Support #58935
openRadosgw user and bucket not sync ( permission denied )
0%
Description
Hello, i have an issue about my multisite configuration.
pacific 16.2.9
My problem:
i have a permission denied on the the master zone when i use the command below.
$ radosgw-admin sync status
realm 8df19226-a200-48fa-bd43-1491d32c636c (myrealm)
zonegroup 29592d75-224d-49b6-bc36-2703efa4f67f (myzonegroup)
zone 6cce41f3-a54b-47c2-981f-3b56ca0a4489 (myzone)
metadata sync no sync (zone is master)
2023-03-07T22:31:16.466+0100 7f96a3e7a840 0 ERROR: failed to fetch datalog info
data sync source: f2b20676-2672-4a92-a7ee-f3eb2efb12c6 (mysecondaryzone)
failed to retrieve sync info: (13) Permission denied
because on secondary zone (read only) , i see a 403 error about the permission denied from
the master node
2023-03-07T00:00:53.309+0100 7f1ec8f21700 1 ====== starting new request req=0x7f1fd418c620 =====
2023-03-07T00:00:53.309+0100 7f1ec8f21700 1 req 2604939314198041770 0.000000000s
op->ERRORHANDLER: err_no=-2028 new_err_no=-2028
2023-03-07T00:00:53.309+0100 7f1ec8f21700 1 ====== req done req=0x7f1fd418c620 op status=0
http_status=403 latency=0.000000000s ======
2023-03-07T00:00:53.309+0100 7f1ec8f21700 1 beast: 0x7f1fd418c620: 10......... - -
[07/Mar/2023:00:00:53.309 +0100] "POST
/admin/realm/period?period=395f9f13-d941-4ccf-a0cf-6c5d6d6579c2&epoch=76&rgwx-zonegroup=29592d75-224d-49b6-bc36-2703efa4f67f
HTTP/1.1" 403 194 - - - latency=0.000000000s
2023-03-07T00:00:53.441+0100 7f1e7e68c700 1 ====== starting new request req=0x7f1fd4411620 =====
2023-03-07T00:00:53.441+0100 7f1e7e68c700 1 req 7374970752399537975 0.000000000s
op->ERRORHANDLER: err_no=-2028 new_err_no=-2028
2023-03-07T00:00:53.441+0100 7f1e7e68c700 1 ====== req done req=0x7f1fd4411620 op status=0
http_status=403 latency=0.000000000s ======
2023-03-07T00:00:53.441+0100 7f1e7e68c700 1 beast: 0x7f1fd4411620: 10......... - -
[07/Mar/2023:00:00:53.441 +0100] "POST
/admin/log?type=data¬ify&source-zone=6cce41f3-a54b-47c2-981f-3b56ca0a4489&rgwx-zonegroup=29592d75-224d-49b6-bc36-2703efa4f67f
HTTP/1.1" 403 194 - - - latency=0.000000000s
No issue when i use the command to check sync on secondary zone
I don't understand because on secondary zone, pull realm and period with a user with
flag system and admin works, the sync works for objects but not for users and buckets.
When i list user and bucket on secondary zone, there are nothing but i have my objects on
pool bucket.data !!
i think the 403 was due because my user with flag system doesn't exist on secondary
zone but i don't understand why user and bucket are not syncronized ??!!
Access key and secret key are set on master zone and secondary zone, endpoint also
I have an other cluster with a similary configuration and i don't have any issue
Can someone help me ?
Sorry for my english
Regards
Guillaume
Updated by hoan nv about 1 year ago
Guillaume Morin wrote:
up
Can you show master and secondary zone config ?
Updated by Guillaume Morin about 1 year ago
Hello hoan nv, please see below the configuration of zones.
i changed zone name and endpoint because it's confidential.
zone master
radosgw-admin zone get
{
"id": "6cce41f3-a54b-47c2-981f-3b56ca0a4489",
"name": "mymasterzone.s3",
"domain_root": "mymasterzone.s3.rgw.meta:root",
"control_pool": "mymasterzone.s3.rgw.control",
"gc_pool": "mymasterzone.s3.rgw.log:gc",
"lc_pool": "mymasterzone.s3.rgw.log:lc",
"log_pool": "mymasterzone.s3.rgw.log",
"intent_log_pool": "mymasterzone.s3.rgw.log:intent",
"usage_log_pool": "mymasterzone.s3.rgw.log:usage",
"roles_pool": "mymasterzone.s3.rgw.meta:roles",
"reshard_pool": "mymasterzone.s3.rgw.log:reshard",
"user_keys_pool": "mymasterzone.s3.rgw.meta:users.keys",
"user_email_pool": "mymasterzone.s3.rgw.meta:users.email",
"user_swift_pool": "mymasterzone.s3.rgw.meta:users.swift",
"user_uid_pool": "mymasterzone.s3.rgw.meta:users.uid",
"otp_pool": "mymasterzone.s3.rgw.otp",
"system_key": {
"access_key": ".....................",
"secret_key": "....................."
},
"placement_pools": [
{
"key": "default-placement",
"val": {
"index_pool": "mymasterzone.s3.rgw.buckets.index",
"storage_classes": {
"STANDARD": {
"data_pool": "mymasterzone.s3.rgw.buckets.data"
}
},
"data_extra_pool": "mymasterzone.s3.rgw.buckets.non-ec",
"index_type": 0
}
}
],
"realm_id": "8df19226-a200-48fa-bd43-1491d32c636c",
"notif_pool": "mymasterzone.s3.rgw.log:notif"
}
zone secondary
radosgw-admin zone get
{
"id": "f2b20676-2672-4a92-a7ee-f3eb2efb12c6",
"name": "mysecondaryzone",
"domain_root": "mysecondaryzone.rgw.meta:root",
"control_pool": "mysecondaryzone.rgw.control",
"gc_pool": "mysecondaryzone.rgw.log:gc",
"lc_pool": "mysecondaryzone.rgw.log:lc",
"log_pool": "mysecondaryzone.rgw.log",
"intent_log_pool": "mysecondaryzone.rgw.log:intent",
"usage_log_pool": "mysecondaryzone.rgw.log:usage",
"roles_pool": "mysecondaryzone.rgw.meta:roles",
"reshard_pool": "mysecondaryzone.rgw.log:reshard",
"user_keys_pool": "mysecondaryzone.rgw.meta:users.keys",
"user_email_pool": "mysecondaryzone.rgw.meta:users.email",
"user_swift_pool": "mysecondaryzone.rgw.meta:users.swift",
"user_uid_pool": "mysecondaryzone.rgw.meta:users.uid",
"otp_pool": "mysecondaryzone.rgw.otp",
"system_key": {
"access_key": ".................................",
"secret_key": "...................................."
},
"placement_pools": [
{
"key": "default-placement",
"val": {
"index_pool": "mysecondaryzone.rgw.buckets.index",
"storage_classes": {
"STANDARD": {
"data_pool": "mysecondaryzone.rgw.buckets.data"
}
},
"data_extra_pool": "mysecondaryzone.rgw.buckets.non-ec",
"index_type": 0
}
}
],
"realm_id": "8df19226-a200-48fa-bd43-1491d32c636c",
"notif_pool": "mysecondaryzone.rgw.log:notif"
}
zone group
radosgw-admin zonegroup get
{
"id": "29592d75-224d-49b6-bc36-2703efa4f67f",
"name": "masterzonegroup",
"api_name": "masterzonegroup",
"is_master": "true",
"endpoints": [
"https://masterendpoint:443"
],
"hostnames": [],
"hostnames_s3website": [],
"master_zone": "6cce41f3-a54b-47c2-981f-3b56ca0a4489",
"zones": [
{
"id": "6cce41f3-a54b-47c2-981f-3b56ca0a4489",
"name": "mymasterzone",
"endpoints": [
"https://masterendpoint:443"
],
"log_meta": "false",
"log_data": "true",
"bucket_index_max_shards": 11,
"read_only": "false",
"tier_type": "",
"sync_from_all": "true",
"sync_from": [],
"redirect_zone": ""
},
{
"id": "f2b20676-2672-4a92-a7ee-f3eb2efb12c6",
"name": "mysecondaryzone",
"endpoints": [
"https://secondaryendpoint:443"
],
"log_meta": "false",
"log_data": "true",
"bucket_index_max_shards": 11,
"read_only": "true",
"tier_type": "",
"sync_from_all": "true",
"sync_from": [],
"redirect_zone": ""
}
],
"placement_targets": [
{
"name": "default-placement",
"tags": [],
"storage_classes": [
"STANDARD"
]
}
],
"default_placement": "default-placement",
"realm_id": "8df19226-a200-48fa-bd43-1491d32c636c",
"sync_policy": {
"groups": []
}
}
Regards
Guillaume