Ask Your Question

Radosgw s3 access

asked 2015-08-06 15:14:29 -0500

Rodrigo gravatar image

I deployed my environment using fuel 6.1 with success using ceph. Now I trying access the object storage.

I can connect using the client "CloudBerry Explorer for OpenStack Storage" Swift API with success.

but I can not connect using "CloudBerry Explorer for Amazon S3" S3 using the same username and password, my config in the client is:

Service Point: MYPUBLICIP:8080 Access Key: myusername Secret Key: mypassword

I need additional configuration ?

edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted

answered 2018-05-24 04:21:47 -0500

sgaravat gravatar image

So, if I have got it right, you are referring to openstack users that are therefore created "automatically" in rados-gw, and you would like that those users have S3 access.

I think this can be done by creating the S3 keys for these users, e.g.:

radosgw-admin key create --key-type=s3 --gen-access-key --gen-secret \ --uid="a22db12575694c9e9f8650dde73ef565\$a22db12575694c9e9f8650dde73ef565" --rgw-realm=cloudtest

edit flag offensive delete link more

answered 2015-11-28 04:46:16 -0500

capsali gravatar image

If it's not too late and you didn't figure it out already you need to create ec2 credentials with openstack ec2 credentials create --project xxx --user xxx . The output would give you an acces key and a private key to use with s3.

I may be wrong but i think once radosgw get's users from keystone it creates keys automatically to so a query for user info in radosgw might give you these keys too to connect with s3 api.

Did you figure out how to set quotas on account when using radosgw with keystone users? I mean setting quota from openstack cli/api, not from ceph cli/api (which i am currently using).

edit flag offensive delete link more

answered 2015-08-10 16:21:07 -0500

Creating a user also creates an access_key and secret_key entry for use with any S3 API-compatible client.

sudo radosgw-admin user create --uid="testuser" --display-name="First User"

The output of the command will be something like the following:

{"user_id": "testuser",
"display_name": "First User",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [],
"keys": [
{ "user": "testuser",
"access_key": "I0PJDPCIYZ665MW88W9R",
"secret_key": "dxaXZ8U90SXydYzyS5ivamEP20hkLSUViiaR+ZDA"}],
"swift_keys": [],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"placement_tags": [],
"bucket_quota": { "enabled": false,
"max_size_kb": -1,
"max_objects": -1},
"user_quota": { "enabled": false,
"max_size_kb": -1,
"max_objects": -1},
"temp_url_keys": []}
edit flag offensive delete link more


But de radosgw is configured for use keystone as backend, I need create separate user ? For example the swift use the keystone backend too and i can connect using my credentials.

Rodrigo gravatar imageRodrigo ( 2015-08-11 10:14:32 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-08-06 15:14:29 -0500

Seen: 983 times

Last updated: May 24 '18