Can only access ESC through 'proxy'

Question

We have setup an ECS Community Edition to evaluate ECS.Now I have come to the point where I want to access my bucket.I am using the s3curl.pl script to test, and I execute the s3cul.pl on the same machine as ECS is installed on (not in the docker container).If I try the 'straight forward' command 's3curl.pl --id=dajoha --debug -- -v http://localhost:9020' i get the following back:---------------------------------------------------------8 GET / HTTP/1.1 User-Agent: curl/7.29.0 Host: localhost:9020 Accept: */* Date: Tue, 26 Apr 2016 14:32:50 +0000 Authorization: AWS dajoha:rKls3dpAeOr0SqAmdU8d72tSQ4E=  HTTP/1.1 403 Forbidden Date: Tue, 26 Apr 2016 14:32:50 GMT x-amz-id-2:  Server: ViPR/1.0 x-amz-request-id: 823cd7d5:15451a5bc85:79:0 Content-Type: application/xml Content-Length: 326 * Connection #0 to host localhost left intactSignatureDoesNotMatchThe request signature we calculated does not match the signature you provided. Check your Secret Access Key and signing method. For more information, see REST Authentication and SOAP Authentication for details.823cd7d5:15451a5bc85:79:0---------------------------------------------------------8 User-Agent: curl/7.29.0 Host: s3.amazonaws.com Accept: */* Proxy-Connection: Keep-Alive Date: Tue, 26 Apr 2016 14:37:15 +0000 Authorization: AWS dajoha:yvcCJgXcM5i9vBkI9a/R1bFc9i4=  HTTP/1.1 200 OK Date: Tue, 26 Apr 2016 14:37:15 GMT Server: ViPR/1.0 x-amz-request-id: 823cd7d5:15451a5bc85:7c:1 x-amz-id-2:  Content-Type: application/xml Content-Length: 582 * Connection #0 to host localhost left intactdajohadajohaDJO_12016-04-19T16:15:19.462+02:00falseemctest2016-04-26T15:07:05.544+02:00falsefalse---------------------------------------------------------8

benschumacher · Answer

Have you tried running your first example using 127.0.0.1:9020 instead of localhost:9020? -Ben

JasonCwik · Answer

The issue here is that s3curl has a list of valid "endpoints" it uses to help it compute the canonicalized path. You can see at the end of the StringToSign there's "/localhost/". This is incorrect.

The fix is to configure s3curl to include your endpoint (e.g. localhost). The instructions are in the ECS documentation (see step 4 under this topic):

http://www.emc.com/techpubs/ecs/ecs_create_bucket-2.htm?_ga=1.42639269.1631791353.1456427359#GUID-2E37CDB4-12FB-4BA7-937…

This issue is specific to how s3curl works and is not a general ECS issue.

DMJO · Answer

This results in the same issue as with localhost. --D/\N

DMJO · Answer

OK, adding @endpoints to .s3curl fixes the issue when running s3curl on the local machine - which is really not useful for something else than testing.

We still have an issue with "external" Hosts trying to access ECS using the "S3-protokoll" like S3-Browser and EMC CloudArray.

D/\N

DMJO · Answer

So, I've solved the issue with the S*-Browser as well - I have to use the SSL-port (9021) instead of 9020.

Now I have run into another problem...

In the S3-Browser I can upload a file to a Bucket (and I can see on the Dashboard that the file is uploaded as "Used Data" increases with exactly the filesize) but when the S3-Browser tries to list the content of the Bucket I get an error "Internal error".

Trying s3curl I see the following:

1) Listing the Buckets works fine

# s3curl.pl --id=dajoha -- --insecure https://iddjo02.uzh.ch:9021

http://s3.amazonaws.com/doc/2006-03-01/">dajohadajohaDJO22016-04-27T09:08:10.214+02:00falseDJO_12016-04-19T16:15:19.462+02:00falseblabla2016-04-27T10:58:51.728+02:00falseemctest2016-04-26T15:07:05.544+02:00falsefalse

2) Listing an empty Bucket also works fine

# s3curl.pl --id=dajoha -- --insecure https://iddjo02.uzh.ch:9021/emctest

http://s3.amazonaws.com/doc/2006-03-01/">emctest1000falsefalse

3) Listing a Bucket with object in it fails

# s3curl.pl --id=dajoha -- --insecure https://iddjo02.uzh.ch:9021/blabla

InternalErrorWe encountered an internal error. Please try again.

Any suggestions?

D/\N

ECS

Was this post helpful?