Project

General

Profile

Actions
Copy link

Bug #22984

closed

RGWs crash when I try to set a policy

Added by David González Ruiz about 6 years ago. Updated almost 6 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
Adam Emerson
Category:
-
Target version:
v12.2.0
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
2 - major
Reviewed:
Affected Versions:
v12.2.2
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

I am trying to set a policy to a bucket in order to have users that can only read (for debugging purposes). I do it in the following way:

s3cmd --host=ceph-rgw setpolicy policy s3://bucket

The policy is:

{
    "Version": "2012-10-17",
    "Id": "01",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "d.ruiz" 
            },
            "Action": [
                "s3:GetObject",
                "s3:ListBucket" 
            ],
            "Resource": [
                "arn:aws:s3:::bucket/*",
            ]
        }
    ]
}

At the moment I run the setpolicy command, the gateway crashes and logs the following error:

2018-02-12 13:40:43.979192 I | rgw: radosgw: /usr/include/boost/optional/optional.hpp:878: boost::optional<T>::pointer_type boost::optional<T>::operator->() [with T = rgw::IAM::ARN; boost::optional<T>::pointer_type = rgw::IAM::ARN*]: Assertion `this->is_initialized()' failed.
failed to run rgw. failed to start rgw: Failed to complete rgw: signal: aborted (core dumped)

This makes the service unavailable for some seconds until the service is restarted. Can anybody provide insights on this? I am running:

ceph version af31b0aa0 (5af31b0aa028c6a69306c890f8d91fb9463a28f7) luminous (stable)

Thank you!

Actions
Copy link
 #1

Updated by David González Ruiz about 6 years ago

The way AWS identifier is specified does not seem to be the source of issues; switching to this notation does not work either:

            "Principal": {"AWS": ["arn:aws:iam::d.ruiz"]},

The uid does exist.

Actions
Copy link
 #2

Updated by David González Ruiz about 6 years ago

It seems that using the following user arn made the setpolicy operation work, but the policy is still not functional.

arn:aws:iam::${RGW DNS SETTING HERE}:user/d.ruiz
Actions
Copy link
 #3

Updated by Matt Benjamin about 6 years ago

  • Status changed from New to In Progress
  • Assignee set to Adam Emerson

@Adam DC949, could you have a look at this?

Matt

Actions
Copy link
 #4

Updated by Adam Emerson about 6 years ago

Could you try against master or upstream luminous? I believe this bug is fixed in both and simply hadn't percolated its way into the last stable luminous release yet.

(We have another luminous coming out soon so the fix should be in that.)

Actions
Copy link
 #5

Updated by Adam Emerson about 6 years ago

It shouldn't be an RGW DNS setting. The thing to put there should be the tenant name, or nothing if you're using the default tenant.

Actions
Copy link
 #6

Updated by Adam Emerson almost 6 years ago

  • Status changed from In Progress to Duplicate
Actions
Copy link

Also available in: Atom PDF