Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

DMJO

14 Posts

3402

April 26th, 2016 07:00

Can only access ESC through "proxy"

We have setup an ECS Community Edition to evaluate ECS.

Now I have come to the point where I want to access my bucket.

I am using the s3curl.pl script to test, and I execute the s3cul.pl on the same machine as ECS is installed on (not in the docker container).

If I try the "straight forward" command "s3curl.pl --id=dajoha --debug -- -v http://localhost:9020" i get the following back:

---------------------------------------------------------8<----------------------------------------------------

s3curl: Found the url: host=localhost; port=9020; uri=; query=;

s3curl: cname endpoint signing case

s3curl: StringToSign='GET\n\n\nTue, 26 Apr 2016 14:32:50 +0000\n/localhost/'

s3curl: exec curl -v -H 'Date: Tue, 26 Apr 2016 14:32:50 +0000' -H 'Authorization: AWS dajoha:rKls3dpAeOr0SqAmdU8d72tSQ4E=' -L -H 'content-type: ' -v http://localhost:9020

* About to connect() to localhost port 9020 (#0)

*   Trying 127.0.0.1...

* Connected to localhost (127.0.0.1) port 9020 (#0)

> GET / HTTP/1.1

> User-Agent: curl/7.29.0

> Host: localhost:9020

> Accept: */*

> Date: Tue, 26 Apr 2016 14:32:50 +0000

> Authorization: AWS dajoha:rKls3dpAeOr0SqAmdU8d72tSQ4E=

>

< HTTP/1.1 403 Forbidden

< Date: Tue, 26 Apr 2016 14:32:50 GMT

< x-amz-id-2:

< Server: ViPR/1.0

< x-amz-request-id: 823cd7d5:15451a5bc85:79:0

< Content-Type: application/xml

< Content-Length: 326

<

* Connection #0 to host localhost left intact

SignatureDoesNotMatchThe request signature we calculated does not match the signature you provided. Check your Secret Access Key and signing method. For more information, see REST Authentication and SOAP Authentication for details.823cd7d5:15451a5bc85:79:0

---------------------------------------------------------8<----------------------------------------------------

But if I specify a proxy for curl and change the URL to s3.amazonaws.com I get a list as expected:

---------------------------------------------------------8<----------------------------------------------------

# s3curl.pl --id=dajoha --debug -- -v -x localhost:9020 http://s3.amazonaws.com

s3curl: Found the url: host=s3.amazonaws.com; port=; uri=; query=;

s3curl: ordinary endpoint signing case

s3curl: StringToSign='GET\n\n\nTue, 26 Apr 2016 14:37:15 +0000\n/'

s3curl: exec curl -v -H 'Date: Tue, 26 Apr 2016 14:37:15 +0000' -H 'Authorization: AWS dajoha:yvcCJgXcM5i9vBkI9a/R1bFc9i4=' -L -H 'content-type: ' -v -x localhost:9020 http://s3.amazonaws.com

* About to connect() to proxy localhost port 9020 (#0)

*   Trying 127.0.0.1...

* Connected to localhost (127.0.0.1) port 9020 (#0)

> GET http://s3.amazonaws.com/ HTTP/1.1

> User-Agent: curl/7.29.0

> Host: s3.amazonaws.com

> Accept: */*

> Proxy-Connection: Keep-Alive

> Date: Tue, 26 Apr 2016 14:37:15 +0000

> Authorization: AWS dajoha:yvcCJgXcM5i9vBkI9a/R1bFc9i4=

>

< HTTP/1.1 200 OK

< Date: Tue, 26 Apr 2016 14:37:15 GMT

< Server: ViPR/1.0

< x-amz-request-id: 823cd7d5:15451a5bc85:7c:1

< x-amz-id-2:

< Content-Type: application/xml

< Content-Length: 582

<

* Connection #0 to host localhost left intact

http://s3.amazonaws.com/doc/2006-03-01/">dajohadajohaDJO_12016-04-19T16:15:19.462+02:00falseemctest2016-04-26T15:07:05.544+02:00falsefalse

---------------------------------------------------------8<----------------------------------------------------

Any suggestion what I have done wrong?

If I were to just use a CLI it would be no problem, but we have some applications here (among others EMC CloudArray) where I can not specify a proxy.

Regards

D/\N

benschumacher

1 Rookie

 • 

75 Posts

April 26th, 2016 12:00

Have you tried running your first example using 127.0.0.1:9020 instead of localhost:9020?

-Ben

JasonCwik

281 Posts

April 26th, 2016 14:00

The issue here is that s3curl has a list of valid "endpoints" it uses to help it compute the canonicalized path.  You can see at the end of the StringToSign there's "/localhost/".  This is incorrect.

The fix is to configure s3curl to include your endpoint (e.g. localhost).  The instructions are in the ECS documentation (see step 4 under this topic):

http://www.emc.com/techpubs/ecs/ecs_create_bucket-2.htm?_ga=1.42639269.1631791353.1456427359#GUID-2E37CDB4-12FB-4BA7-937…

This issue is specific to how s3curl works and is not a general ECS issue.

DMJO

14 Posts

April 26th, 2016 23:00

This results in the same issue as with localhost.

--

D/\N

DMJO

14 Posts

April 26th, 2016 23:00

OK, adding @endpoints to .s3curl fixes the issue when running s3curl on the local machine - which is really not useful for something else than testing.

We still have an issue with "external" Hosts trying to access ECS using the "S3-protokoll" like S3-Browser and EMC CloudArray.

D/\N

DMJO

14 Posts

April 27th, 2016 02:00

So, I've solved the issue with the S*-Browser as well - I have to use the SSL-port (9021) instead of 9020.

Now I have run into another problem...

In the S3-Browser I can upload a file to a Bucket (and I can see on the Dashboard that the file is uploaded as "Used Data" increases with exactly the filesize) but when the S3-Browser tries to list the content of the Bucket I get an error "Internal error".

Trying s3curl I see the following:

1) Listing the Buckets works fine

# s3curl.pl --id=dajoha -- --insecure https://iddjo02.uzh.ch:9021

http://s3.amazonaws.com/doc/2006-03-01/">dajohadajohaDJO22016-04-27T09:08:10.214+02:00falseDJO_12016-04-19T16:15:19.462+02:00falseblabla2016-04-27T10:58:51.728+02:00falseemctest2016-04-26T15:07:05.544+02:00falsefalse

2) Listing an empty Bucket also works fine

# s3curl.pl --id=dajoha -- --insecure https://iddjo02.uzh.ch:9021/emctest

http://s3.amazonaws.com/doc/2006-03-01/">emctest1000falsefalse

3) Listing a Bucket with object in it fails

# s3curl.pl --id=dajoha -- --insecure https://iddjo02.uzh.ch:9021/blabla

InternalErrorWe encountered an internal error. Please try again.

Any suggestions?

D/\N

Was this post helpful?

View All

0 events found

No Events found!

Top