPBVX</KeyId><KeySec 338 of 338   100% in    0s     4.57 kB/s  doneeySecret><Id>c26c71a140f18b6853b45fd3ce4a672e0471b62a04920c2a77def7a0bfbcde0d</Id><Status>enabled</Status></User>
[root at cpn-int-store-03 ~]# s3cmd get s3://riak-cs/user/9UND62Q1-EIDE9YO1GI0  -
s3://riak-cs/user/9UND62Q1-EIDE9YO1GI0 -> <stdout>  [1 of 1]
<?xml version="1.0" encoding="UTF-8"?><User><Email>foobar at example.com</Email><DisplayName>foobar</DisplayName><Name>foo bar</Name><KeyId>9UND62Q1-EIDE9YO1GI0</KeyId><KeySecret>4o 333 of 333   100% in    0s    43.04 kB/s  doneet><Id>6057fd7d3a7c43b06f839441585d35de197baa57a4696318803afd81c5887aec</Id><Status>disabled</Status></User>

Thanks,

Siddhu

From: Dmitri Zagidulin <dzagidulin at basho.com<mailto:dzagidulin at basho.com>>
Date: Wednesday, 9 October 2013 16:02
To: Siddhu Warrier <siwarrie at cisco.com<mailto:siwarrie at cisco.com>>
Cc: "riak-users at lists.basho.com<mailto:riak-users at lists.basho.com>" <riak-users at lists.basho.com<mailto:riak-users at lists.basho.com>>
Subject: Re: Unable to configure Riak-CS-Control to manage users

Thanks Siddhu,
Couple more questions.

1) Can you include a couple more sections from the Riak CS config (specifically, the anonymous_user_creation section and the admin_key).

2) Just to double-check, can you re-include the Riak CS Control config? (the whole riak_cs_control section).

3) Describe again exactly which parts are working and which aren't. What do you see when you open the Riak CS Control web interface? (And which commands are working with s3cmd?)



On Wed, Oct 9, 2013 at 10:50 AM, Siddhu Warrier (siwarrie) <siwarrie at cisco.com<mailto:siwarrie at cisco.com>> wrote:
Hi Dimitri,

Thank you for your email. I just tried this. I still have the same problem, except that I no longer get 403 errors in my Riak CS error log (as a matter of fact, I get nothing at all in my Riak CS, Riak CS Control, Stanchion, and Riak error logs).

I've put the basic config section of my riak-cs/app.config here for your reference.

               %% Riak CS http/https port and IP address to listen at
               %% for object storage activity
               {cs_ip, "10.0.1.202"},
               {cs_port, 8080 } ,

               %% Riak node to which Riak CS accesses
               {riak_ip, "10.0.1.202"},
               {riak_pb_port, 8087 } ,

               %% Configuration for access to request
               %% serialization service
               {stanchion_ip, "10.0.1.202"},
               {stanchion_port, 8085 },
               {stanchion_ssl, false },

Thanks,

Siddhu

From: Dmitri Zagidulin <dzagidulin at basho.com<mailto:dzagidulin at basho.com>>
Date: Wednesday, 9 October 2013 15:38
To: Siddhu Warrier <siwarrie at cisco.com<mailto:siwarrie at cisco.com>>
Cc: "riak-users at lists.basho.com<mailto:riak-users at lists.basho.com>" <riak-users at lists.basho.com<mailto:riak-users at lists.basho.com>>
Subject: Re: Unable to configure Riak-CS-Control to manage users

(Just to be extra clear, that's meant to be a comma at the end of that directive, not a period. Also, don't forget to restart Riak CS Control, after changing the proxy host).


On Wed, Oct 9, 2013 at 10:36 AM, Dmitri Zagidulin <dzagidulin at basho.com<mailto:dzagidulin at basho.com>> wrote:
Hi Siddhu,

Can you try changing 'cs_proxy_host' to localhost? So:

 {cs_proxy_host, "127.0.0.1" }.

and retry.




On Wed, Oct 9, 2013 at 9:55 AM, Siddhu Warrier (siwarrie) <siwarrie at cisco.com<mailto:siwarrie at cisco.com>> wrote:
Hi,

I have a two node Riak CS (1.4) cluster set up on two nodes (node-1 and node-2 henceforth). Node-1 is the headnode. Both node-1 and node-2 are running CentOS-6.4.

Node-1

  *   Riak 1.4.2
  *   Stanchion 1.4.1
  *   Riak-CS 1.4.1
  *   Riak-CS-Control 1.0.2

Node-2

  *   Riak 1.4.2
  *   Riak-CS 1.4.1

I have got Riak CS working, and have created admin credentials that I've set correctly on stanchion, riak-cs, and riak-cs-control on node 1, and on riak-cs on node 2. I am able to use the admin credentials to perform operations on the bucket using s3cmd.

However, when I try to list riak-cs users using the riak-cs-control, I get no results. The error that comes up in /var/log/riak-cs.log is:

10.0.1.202 - - [09/Oct/2013:13:09:31 +0000] "GET /buckets/users/objects HTTP/1.1" 403 160 "" ""

I also receive a 403 when I try to create an admin user.

I saw https://github.com/basho/riak_cs_control/issues/31 and set my /etc/riak-cs-control/app.config file up to use the cs_proxy_host parameter as well, though I'm not using proxies, but to no avail. I have reproduced the relevant section of my riak-cs-control/app.config here:
    {riak_cs_control, [
       %% What port to run the application on.
       {port, 8000 },

       %% Instance of Riak CS you wish to talk to.
       {cs_hostname, "10.0.1.202" },
       {cs_port, 8080 },
       {cs_protocol, "http" },

       %% Proxy information; necessary if you are using s3.amazonaws.com<http://s3.amazonaws.com> as
       %% your hostname.
       {cs_proxy_host, "10.0.1.202" },
       {cs_proxy_port, 8080 },

       %% Credentials you want the application to run as.
       {cs_admin_key, "5VI-NIFLNIHKRNGKPBVX" },
       {cs_admin_secret, "xxxxxxx" },

       %% Specify the bucket name for administration options.
       {cs_administration_bucket, "riak-cs" }
    ]},

Is there something I am missing/doing wrong?

Thanks,

Siddhu

_______________________________________________
riak-users mailing list
riak-users at lists.basho.com<mailto:riak-users at lists.basho.com>
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.basho.com/pipermail/riak-users_lists.basho.com/attachments/20131009/a2b62b41/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: stanchion.app.config
Type: application/octet-stream
Size: 3215 bytes
Desc: stanchion.app.config
URL: <http://lists.basho.com/pipermail/riak-users_lists.basho.com/attachments/20131009/a2b62b41/attachment.config>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: riak-cs-control.app.config
Type: application/octet-stream
Size: 2830 bytes
Desc: riak-cs-control.app.config
URL: <http://lists.basho.com/pipermail/riak-users_lists.basho.com/attachments/20131009/a2b62b41/attachment-0001.config>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: riak.app.config
Type: application/octet-stream
Size: 15323 bytes
Desc: riak.app.config
URL: <http://lists.basho.com/pipermail/riak-users_lists.basho.com/attachments/20131009/a2b62b41/attachment-0002.config>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: riakcs.app.config
Type: application/octet-stream
Size: 10020 bytes
Desc: riakcs.app.config
URL: <http://lists.basho.com/pipermail/riak-users_lists.basho.com/attachments/20131009/a2b62b41/attachment-0003.config>


More information about the riak-users mailing list