Unable to configure Riak-CS-Control to manage users

Dmitri Zagidulin dzagidulin at basho.com
Wed Oct 9 14:22:59 EDT 2013


Ok, yes, I think the hostname mismatch betwen CS and CS Control is at issue
(it's somewhat confusing, I agree).

So:
Since you have

{cs_root_host, "s3.amazonaws.com"},

in CS Config, you want your cs_hostname to match that in CS Control's
config. So, my CS Control config looks like:
       %% Instance of Riak CS you wish to talk to.
       {cs_hostname, "s3.amazonaws.com" },
       {cs_port, 80 },
       {cs_protocol, "http" },

       %% Proxy information; necessary if you are using s3.amazonaws.com as
       %% your hostname.
       {cs_proxy_host, "localhost" },
       {cs_proxy_port, 8080 },

(Your cs_proxy_host would be 10.0.1.202 or 127.0.0.1, depending on your
setup).

Does that make sense?

Dmitri




On Wed, Oct 9, 2013 at 12:22 PM, Siddhu Warrier (siwarrie) <
siwarrie at cisco.com> wrote:

>  Hi Dmitri,
>
>  Sorry I failed to attach the s3cfg file.
>
>  Cheers,
>
>  Siddhu
>
>   From: Dmitri Zagidulin <dzagidulin at basho.com>
> Date: Wednesday, 9 October 2013 16:51
>
> To: Siddhu Warrier <siwarrie at cisco.com>
> Cc: "riak-users at lists.basho.com" <riak-users at lists.basho.com>
> Subject: Re: Unable to configure Riak-CS-Control to manage users
>
>   Ok, I suspect it has to do with a mismatch between cs_root_host setting
> in riakcs.app.config and the corresponding setting in
> riak-cs-control.app.config.  Can you attach your .s3cfg, so I can confirm?
>
>  Dmitri
>
>
> On Wed, Oct 9, 2013 at 11:16 AM, Siddhu Warrier (siwarrie) <
> siwarrie at cisco.com> wrote:
>
>>  Hi Dmitri,
>>
>>  Thanks again for your rapid reply!
>>
>>  1, 2) I have attached my riak, stanchion, riak-cs and riak-cs-control
>> app.config files here
>> 3)
>> *Things that work with s3cmd (s3 config attached):*
>>
>>    - Create a bucket, upload a file, download a file, delete buckets
>>    recursively, list contents of buckets
>>
>>  [root at cpn-int-store-03 ~]# s3cmd mb s3://cloudcuckooland
>> Bucket 's3://cloudcuckooland/' created
>> [root at cpn-int-store-03 ~]# s3cmd put cobbler.ks
>> s3://cloudcuckooland/shoemaker
>> cobbler.ks -> s3://cloudcuckooland/shoemaker  [1 of 1]
>>  6964 of 6964   100% in    0s   114.14 kB/s  done
>> [root at cpn-int-store-03 ~]# s3cmd la
>> 2013-10-09 14:47      6964   s3://cloudcuckooland/shoemaker
>>
>>  [root at cpn-int-store-03 ~]# s3cmd get s3://cloudcuckooland/shoemaker
>> /tmp/shoemaker.tmp
>> s3://cloudcuckooland/shoemaker -> /tmp/shoemaker.tmp  [1 of 1]
>>  6964 of 6964   100% in    0s   659.50 kB/s  done
>>  [root at cpn-int-store-03 ~]# s3cmd rb --force s3://cloudcuckooland
>> WARNING: Bucket is not empty. Removing all the objects from it first.
>> This may take some time...
>> File s3://cloudcuckooland/shoemaker deleted
>> Bucket 's3://cloudcuckooland/' removed
>>
>>  *Things that do not work:*
>>
>>    - Riak CS Control: Create user
>>    - Riak CS Control: List users
>>
>> *Note:* With anonymous user creation set to true, I was able to view
>> information about users and modify them.
>>
>>  I was however able to view the information about a particular user.
>>  [root at cpn-int-store-03 ~]# s3cmd get s3://riak-cs/user -
>> s3://riak-cs/user -> <stdout>  [1 of 1]
>> <?xml version="1.0" encoding="UTF-8"?><User><Email>xxxx at cisco.com</Email><DisplayName>xxxxx</DisplayName><Name>Rory
>> Irvine</Name><KeyId>5VI-NIFLNIHKRNGKPBVX</KeyId><KeySec 338 of 338   100%
>> in    0s     4.57 kB/s
>>  doneeySecret><Id>c26c71a140f18b6853b45fd3ce4a672e0471b62a04920c2a77def7a0bfbcde0d</Id><Status>enabled</Status></User>
>>  [root at cpn-int-store-03 ~]# s3cmd get
>> s3://riak-cs/user/9UND62Q1-EIDE9YO1GI0  -
>> s3://riak-cs/user/9UND62Q1-EIDE9YO1GI0 -> <stdout>  [1 of 1]
>> <?xml version="1.0" encoding="UTF-8"?><User><Email>foobar at example.com</Email><DisplayName>foobar</DisplayName><Name>foo
>> bar</Name><KeyId>9UND62Q1-EIDE9YO1GI0</KeyId><KeySecret>4o 333 of 333
>> 100% in    0s    43.04 kB/s
>>  doneet><Id>6057fd7d3a7c43b06f839441585d35de197baa57a4696318803afd81c5887aec</Id><Status>disabled</Status></User>
>>
>>  Thanks,
>>
>>  Siddhu
>>
>>   From: Dmitri Zagidulin <dzagidulin at basho.com>
>> Date: Wednesday, 9 October 2013 16:02
>>
>> To: Siddhu Warrier <siwarrie at cisco.com>
>> Cc: "riak-users at lists.basho.com" <riak-users at lists.basho.com>
>> Subject: Re: Unable to configure Riak-CS-Control to manage users
>>
>>     Thanks Siddhu,
>>  Couple more questions.
>>
>>  1) Can you include a couple more sections from the Riak CS config
>> (specifically, the anonymous_user_creation section and the admin_key).
>>
>>  2) Just to double-check, can you re-include the Riak CS Control config?
>> (the whole riak_cs_control section).
>>
>>  3) Describe again exactly which parts are working and which aren't. What
>> do you see when you open the Riak CS Control web interface? (And which
>> commands are working with s3cmd?)
>>
>>
>>
>> On Wed, Oct 9, 2013 at 10:50 AM, Siddhu Warrier (siwarrie) <
>> siwarrie at cisco.com> wrote:
>>
>>>  Hi Dimitri,
>>>
>>>  Thank you for your email. I just tried this. I still have the same
>>> problem, except that I no longer get 403 errors in my Riak CS error log (as
>>> a matter of fact, I get nothing at all in my Riak CS, Riak CS Control,
>>> Stanchion, and Riak error logs).
>>>
>>>  I've put the basic config section of my riak-cs/app.config here for
>>> your reference.
>>>
>>>                 %% Riak CS http/https port and IP address to listen at
>>>                %% for object storage activity
>>>                {cs_ip, "10.0.1.202"},
>>>                {cs_port, 8080 } ,
>>>
>>>                 %% Riak node to which Riak CS accesses
>>>                {riak_ip, "10.0.1.202"},
>>>                {riak_pb_port, 8087 } ,
>>>
>>>                 %% Configuration for access to request
>>>                %% serialization service
>>>                {stanchion_ip, "10.0.1.202"},
>>>                {stanchion_port, 8085 },
>>>                {stanchion_ssl, false },
>>>
>>>  Thanks,
>>>
>>>  Siddhu
>>>
>>>   From: Dmitri Zagidulin <dzagidulin at basho.com>
>>> Date: Wednesday, 9 October 2013 15:38
>>> To: Siddhu Warrier <siwarrie at cisco.com>
>>> Cc: "riak-users at lists.basho.com" <riak-users at lists.basho.com>
>>> Subject: Re: Unable to configure Riak-CS-Control to manage users
>>>
>>>   (Just to be extra clear, that's meant to be a comma at the end of
>>> that directive, not a period. Also, don't forget to restart Riak CS
>>> Control, after changing the proxy host).
>>>
>>>
>>> On Wed, Oct 9, 2013 at 10:36 AM, Dmitri Zagidulin <dzagidulin at basho.com>wrote:
>>>
>>>>  Hi Siddhu,
>>>>
>>>>  Can you try changing 'cs_proxy_host' to localhost? So:
>>>>
>>>>  {cs_proxy_host, "127.0.0.1" }.
>>>>
>>>>  and retry.
>>>>
>>>>
>>>>
>>>>
>>>>  On Wed, Oct 9, 2013 at 9:55 AM, Siddhu Warrier (siwarrie) <
>>>> siwarrie at cisco.com> wrote:
>>>>
>>>>>   Hi,
>>>>>
>>>>>  I have a two node Riak CS (1.4) cluster set up on two nodes (node-1
>>>>> and node-2 henceforth). Node-1 is the headnode. Both node-1 and node-2 are
>>>>> running CentOS-6.4.
>>>>>
>>>>>  *N**ode-1*
>>>>>
>>>>>    - Riak 1.4.2
>>>>>    - Stanchion 1.4.1
>>>>>    - Riak-CS 1.4.1
>>>>>    - Riak-CS-Control 1.0.2
>>>>>
>>>>> *N**ode-2*
>>>>>
>>>>>    - Riak 1.4.2
>>>>>    - Riak-CS 1.4.1
>>>>>
>>>>> I have got Riak CS working, and have created admin credentials that
>>>>> I've set correctly on stanchion, riak-cs, and riak-cs-control on node 1,
>>>>> and on riak-cs on node 2. I am able to use the admin credentials to perform
>>>>> operations on the bucket using s3cmd.
>>>>>
>>>>>  However, when I try to list riak-cs users using the riak-cs-control,
>>>>> I get no results. The error that comes up in /var/log/riak-cs.log is:
>>>>>
>>>>> 10.0.1.202 - - [09/Oct/2013:13:09:31 +0000] "GET /buckets/users/objects HTTP/1.1" 403 160 "" ""
>>>>>
>>>>>  I also receive a 403 when I try to create an admin user.
>>>>>
>>>>>  I saw https://github.com/basho/riak_cs_control/issues/31 and set my
>>>>> /etc/riak-cs-control/app.config file up to use the cs_proxy_host parameter
>>>>> as well, though I'm not using proxies, but to no avail. I have reproduced
>>>>> the relevant section of my riak-cs-control/app.config here:
>>>>>      {riak_cs_control, [
>>>>>        %% What port to run the application on.
>>>>>        {port, 8000 },
>>>>>
>>>>>         %% Instance of Riak CS you wish to talk to.
>>>>>        {cs_hostname, "10.0.1.202" },
>>>>>        {cs_port, 8080 },
>>>>>        {cs_protocol, "http" },
>>>>>
>>>>>         %% Proxy information; necessary if you are using
>>>>> s3.amazonaws.com as
>>>>>        %% your hostname.
>>>>>        {cs_proxy_host, "10.0.1.202" },
>>>>>        {cs_proxy_port, 8080 },
>>>>>
>>>>>         %% Credentials you want the application to run as.
>>>>>        {cs_admin_key, "5VI-NIFLNIHKRNGKPBVX" },
>>>>>        {cs_admin_secret, "xxxxxxx" },
>>>>>
>>>>>         %% Specify the bucket name for administration options.
>>>>>        {cs_administration_bucket, "riak-cs" }
>>>>>     ]},
>>>>>
>>>>>  Is there something I am missing/doing wrong?
>>>>>
>>>>>  Thanks,
>>>>>
>>>>>  Siddhu
>>>>>
>>>>>  _______________________________________________
>>>>> riak-users mailing list
>>>>> riak-users at lists.basho.com
>>>>> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
>>>>>
>>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.basho.com/pipermail/riak-users_lists.basho.com/attachments/20131009/bf26c445/attachment.html>


More information about the riak-users mailing list