LINUX.ORG.RU
ФорумAdmin

S3 error: 403 (AccessDenied) на кластерной файловой системе LeoFS

 , ,


0

1

Установил кластерную файловую систему LeoFS по инструкциям и комментариям в этом issue https://github.com/leo-project/leofs_ansible/issues/4

Status пишет что кластер работает:

leofs-adm status
 [System Confiuration]
-----------------------------------+----------
 Item                              | Value    
-----------------------------------+----------
 Basic/Consistency level
-----------------------------------+----------
                    system version | 1.2.22
                        cluster Id | leofs_1
                             DC Id | dc_1
                    Total replicas | 2
          number of successes of R | 1
          number of successes of W | 1
          number of successes of D | 1
 number of rack-awareness replicas | 0
                         ring size | 2^128
-----------------------------------+----------
 Multi DC replication settings
-----------------------------------+----------
        max number of joinable DCs | 2
           number of replicas a DC | 1
-----------------------------------+----------
 Manager RING hash
-----------------------------------+----------
                 current ring-hash | 5599d172
                previous ring-hash | 5599d172
-----------------------------------+----------

 [State of Node(s)]
-------+----------------------+--------------+----------------+----------------+----------------------------
 type  |         node         |    state     |  current ring  |   prev ring    |          updated at         
-------+----------------------+--------------+----------------+----------------+----------------------------
  S    | S0@172.26.9.179      | running      | 5599d172       | 5599d172       | 2019-12-02 10:40:05 +0000
  S    | S0@172.26.9.181      | running      | 5599d172       | 5599d172       | 2019-12-02 10:40:05 +0000
  G    | G0@172.26.9.180      | running      | 5599d172       | 5599d172       | 2019-12-02 10:40:07 +0000
-------+----------------------+--------------+----------------+----------------+----------------------------


Создал юзера

leofs-adm create-user leofs leofs
  access-key-id: 9c2615f32e81e6a1caf5
  secret-access-key: 8aaaa35c1ad78a2cbfa1a6cd49ba8aaeb3ba39eb

Список юзеров:

leofs-adm get-users
user_id     | role_id | access_key_id          | created_at                
------------+---------+------------------------+---------------------------
_test_leofs | 9       | 05236                  | 2019-12-02 06:56:49 +0000
leofs       | 1       | 9c2615f32e81e6a1caf5   | 2019-12-02 10:43:29 +0000

Сделал bucket

leofs-adm add-bucket leofs 9c2615f32e81e6a1caf5
OK

Список bucket:

 leofs-adm get-buckets
cluster id   | bucket   | owner  | permissions      | created at                
-------------+----------+--------+------------------+---------------------------
leofs_1      | leofs    | leofs  | Me(full_control) | 2019-12-02 10:44:02 +0000

Конфигурирование s3cmd:

s3cmd --configure 

Enter new values or accept defaults in brackets with Enter.
Refer to user manual for detailed description of all options.

Access key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables.
Access Key [9c2615f32e81e6a1caf5]: 
Secret Key [8aaaa35c1ad78a2cbfa1a6cd49ba8aaeb3ba39eb]: 
Default Region [US]: 

Use "s3.amazonaws.com" for S3 Endpoint and not modify it to the target Amazon S3.
S3 Endpoint [s3.amazonaws.com]: 

Use "%(bucket)s.s3.amazonaws.com" to the target Amazon S3. "%(bucket)s" and "%(location)s" vars can be used
if the target S3 system supports dns based buckets.
DNS-style bucket+hostname:port template for accessing a bucket [%(bucket)s.s3.amazonaws.com]: leofs

Encryption password is used to protect your files from reading
by unauthorized persons while in transfer to S3
Encryption password: 
Path to GPG program [/usr/bin/gpg]: 

When using secure HTTPS protocol all communication with Amazon S3
servers is protected from 3rd party eavesdropping. This method is
slower than plain HTTP, and can only be proxied with Python 2.7 or newer
Use HTTPS protocol [No]: 

On some networks all internet access must go through a HTTP proxy.
Try setting it here if you can't connect to S3 directly
HTTP Proxy server name [172.26.9.180]: 
HTTP Proxy server port [8080]: 

New settings:
  Access Key: 9c2615f32e81e6a1caf5
  Secret Key: 8aaaa35c1ad78a2cbfa1a6cd49ba8aaeb3ba39eb
  Default Region: US
  S3 Endpoint: s3.amazonaws.com
  DNS-style bucket+hostname:port template for accessing a bucket: leofs
  Encryption password: 
  Path to GPG program: /usr/bin/gpg
  Use HTTPS protocol: False
  HTTP Proxy server name: 172.26.9.180
  HTTP Proxy server port: 8080

Test access with supplied credentials? [Y/n] Y
Please wait, attempting to list all buckets...
Success. Your access key and secret key worked fine :-)

Now verifying that encryption works...
Not configured. Never mind.

Save settings? [y/N] y
Configuration saved to '/home/user/.s3cfg'

Закачка файлов

s3cmd put test.py s3://leofs/
upload: 'test.py' -> 's3://leofs/test.py'  [1 of 1]
 382 of 382   100% in    0s     3.40 kB/s  done
ERROR: S3 error: 403 (AccessDenied): Access Denied

Если поменять права на bucket, то можно будет закачать файл

leofs-adm update-acl leofs 9c2615f32e81e6a1caf5 public-read-write
OK

Закачка c public-read-write bucket

s3cmd put test.py s3://leofs/
upload: 'test.py' -> 's3://leofs/test.py'  [1 of 1]
 382 of 382   100% in    0s     2.92 kB/s  done