Project

General

Profile

Actions
Copy link

Support #58935

open

Radosgw user and bucket not sync ( permission denied )

Added by Guillaume Morin about 1 year ago. Updated about 1 year ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
% Done:

0%

Tags:
Reviewed:
Affected Versions:
Ceph - v16.2.9
Pull request ID:

Description

Hello, i have an issue about my multisite configuration.

pacific 16.2.9
My problem:
i have a permission denied on the the master zone when i use the command below.

$ radosgw-admin sync status

realm 8df19226-a200-48fa-bd43-1491d32c636c (myrealm)

zonegroup 29592d75-224d-49b6-bc36-2703efa4f67f (myzonegroup)

zone 6cce41f3-a54b-47c2-981f-3b56ca0a4489 (myzone)

metadata sync no sync (zone is master)

2023-03-07T22:31:16.466+0100 7f96a3e7a840 0 ERROR: failed to fetch datalog info

data sync source: f2b20676-2672-4a92-a7ee-f3eb2efb12c6 (mysecondaryzone)

failed to retrieve sync info: (13) Permission denied

because on secondary zone (read only) , i see a 403 error about the permission denied from
the master node

2023-03-07T00:00:53.309+0100 7f1ec8f21700 1 ====== starting new request req=0x7f1fd418c620 =====

2023-03-07T00:00:53.309+0100 7f1ec8f21700 1 req 2604939314198041770 0.000000000s
op->ERRORHANDLER: err_no=-2028 new_err_no=-2028

2023-03-07T00:00:53.309+0100 7f1ec8f21700 1 ====== req done req=0x7f1fd418c620 op status=0
http_status=403 latency=0.000000000s ======

2023-03-07T00:00:53.309+0100 7f1ec8f21700 1 beast: 0x7f1fd418c620: 10......... - -
[07/Mar/2023:00:00:53.309 +0100] "POST
/admin/realm/period?period=395f9f13-d941-4ccf-a0cf-6c5d6d6579c2&epoch=76&rgwx-zonegroup=29592d75-224d-49b6-bc36-2703efa4f67f
HTTP/1.1" 403 194 - - - latency=0.000000000s

2023-03-07T00:00:53.441+0100 7f1e7e68c700 1 ====== starting new request req=0x7f1fd4411620 =====

2023-03-07T00:00:53.441+0100 7f1e7e68c700 1 req 7374970752399537975 0.000000000s
op->ERRORHANDLER: err_no=-2028 new_err_no=-2028

2023-03-07T00:00:53.441+0100 7f1e7e68c700 1 ====== req done req=0x7f1fd4411620 op status=0
http_status=403 latency=0.000000000s ======

2023-03-07T00:00:53.441+0100 7f1e7e68c700 1 beast: 0x7f1fd4411620: 10......... - -
[07/Mar/2023:00:00:53.441 +0100] "POST
/admin/log?type=data&notify&source-zone=6cce41f3-a54b-47c2-981f-3b56ca0a4489&rgwx-zonegroup=29592d75-224d-49b6-bc36-2703efa4f67f
HTTP/1.1" 403 194 - - - latency=0.000000000s

No issue when i use the command to check sync on secondary zone

I don't understand because on secondary zone, pull realm and period with a user with
flag system and admin works, the sync works for objects but not for users and buckets.
When i list user and bucket on secondary zone, there are nothing but i have my objects on
pool bucket.data !!

i think the 403 was due because my user with flag system doesn't exist on secondary
zone but i don't understand why user and bucket are not syncronized ??!!

Access key and secret key are set on master zone and secondary zone, endpoint also
I have an other cluster with a similary configuration and i don't have any issue

Can someone help me ?
Sorry for my english
Regards
Guillaume

Actions
Copy link

Also available in: Atom PDF