Ceph RadosGW Admin Ops, how to use it



Using RadosGW admin ops for the first time, can be a real headache , for this purpose i have made this post, where you will understand how to use this API.
Let’s start:

For issue a request through admin ops, you need to have a signature, this signature is make it signing a header.
The header must to be composed by the current date, the request type(GET/PUT/POST/DELETE) and the request itself.
This header must be signed by SSL including the admin ops secret on this signature.
Now , you can make a request.
Sometimes, the time is not the same as the radosgw node expect, you can hack on it changing the date=$(date) value with:
If your host has two hours more than the radosgw node, substract this two hours under $(( 10#$i-2)) variable, where 2 is the two hours to substract.

date=$(for i in $(date "+%H") ; do date "+%a, %d %b %Y $(( 10#$i-2 )):%M:%S +0000" ; done)

Examples:

Create a user named egonzalez:

#!/bin/bash
token=U2JCD4ZG4D1XJOI5XNF4 ## USER_TOKEN
secret=+IFgr7POzLWS0i3hQnC+dd3DOAZObHoY5NYm6m3b ## USER_SECRET
query=$1
name=$2
query3="&uid="
query2=admin/user
query4=""a-type=user"
date=$(date)
header="PUT\n\n\n${date}\n/${query2}"
sig=$(echo -en ${header} | openssl sha1 -hmac ${secret} -binary | base64)
curl -v -H "Date: ${date}" -H "Authorization: AWS ${token}:${sig}" -L -X PUT "http://10.0.2.10/${query2}?format=json${query3}${query}&display-name=${name}" -H "Host: 10.0.2.10"
##Change IPs with your own IPs

Output:

[ceph@adminnode scripts]$ sh createUser.sh egonzalez EgonzalezDescription
{"user_id":"egonzalez","display_name":"EgonzalezDescription","email":"","suspended":0,"max_buckets":1000,"subusers":[],"keys":[{"user":"egonzalez","access_key":"24FUKCWD6BL9T08DQ2JA","secret_key":"mEQdhcrsqOy7q6Snvu8B5d5A2Ek9OezJH+khwYvX"}],"swift_keys":[],"caps":[]}

See egonzalez quotas

#!/bin/bash
token=U2JCD4ZG4D1XJOI5XNF4 ## USER_TOKEN
secret=+IFgr7POzLWS0i3hQnC+dd3DOAZObHoY5NYm6m3b ## USER_SECRET
query=$1
query3="&uid="
query2=admin/user
query4=""a-type=user"
date=$(date)
header="GET\n\n\n${date}\n/${query2}"
sig=$(echo -en ${header} | openssl sha1 -hmac ${secret} -binary | base64)
curl -v -H "Date: ${date}" -H "Authorization: AWS ${token}:${sig}" -L -X GET "http://10.0.2.10/${query2}?quota${query3}${query}"a-type=user" -H "Host: 10.0.2.10"
##Change IPs with your own IPs

Output:

[ceph@adminnode scripts]$ sh getuserquota.sh egonzalez

{"enabled": true,"max_size_kb":1000,"max_objects":1000}Status: 200 OK

See egonzalez user information.

#!/bin/bash
token=U2JCD4ZG4D1XJOI5XNF4 ## USER_TOKEN
secret=+IFgr7POzLWS0i3hQnC+dd3DOAZObHoY5NYm6m3b ## USER_SECRET
query=$1
query3="&uid="
query2=admin/user
date=$(date)
header="GET\n\n\n${date}\n/${query2}"
sig=$(echo -en ${header} | openssl sha1 -hmac ${secret} -binary | base64)
curl -v -H "Date: ${date}" -H "Authorization: AWS ${token}:${sig}" -L -X GET "http://10.0.2.10/${query2}?format=json${query3}${query}" -H "Host: 10.0.2.10"
##Change IPs with your own IPs

Output:

[ceph@adminnode scripts]$ sh userInfo.sh egonzalez
{"user_id":"egonzalez","display_name":"EgonzalezDescription","email":"","suspended":0,"max_buckets":1000,"subusers":[],"keys":[{"user":"egonzalez","access_key":"24FUKCWD6BL9T08DQ2JA","secret_key":"mEQdhcrsqOy7q6Snvu8B5d5A2Ek9OezJH+khwYvX"}],"swift_keys":[],"caps":[]}

When you really understand how admin ops works, is not as dificult to use it, just search at the official documentation and modify the desired values.

I hope this helps:

Regards, Eduardo.

  • Horace

    hi, I tried your script but it doesn’t work and return ‘AccessDenied’. From the ceph documentation, you need to sign the whole header and change to lower case, however, the script above only sign the GET request and DATE, how about the other headers?
    http://docs.ceph.com/docs/hammer/radosgw/s3/authentication/

    Attached with the curl output when running the script, thanks.

    * About to connect() to s3xxx.xxxxx.net port 80 (#0)
    * Trying xxx.74.0.xxx…
    * Connected to s3xxx.xxxxx.net (202.74.0.120) port 80 (#0)
    > GET /adminreadonly/user?format=json&uid=xxxxxxx HTTP/1.1
    > User-Agent: curl/7.29.0
    > Accept: */*
    > Date: Wed Jul 20 17:06:38 HKT 2016
    > Authorization: AWS R41KOS0W8P2ZD0CZNWMU:HFbbG7zK5XXXX7RTsfbw3KOZtr8uWCI=
    > Host: s3.xxxx.net
    >
    < HTTP/1.1 403 Forbidden
    < x-amz-request-id: tx0000000000000001090ab-00578f3f24-5a89e-default
    < Content-Length: 78
    < Accept-Ranges: bytes
    < Content-Type: application/xml
    < Date: Wed, 20 Jul 2016 09:06:44 GMT
    <
    * Connection #0 to host s3xxx.xxxxx.net left intact
    AccessDenied

  • Agree. So I code a client in Java for using it. Ref: https://github.com/twonote/radosgw-admin4j

%d bloggers like this:

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close