Ceph - Rados Object Gateway refuses upload when Content-Type missing from POST policy
Environment
- Red Hat Ceph Storage 2.x (Jewel)
- Ubuntu 16.04
Issue
- Content-Type is missing from the policy part of the S3 upload, then
radosgwrefuses the upload with a 403 error, "Policy missing condition: Content-Type". The same upload to AWS S3 is successful, despite the Content-Type not being present in the uploaded policy.
Resolution
- This issue is resolved by an upgrade to Red Hat Ceph Storage 2.5 (10.2.10-17.el7cp) or above.
Root Cause
- For more information please check upstream tracker #20201.
Diagnostic Steps
- Placing
radosgwin debug log level 20 and re-running the upload will produce the following in theradosgwlog:
2017-05-31 16:03:20.526814 7f289affd700 1 env var missing in policy: Content-Type
2017-05-31 16:03:20.526815 7f289affd700 1 missing policy condition
2017-05-31 16:03:20.526816 7f289affd700 0 policy check failed
2017-05-31 16:03:20.526825 7f289affd700 2 req 2:0.012858:s3:POST /:post_obj:completing
2017-05-31 16:03:20.526849 7f289affd700 15 Read RGWCORSConfiguration<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><CORSRule><AllowedMethod>PUT</AllowedMethod><AllowedMethod>DELETE</AllowedMethod><AllowedMethod>POST</AllowedMethod><AllowedOrigin>*</AllowedOrigin><AllowedHeader>*</AllowedHeader><MaxAgeSeconds>3000</MaxAgeSeconds><ExposeHeader>ETag</ExposeHeader></CORSRule></CORSConfiguration>
2017-05-31 16:03:20.526862 7f289affd700 10 Method POST is supported
2017-05-31 16:03:20.526914 7f289affd700 2 req 2:0.012947:s3:POST /:post_obj:op status=0
2017-05-31 16:03:20.526920 7f289affd700 2 req 2:0.012953:s3:POST /:post_obj:http status=403
2017-05-31 16:03:20.526940 7f289affd700 1 ====== req done req=0x7f289aff77e0 op status=0 http_status=403 ======
2017-05-31 16:03:20.526950 7f289affd700 20 process_request() returned -13
2017-05-31 16:03:20.526973 7f289affd700 1 civetweb: 0x7f2a20003160: 172.20.20.20 - - [31/May/2017:16:03:20 +0100] "POST / HTTP/1.1" 403 0 http://172.20.30.30:5000/ Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments