[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ceph-users
Subject:    [ceph-users] How do I troubleshoot radosgw errors STS?
From:       mat () hazmat ! dev
Date:       2023-02-28 23:15:57
Message-ID: 167762615773.1676.17961074533688702582 () mailman-web
[Download RAW message or body]

I've setup RadosGW with STS ontop of my ceph cluster. It works great and fine but I'm \
also trying to setup authentication with an OpenIDConnect provider. I'm have a hard \
time troubleshooting issues because the radosgw log file doesn't have much \
information in it. For example when I try to use the `sts:AssumeRoleWithWebIdentity` \
API it fails with `{'Code': 'AccessDenied', ...}` and all I see is the beat log \
showing an HTTP 403.

Is there a way to enable more verbose logging so I can see what is failing and why \
I'm getting certain errors with STS, S3, or IAM apis?

My ceph.conf looks like this for each node (mildly redacted):

```
[client.radosgw.pve4]
    host = pve4
    keyring = /etc/pve/priv/ceph.client.radosgw.keyring
    log file = /var/log/ceph/client.radosgw.$host.log
    rgw_dns_name = s3.lab
    rgw_frontends = beast endpoint=0.0.0.0:7480 ssl_endpoint=0.0.0.0:443 \
ssl_certificate=/etc/pve/priv/ceph/s3.lab.crt \
ssl_private_key=/etc/pve/priv/ceph/s3.lab.key  rgw_sts_key = 1111111111111111
    rgw_s3_auth_use_sts = true
    rgw_enable_apis = s3, s3website, admin, sts, iam
```
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-leave@ceph.io


[prev in list] [next in list] [prev in thread] [next in thread]