OpenStack Object Storage (swift)

Can't get s3curl to work

Asked by Amar Kapadia on 2011-11-04

I installed the s3 API on my swift cluster.

I can successfully connect to it via Cyberduck and Python boto library. But not with s3curl. I can't figure out what I'm doing wrong. Help appreciated.

Error below:
====

akapadia@ubuntu:~/s3-curl$ ./s3curl.pl --id personal --head -- -k -v -s https://ec2-184-73-4-50.compute-1.amazonaws.com
* About to connect() to ec2-184-73-4-50.compute-1.amazonaws.com port 443 (#0)
* Trying 10.113.35.108... connected
* Connected to ec2-184-73-4-50.compute-1.amazonaws.com (10.113.35.108) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* subject: C=US; ST=CA; L=San Jose; O=OpenStack Consulting; OU=Swift; CN=ec2-184-73-4-50.compute-1.amazonaws.com; <email address hidden>
* start date: 2011-11-04 04:26:58 GMT
* expire date: 2011-12-04 04:26:58 GMT
* common name: ec2-184-73-4-50.compute-1.amazonaws.com (matched)
* issuer: C=US; ST=CA; L=San Jose; O=OpenStack Consulting; OU=Swift; CN=ec2-184-73-4-50.compute-1.amazonaws.com; <email address hidden>
* SSL certificate verify result: self signed certificate (18), continuing anyway.
> HEAD / HTTP/1.1
> User-Agent: curl/7.19.7 (i486-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15
> Host: ec2-184-73-4-50.compute-1.amazonaws.com
> Accept: */*
> Date: Fri, 04 Nov 2011 04:40:41 +0000
> Authorization: AWS test:tester:shoi7Ubs/hYe2VGucf5YesElDMI=
>
< HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
< Content-Type: text/xml; charset=UTF-8
Content-Type: text/xml; charset=UTF-8
< Content-Length: 142
Content-Length: 142
< Date: Fri, 04 Nov 2011 04:40:42 GMT
Date: Fri, 04 Nov 2011 04:40:42 GMT

<
* Connection #0 to host ec2-184-73-4-50.compute-1.amazonaws.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):

Question information

Language:: English Edit question

Status:: Solved

For:: OpenStack Object Storage (swift) Edit question

Assignee:: No assignee Edit question

Solved by:: FUJITA Tomonori

Solved:: 2011-11-08

Last query:: 2011-11-08

Last reply:: 2011-11-08

Link existing bug

Revision history for this message

FUJITA Tomonori (fujita-tomonori-deactivatedaccount) said on 2011-11-08:

HEAD operation is not permitted on the service. It can be used on objects.

Try GET on the service instead:

./s3curl.pl --id personal --get -- -k -v -s https://ec2-184-73-4-50.compute-1.amazonaws.com

You should get a list of all buckets.

Revision history for this message

Amar Kapadia (akapadia-usa) said on 2011-11-08:

Still getting an error. Things work fine with python boto & cyberduck...

==================
akapadia@ubuntu:~/s3-curl$ ./s3curl.pl --id 'test:tester' --key 'testing' --get -- -k -v -s https://ec2-184-73-4-50.compute-1.amazonaws.com
Unknown option: get
WARNING: It isn't safe to put your AWS secret access key on the
command line! The recommended key management system is to store
your AWS secret access keys in a file owned by, and only readable
by you.

For example:

%awsSecretAccessKeys = (
    # personal account
    personal => {
        id => '1ME55KNV6SBTR7EXG0R2',
        key => 'zyMrlZUKeG9UcYpwzlPko/+Ciu0K2co0duRM3fhi',
    },

    # corporate account
    company => {
        id => '1ATXQ3HHA59CYF1CVS02',
        key => 'WQY4SrSS95pJUT95V6zWea01gBKBCL6PI0cdxeH8',
    },
);

$ chmod 600 /home/akapadia/.s3curl

Will sleep and continue despite this problem.
Please set up /home/akapadia/.s3curl for future requests.
* About to connect() to ec2-184-73-4-50.compute-1.amazonaws.com port 443 (#0)
* Trying 10.113.35.108... connected
* Connected toec2-184-73-4-50.compute-1.amazonaws.com (10.113.35.108) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* subject: C=US; ST=CA; L=San Jose; O=OpenStack Consulting; OU=Swift; CN=ec2-184-73-4-50.compute-1.amazonaws.com; <email address hidden>
* start date: 2011-11-04 04:26:58 GMT
* expire date: 2011-12-04 04:26:58 GMT
* common name: ec2-184-73-4-50.compute-1.amazonaws.com (matched)
* issuer: C=US; ST=CA; L=San Jose; O=OpenStack Consulting; OU=Swift; CN=ec2-184-73-4-50.compute-1.amazonaws.com; <email address hidden>
* SSL certificate verify result: self signed certificate (18), continuing anyway.
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (i486-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15
> Host: ec2-184-73-4-50.compute-1.amazonaws.com
> Accept: */*
> Date: Tue, 08 Nov 2011 05:35:53 +0000
> Authorization: AWS test:tester:C70BTwoJg0MnuqUo8nWYCpIoJ80=
>
< HTTP/1.1 403 Forbidden
< Content-Type: text/xml; charset=UTF-8
< Content-Length: 124
< X-Trans-Id: txd1d929f8c60b4fd5bb8803de444ffb13
< Date: Tue, 08 Nov 2011 05:35:54 GMT
<
<?xml version="1.0" encoding="UTF-8"?>
<Error>
  <Code>AccessDenied</Code>
  <Message>Access denied</Message>
</Error>
* Connection #0 to host ec2-184-73-4-50.compute-1.amazonaws.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
==============
Proxy server logs show:
Nov 8 05:35:54 ip-10-245-82-78 proxy-server - - 08/Nov/2011/05/35/54 GET /v1/AUTH_.auth/test/tester HTTP/1.0 200 - Swauth - - - - - - 0.0052
Nov 8 05:35:54 ip-10-245-82-78 proxy-server - - 08/Nov/2011/05/35/54 HEAD /v1/AUTH_.auth/test HTTP/1.0 204 - Swauth - - - - - - 0.0045
===============

Still getting an error. Things work fine with python boto & cyberduck...

==================
akapadia@ubuntu:~/s3-curl$ ./s3curl.pl --id 'test:tester' --key 'testing' --get -- -k -v -s https://ec2-184-73-4-50.compute-1.amazonaws.com
Unknown option: get
WARNING: It isn't safe to put your AWS secret access key on the
command line!  The recommended key management system is to store
your AWS secret access keys in a file owned by, and only readable
by you.

For example:

%awsSecretAccessKeys = (
    # personal account
    personal => {
        id => '1ME55KNV6SBTR7EXG0R2',
        key => 'zyMrlZUKeG9UcYpwzlPko/+Ciu0K2co0duRM3fhi',
    },

# corporate account
    company => {
        id => '1ATXQ3HHA59CYF1CVS02',
        key => 'WQY4SrSS95pJUT95V6zWea01gBKBCL6PI0cdxeH8',
    },
);

$ chmod 600 /home/akapadia/.s3curl

Will sleep and continue despite this problem.
Please set up /home/akapadia/.s3curl for future requests.
* About to connect() to ec2-184-73-4-50.compute-1.amazonaws.com port 443 (#0)
*   Trying 10.113.35.108... connected
* Connected toec2-184-73-4-50.compute-1.amazonaws.com (10.113.35.108) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* 	 subject: C=US; ST=CA; L=San Jose; O=OpenStack Consulting; OU=Swift; CN=ec2-184-73-4-50.compute-1.amazonaws.com; emailAddress=bitnami@ec2-184-73-4-50.compute-1.amazonaws.com
* 	 start date: 2011-11-04 04:26:58 GMT
* 	 expire date: 2011-12-04 04:26:58 GMT
* 	 common name: ec2-184-73-4-50.compute-1.amazonaws.com (matched)
* 	 issuer: C=US; ST=CA; L=San Jose; O=OpenStack Consulting; OU=Swift; CN=ec2-184-73-4-50.compute-1.amazonaws.com; emailAddress=bitnami@ec2-184-73-4-50.compute-1.amazonaws.com
* 	 SSL certificate verify result: self signed certificate (18), continuing anyway.
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (i486-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15
> Host: ec2-184-73-4-50.compute-1.amazonaws.com
> Accept: */*
> Date: Tue, 08 Nov 2011 05:35:53 +0000
> Authorization: AWS test:tester:C70BTwoJg0MnuqUo8nWYCpIoJ80=
> 
< HTTP/1.1 403 Forbidden
< Content-Type: text/xml; charset=UTF-8
< Content-Length: 124
< X-Trans-Id: txd1d929f8c60b4fd5bb8803de444ffb13
< Date: Tue, 08 Nov 2011 05:35:54 GMT
< 
<?xml version="1.0" encoding="UTF-8"?>
<Error>
  <Code>AccessDenied</Code>
  <Message>Access denied</Message>
</Error>
* Connection #0 to host ec2-184-73-4-50.compute-1.amazonaws.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
==============
Proxy server logs show:
Nov  8 05:35:54 ip-10-245-82-78 proxy-server - - 08/Nov/2011/05/35/54 GET /v1/AUTH_.auth/test/tester HTTP/1.0 200 - Swauth - - - - - - 0.0052
Nov  8 05:35:54 ip-10-245-82-78 proxy-server - - 08/Nov/2011/05/35/54 HEAD /v1/AUTH_.auth/test HTTP/1.0 204 - Swauth - - - - - - 0.0045
===============

Revision history for this message

Amar Kapadia (akapadia-usa) said on 2011-11-08:

The problem is solved. Please ignore the previous comment. I had put in the IP address in "my @endpoints = ..." of s3curl.pl. I replaced it with the hostname and the problem is solved. Thank you so much for helping!!

Revision history for this message

Amar Kapadia (akapadia-usa) said on 2011-11-08:

Thanks FUJITA Tomonori, that solved my question.

To post a message you must log in.

Ask a question

Edit question

OpenStack Object Storage (swift)

Can't get s3curl to work

Question information

Related bugs

Related FAQ:

Subscribers