pyjuju

Bug #1064015
Comment #2

Comment 2 for bug 1064015

Revision history for this message

Kapil Thangavelu (hazmat) wrote on 2012-10-11: Re: [Bug 1064015] Re: openstack_s3 with Swift S3 API does not bootstrap correctly

mostly this exposing differences in the swift implementation of s3, which
doesn't support signed urls without additional middleware, and apparently
creates buckets public by default (the opposite of s3). The openstack_s3
component exists primarily for installations without swift/objectstore
installations.

On Mon, Oct 8, 2012 at 11:29 PM, Ryan Finnie <email address hidden>wrote:

> It appears the bootstrap node is trying to get $BUCKET/juju_master_id
> using an invalid query string authentication method.
>
> JUJU_CLIENT_IP - - [09/Oct/2012:02:40:33 +0000] "GET
> /juju-rfinnie-metadata-swift/provider-state HTTP/1.0" 404 4747 "-" "Twisted
> PageGetter"
> JUJU_CLIENT_IP - - [09/Oct/2012:02:40:34 +0000] "PUT
> /juju-rfinnie-metadata-swift/bootstrap-verify HTTP/1.0" 404 4747 "-"
> "Twisted PageGetter"
> JUJU_CLIENT_IP - - [09/Oct/2012:02:40:35 +0000] "PUT
> /juju-rfinnie-metadata-swift/ HTTP/1.0" 200 4678 "-" "Twisted PageGetter"
> JUJU_CLIENT_IP - - [09/Oct/2012:02:40:36 +0000] "PUT
> /juju-rfinnie-metadata-swift/bootstrap-verify HTTP/1.0" 200 4630 "-"
> "Twisted PageGetter"
> JUJU_CLIENT_IP - - [09/Oct/2012:02:40:42 +0000] "PUT
> /juju-rfinnie-metadata-swift/juju_master_id HTTP/1.0" 200 4630 "-" "Twisted
> PageGetter"
> JUJU_CLIENT_IP - - [09/Oct/2012:02:40:43 +0000] "PUT
> /juju-rfinnie-metadata-swift/provider-state HTTP/1.0" 200 4630 "-" "Twisted
> PageGetter"
> BOOTSTRAP_IP - - [09/Oct/2012:02:44:38 +0000] "GET
> /juju-rfinnie-metadata-swift/juju_master_id?Signature=REMOVED HTTP/1.1" 401
> 4895 "-" "curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1
> zlib/1.2.3.4 libidn/1.23 librtmp/2.3"
>
> According to http://s3.amazonaws.com/doc/s3-developer-
> guide/RESTAuthentication.html, query string authentication requires
> AWSAccessKeyId, Expires and Signature, while the bootstrap node is only
> providing Signature. I'm guessing this is papered over in real S3
> because Juju is setting the bucket to full global read (!!!), and swift3
> does not support S3 ACLs, so the container/bucket is still restricted to
> only the owner.
>
> --
> You received this bug notification because you are subscribed to juju.
> https://bugs.launchpad.net/bugs/1064015
>
> Title:
> openstack_s3 with Swift S3 API does not bootstrap correctly
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/juju/+bug/1064015/+subscriptions
>

On Mon, Oct 8, 2012 at 11:29 PM, Ryan Finnie <ryan.finnie@canonical.com>wrote:

> It appears the bootstrap node is trying to get $BUCKET/juju_master_id
> using an invalid query string authentication method.
>
> JUJU_CLIENT_IP - - [09/Oct/2012:02:40:33 +0000] "GET
> /juju-rfinnie-metadata-swift/provider-state HTTP/1.0" 404 4747 "-" "Twisted
> PageGetter"
> JUJU_CLIENT_IP - - [09/Oct/2012:02:40:34 +0000] "PUT
> /juju-rfinnie-metadata-swift/bootstrap-verify HTTP/1.0" 404 4747 "-"
> "Twisted PageGetter"
> JUJU_CLIENT_IP - - [09/Oct/2012:02:40:35 +0000] "PUT
> /juju-rfinnie-metadata-swift/ HTTP/1.0" 200 4678 "-" "Twisted PageGetter"
> JUJU_CLIENT_IP - - [09/Oct/2012:02:40:36 +0000] "PUT
> /juju-rfinnie-metadata-swift/bootstrap-verify HTTP/1.0" 200 4630 "-"
> "Twisted PageGetter"
> JUJU_CLIENT_IP - - [09/Oct/2012:02:40:42 +0000] "PUT
> /juju-rfinnie-metadata-swift/juju_master_id HTTP/1.0" 200 4630 "-" "Twisted
> PageGetter"
> JUJU_CLIENT_IP - - [09/Oct/2012:02:40:43 +0000] "PUT
> /juju-rfinnie-metadata-swift/provider-state HTTP/1.0" 200 4630 "-" "Twisted
> PageGetter"
> BOOTSTRAP_IP - - [09/Oct/2012:02:44:38 +0000] "GET
> /juju-rfinnie-metadata-swift/juju_master_id?Signature=REMOVED HTTP/1.1" 401
> 4895 "-" "curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1
> zlib/1.2.3.4 libidn/1.23 librtmp/2.3"
>
> According to http://s3.amazonaws.com/doc/s3-developer-
> guide/RESTAuthentication.html, query string authentication requires
> AWSAccessKeyId, Expires and Signature, while the bootstrap node is only
> providing Signature.  I'm guessing this is papered over in real S3
> because Juju is setting the bucket to full global read (!!!), and swift3
> does not support S3 ACLs, so the container/bucket is still restricted to
> only the owner.
>
> --
> You received this bug notification because you are subscribed to juju.
> https://bugs.launchpad.net/bugs/1064015
>
> Title:
>   openstack_s3 with Swift S3 API does not bootstrap correctly
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/juju/+bug/1064015/+subscriptions
>