You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2020/12/23 22:44:36 UTC
[GitHub] [pulsar] joncashe opened a new issue #9044: k8s offload access denied
joncashe opened a new issue #9044:
URL: https://github.com/apache/pulsar/issues/9044
hello
I have a issue with the offload two exact configurations, using different buckets, one works and the other one doesn't i got this when i try to check the offload status after trying to trigger it manually with topics [offload ](https://pulsar.apache.org/docs/en/pulsar-admin/#offload)
`Reason: Error offloading: org.apache.bookkeeper.mledger.ManagedLedgerException: java.util.concurrent.CompletionException: org.jclouds.rest.AuthorizationException: Access Denied`
I am using pulsar 2.6.1 i have set the following configuration
managedLedgerOffloadDriver: "aws-s3"
s3ManagedLedgerOffloadRegion: "us-east-1"
s3ManagedLedgerOffloadBucket: bucketname
s3ManagedLedgerOffloadRole: rolename
s3ManagedLedgerOffloadRoleSessionName: sessioname
the role name has the following perms
{
"Statement": [
{
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::bucketname",
"arn:aws:s3:::bucktname/*"
],
"Effect": "Allow"
}
]
}
is there something else i can check?
appreciate any feedback
thanks
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] sijie closed issue #9044: k8s offload access denied
Posted by GitBox <gi...@apache.org>.
sijie closed issue #9044:
URL: https://github.com/apache/pulsar/issues/9044
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] sijie commented on issue #9044: k8s offload access denied
Posted by GitBox <gi...@apache.org>.
sijie commented on issue #9044:
URL: https://github.com/apache/pulsar/issues/9044#issuecomment-756294012
@joncashe - Did you set the offload policies in the namespace policy? One of the possibilities is that you set the namespace policy. Otherwise, I don't expect the bucket is persisted somewhere else.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] sijie commented on issue #9044: k8s offload access denied
Posted by GitBox <gi...@apache.org>.
sijie commented on issue #9044:
URL: https://github.com/apache/pulsar/issues/9044#issuecomment-756291560
From @joncashe :
so after testing a little bit more im not sure why its happening but it seems i was using in my first config a s3 bucket and then i changed to a new one replacing the value in the s3ManagedLedgerOffloadBucket, but it seems the ledger its still trying to offload to the previous bucket the way i found this was when i give it full access to the s3 so this time i didnt get the access denied error and the offload was done to the first bucket i set
im trying to look which places are still pointing to the old s3 bucket because the broker.conf its using the new one i set in the s3ManagedLedgerOffloadBucket
any ideas?
thanks
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] sijie commented on issue #9044: k8s offload access denied
Posted by GitBox <gi...@apache.org>.
sijie commented on issue #9044:
URL: https://github.com/apache/pulsar/issues/9044#issuecomment-756347883
The namespace policy is stored in zookeeper.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] joncashe commented on issue #9044: k8s offload access denied
Posted by GitBox <gi...@apache.org>.
joncashe commented on issue #9044:
URL: https://github.com/apache/pulsar/issues/9044#issuecomment-756343444
@sijie thanks you were right although i replace the parameter it was still using the old bucket in the offload namespace policy
i was able to replace it through the pulsar-admin cli tool
do you know exactly in which file this change its applied?
i guess we can say its solved
thanks
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] sijie commented on issue #9044: k8s offload access denied
Posted by GitBox <gi...@apache.org>.
sijie commented on issue #9044:
URL: https://github.com/apache/pulsar/issues/9044#issuecomment-756370201
@joncashe I am closing this issue for now. If you have any other questions, feel free to reopen it or create a new one.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org