[ceph-users] How to use STS Lite correctly?

myxingkong admin at xingkong.io
Mon Mar 4 03:18:12 PST 2019

I want to use the STS service to generate temporary credentials for use by third-party clients.

I configured STS lite based on the documentation.

This is my configuration file:

fsid = 42a7cae1-84d1-423e-93f4-04b0736c14aa
mon_initial_members = admin, node1, node2, node3
mon_host =,,,
auth_cluster_required = cephx
auth_service_required = cephx
auth_client_required = cephx

osd pool default size = 2

rgw sts key = "1234567890"
rgw s3 auth use sts = true

When I execute the getSessionToken method, return a 403 error:


    host = ''
    access_key = '2324YFZ7QDEOSRL18QHR'
    secret_key = 'rL9FabxCOw5LDbrHtmykiGSCjzpKLmEs9WPiNjVJ'

    client = boto3.client('sts',
                          aws_access_key_id = access_key,
                          aws_secret_access_key = secret_key,
                          endpoint_url = host)
    response = client.assume_role(
    print response
    print traceback.format_exc()

Who can tell me if my configuration or code is wrong?

My version of ceph is: ceph version 14.1.0 (adfd524c32325562f61c055a81dba4cb1b117e84) nautilus (dev)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ceph.com/pipermail/ceph-users-ceph.com/attachments/20190304/da345056/attachment.html>

More information about the ceph-users mailing list