On a fresh Centos server I've installed Riak CS 2.1.1 on top of Riak 2.1.3 with Stanchion 2.1.1 using official guide.
I was able to create new users when anonymous_user_creation is enabled in Riak CS conf file. But when I disable it and try to create new user via Riak Control (1.0.2) I get an 409 Conflict HTTP status code. Or when I try to list all users via s3curl (I've set up ~/.s3curl file with right credentials and used ./s3curl.pl --id=cdn -- -k https://s3.example.com:8081/riak-cs/users command to send request) I get an error:
<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><Resource>/riak-cs/users</Resource><RequestId></RequestId></Error>
I've set admin.key and admin.secret in both Riak CS and Stanchion configs to values that I got creating anonymous user. I tried to create another anonymous user and double checked that I'm taking right values for key and secret.
There is no trace of errors in Riak, Stanchion or Riak CS logs - except Riak CS access logs, but that doesn't tell much.
I have no idea what to do next. Any suggestions would be welcome.
Thanks to @Joe help, I was able to debug this issue at least for s3curl.
It turned out to be related to the fact that I've chosen "direct" configuration of Riak CS instead of "proxy". That means that I have given it its own hostname instead of "s3.amazonaws.com" (Riak CS is really trying to disguise as real S3 due to clients compatibility issues).
And while Riak CS used this string to calculate checksum (in erlang-y format):
s3curl, having encountered unknown hostname, used this one:
Which caused
Access Denied.Fix - add to
~/.s3curlstring like:Now I'll try to debug Riak CS Control.