signature=aec83de5fc6800b6390fd8353066ff7a,s3cmd 连接rgw的signature版本问题-优快云博客

本文探讨了在使用s3cmd1.6.1与Ceph RGW 0.94.5版本连接时，遇到的Signature V4回退至V2的问题。作者详细记录了问题排查过程，发现10.2.0以上版本才支持V4，解决方法是关闭Signature V4并设置signature_v2为True。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

####signature v4回退至v2 使用s3cmd 1.6.1版本连接rgw(ceph 0.94.5)发现如下问题

DEBUG: CreateRequest: resource[uri]=/

DEBUG: Using signature v4

DEBUG: get_hostname(s3soft): s3soft.s3.xxx.com

DEBUG: canonical_headers = host:s3soft.s3.xxx.com

x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

x-amz-date:20160429T123546Z

DEBUG: Canonical Request:

GET

delimiter=%2F

host:s3soft.s3.xxx.com

x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

x-amz-date:20160429T123546Z

host;x-amz-content-sha256;x-amz-date

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

DEBUG: signature-v4 headers: {'x-amz-content-sha256': 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': 'AWS4-HMAC-SHA256 Credential=KFIH2I8PDAU38KABCDEFG/20160429/US/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=e94cbf3893183ccf53b6f4b38a2136252c83c6fd022f9cab1f4ccbc29f78cd30', 'x-amz-date': '20160429T123546Z'}

DEBUG: Processing request, please wait...

DEBUG: get_hostname(s3soft): s3soft.s3.xxx.com

DEBUG: ConnMan.get(): creating new connection: http://s3soft.s3.xxx.com

DEBUG: non-proxied HTTPConnection(s3soft.s3.xxx.com)

DEBUG: format_uri(): /?delimiter=/

DEBUG: Sending request method_string='GET', uri='/?delimiter=/', headers={'x-amz-content-sha256': 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': 'AWS4-HMAC-SHA256 Credential=KFIH2I8PDAU38KABCDEFG/20160429/US/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=e94cbf3893183ccf53b6f4b38a2136252c83c6fd022f9cab1f4ccbc29f78cd30', 'x-amz-date': '20160429T123546Z'}, body=(0 bytes)

DEBUG: Response: {'status': 400, 'headers': {'content-length': '81', 'accept-ranges': 'bytes', 'server': 'openresty', 'connection': 'keep-alive', 'x-amz-request-id': 'tx00000000000000017a1e9-0057235523-d753-hxs1', 'date': 'Fri, 29 Apr 2016 12:35:47 GMT', 'content-type': 'application/xml'}, 'reason': 'Bad Request', 'data': '<?xml version="1.0" encoding="UTF-8"?>InvalidArgument'}

DEBUG: ConnMan.put(): connection put back to pool (http://s3soft.s3.xxx.com#1)

DEBUG: Falling back to signature v2

DEBUG: Using signature v2

DEBUG: SignHeaders: 'GET\n\n\n\nx-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\nx-amz-date:Fri, 29 Apr 2016 12:35:47 +0000\n/s3soft/'

DEBUG: Processing request, please wait...

DEBUG: get_hostname(s3soft): s3soft.s3.xxx.com

DEBUG: ConnMan.get(): re-using connection: http://s3soft.s3.xxx.com#1

DEBUG: format_uri(): /?delimiter=/

DEBUG: Sending request method_string='GET', uri='/?delimiter=/', headers={'x-amz-content-sha256': 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': 'AWS KFIH2I8PDAU38KABCDEFG:jhRC5YXvJL5suBcVb4dE2rsGDfg=', 'x-amz-date': 'Fri, 29 Apr 2016 12:35:47 +0000'}, body=(0 bytes)

DEBUG: Response: {'status': 200, 'headers': {'transfer-encoding': 'chunked', 'server': 'openresty', 'connection': 'keep-alive', 'x-amz-request-id': 'tx00000000000000017a858-0057235523-d750-hxs1', 'date': 'Fri, 29 Apr 2016 12:35:47 GMT', 'content-type': 'application/xml'}, 'reason': 'OK', 'data':

###原因分析目前只有10.2.0版本才支持v4版本的signature，因此需要关闭signature v4的认证，默认使用signature v2。减少客户端非法请求次数，也是优化手段之一。

###解决方法 vi ~/.s3cfg 设置如下即可

signature_v2 = True