Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
This project is now read‑only. Starting Monday, February 2, please use https://ibm-ceph.atlassian.net/ for all bug tracking management.

Bug 1500168

Summary: [ rgw ]: S3 object encryption in Ubuntu multisite setup is not working.
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Persona non grata <nobody+410372>
Component: RGWAssignee: Casey Bodley <cbodley>
Status: CLOSED ERRATA QA Contact: Persona non grata <nobody+410372>
Severity: medium Docs Contact:
Priority: high    
Version: 3.0CC: anharris, bancinco, cbodley, ceph-eng-bugs, flucifre, hnallurv, kbader, kdreyer, mbenjamin, nobody+410372, owasserm, sweil, vakulkar
Target Milestone: rc   
Target Release: 3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-12.2.1-28.el7cp Ubuntu: ceph_12.2.1-31redhat1xenial Doc Type: No Doc Update
Doc Text:
undefined
 Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-05 23:47:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Script which creates bucket, adds object with SSE-KMS and SSE-C modes
none
Shell script which uploads object with SSE-C mode none

Description Persona non grata 2017-10-10 06:12:21 UTC 
Created attachment 1336619 [details]
Script which creates bucket, adds object with SSE-KMS and SSE-C modes

Description of problem:
While testing S3 object encryption in Ubuntu multisite setup by using boto3, got error like :

botocore.exceptions.ClientError: An error occurred (SignatureDoesNotMatch) when calling the PutObject operation: Unknown.

But, with RestAPI's, I was able to upload object with both SSE_KMS and SSE-C modes, also with no encryption specified, I was able to upload using  boto3 .

Version-Release number of selected component (if applicable):
Ceph 3.0

How reproducible:
Always

Steps to Reproduce:
1.Set up multisite cluster for Ubuntu.
2.Using boto3, try to upload objects with SSE-KMS and SSE-C mode separately.


Actual results:

botocore.exceptions.ClientError: An error occurred (SignatureDoesNotMatch) when calling the PutObject operation: Unknown.

Expected results:
Object should get uploaded successfully.

Additional info:
Scripts used for uploading objects by boto3 and curl are attached.
Comment 2 Persona non grata 2017-10-10 06:14:42 UTC 
Created attachment 1336630 [details]
Shell script which uploads object with SSE-C mode
Comment 12 Federico Lucifredi 2017-10-25 11:34:33 UTC 
Not a blocker, but release notes definitely.
Comment 14 Persona non grata 2017-10-25 14:08:55 UTC 
Hi Casey,
With this
config=botocore.client.Config(signature_version='s3'),
It's working for me without any signature issue.
Comment 23 Persona non grata 2017-10-27 17:01:37 UTC 
I tested,it's working .Moving to verified state.
Comment 26 errata-xmlrpc 2017-12-05 23:47:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:3387