0

I'm going to use Ceph(rook-ceph V15.2.5)STS service to create temp credentials to access ceph bucket resources by Java, and followed the example steps in: https://docs.ceph.com/en/latest/radosgw/STS/. When calling the assumeRole to get credentials, it's fialed with 400. And from the rgw log:

debug 2020-12-23T02:57:26.656+0000 7f8fd8dd4700 10 moving my-store.rgw.meta+roles+roles.5c5d7e0e-7492-4b53-8aa2-cd0a316f88af to cache LRU end
debug 2020-12-23T02:57:26.656+0000 7f8fd8dd4700  2 req 451 0.003000119s sts:assume_role verifying op params
debug 2020-12-23T02:57:26.656+0000 7f8fd8dd4700  2 req 451 0.003000119s sts:assume_role pre-executing
debug 2020-12-23T02:57:26.656+0000 7f8fd8dd4700  2 req 451 0.003000119s sts:assume_role executing
debug 2020-12-23T02:57:26.656+0000 7f8fd8dd4700  0 ERROR: Invalid secret key
debug 2020-12-23T02:57:26.656+0000 7f8fd8dd4700  2 req 451 0.003000119s sts:assume_role completing
debug 2020-12-23T02:57:26.656+0000 7f8fd8dd4700  2 req 451 0.003000119s sts:assume_role op status=-22
debug 2020-12-23T02:57:26.656+0000 7f8fd8dd4700  2 req 451 0.003000119s sts:assume_role http status=400

There is a "Invalid secret key" error. Does this means the rgw sts key is invalid?

I have set the config the sts key with 16 chars under rgw pod: /etc/ceph/ceph.conf

[client.radosgw.gateway]
rgw sts key = "abcdefghijklmnop"
rgw s3 auth use sts = true

Does anybody knows how to solve this issue?Thanks

Dylan
  • 1
  • Hi @Dylan! Can you shed some light and describe a way you solved the issue? We are currently suffer from the same problem and have no ideas about a solution. – Alex Sergeenko Mar 12 '21 at 08:58

1 Answers1

0

The section heading [client.radosgw.gateway] is not to be copied blindly from the Ceph docs: there should be a {cluster-name} in there to be replaced. Putting these entries under [global] also works if you have only one cluster or use the same key for all of them.

boscadubh
  • 1
  • 3