Tuesday, 2020-02-04

« Monday, 2020-02-03 Index Wednesday, 2020-02-05 »
seongsoochoAfter upgrade from ocata to train, there are some trouble with object-replicator.  The sync method failed when the suffixes variable set to empty. https://github.com/openstack/swift/blob/stable/train/swift/obj/replicator.py#L685 . I'm not sure why this happens. Have you ever had a similar experience?01:11
*** gyee has quit IRC02:10
openstackgerritTim Burke proposed openstack/swift master: py3: Fix up probe tests  https://review.opendev.org/70557803:26
openstackgerritTim Burke proposed openstack/swift master: probe tests: Work when fronted by a TLS terminator  https://review.opendev.org/70557903:26
openstackgerritTim Burke proposed openstack/swift master: WIP: run probe tests on CentOS 8  https://review.opendev.org/69071705:29
*** evrardjp has quit IRC05:33
*** evrardjp has joined #openstack-swift05:34
openstackgerritTim Burke proposed openstack/swift master: WIP: run probe tests on CentOS 8  https://review.opendev.org/69071705:50
manuvakeryclayg: seongsoocho  i renamed the .lock dir to .lock_tmp and the replicator took care of the rest. Thanks for the help05:58
timburkemanuvakery, did you spot-check some of the .data files in the moved directory to see that they were really present in the other locations?06:04
manuvakerytimburke: no didn't spot check it.  just verified the partition has filled with some data after the next  replication pass06:18
manuvakerytimburke: /srv/node/disk5/objects/210847/.lock_tmp/3ff/a35ecc1c99345924233861cf1b1533ff/1575652643.51670.data this is one of the data file present in the  .lock directory .. How can i check if  the same data present in another location using any swift tools?06:47
*** mugsie has quit IRC07:37
manuvakerytimburke: yes i verified that the same data is available in another locations, all 3 copies are present under partition  16729107:38
*** mugsie has joined #openstack-swift07:41
*** evrardjp has quit IRC07:46
*** evrardjp has joined #openstack-swift07:50
*** rdejoux has joined #openstack-swift08:11
*** tkajinam has quit IRC08:17
*** tesseract has joined #openstack-swift08:27
*** rpittau|afk is now known as rpittau08:33
*** mikecmpbll has joined #openstack-swift09:03
*** hoonetorg has quit IRC09:06
*** hoonetorg has joined #openstack-swift09:18
openstackgerritMerged openstack/swift master: added value and notes to a sample config file for s3token  https://review.opendev.org/62508210:18
*** odyssey4me has joined #openstack-swift11:10
odyssey4mehey folks, I need some help understanding how to use swift container ACLs properly - I tried applying https://docs.openstack.org/swift/latest/overview_acl.html#example-public-container to a container, but when trying to list containers using alternative credentials I get an auth failure11:11
odyssey4meapologies - not an auth failure, a 403 forbidden failure11:11
* odyssey4me waves at mattoliverau :)11:13
*** hoonetorg has quit IRC11:14
*** rdejoux has quit IRC11:14
*** mugsie has quit IRC11:14
*** irclogbot_3 has quit IRC11:14
*** zaitcev has quit IRC11:14
*** abelur has quit IRC11:14
*** aluria has quit IRC11:14
*** godog has quit IRC11:14
*** Anticimex has quit IRC11:14
*** viks___ has quit IRC11:14
*** Jeffrey4l has quit IRC11:14
*** StevenK has quit IRC11:14
*** mvkr has quit IRC11:14
*** cjloader has quit IRC11:14
*** pawan-gupta has quit IRC11:14
*** cwright has quit IRC11:14
*** szaher has quit IRC11:14
*** ab-a has quit IRC11:14
*** donnyd has quit IRC11:14
*** fyx has quit IRC11:14
*** sorrison has quit IRC11:14
*** openstackstatus has quit IRC11:16
*** mikecmpbll has quit IRC11:17
*** irclogbot_2 has joined #openstack-swift11:17
*** godog has joined #openstack-swift11:17
*** Anticimex has joined #openstack-swift11:17
*** mahatic has quit IRC11:18
*** kota_ has quit IRC11:18
*** rickflare has quit IRC11:18
*** dcourtoi has quit IRC11:18
*** timburke has quit IRC11:18
*** tristanC has quit IRC11:18
*** mathiasb has quit IRC11:18
*** hoonetorg has joined #openstack-swift11:18
*** rdejoux has joined #openstack-swift11:18
*** mugsie has joined #openstack-swift11:18
*** zaitcev has joined #openstack-swift11:18
*** abelur has joined #openstack-swift11:18
*** orwell.freenode.net sets mode: +v zaitcev11:18
*** aluria has joined #openstack-swift11:18
*** viks___ has joined #openstack-swift11:19
*** Jeffrey4l has joined #openstack-swift11:19
*** StevenK has joined #openstack-swift11:19
*** mvkr has joined #openstack-swift11:19
*** cjloader has joined #openstack-swift11:19
*** pawan-gupta has joined #openstack-swift11:19
*** cwright has joined #openstack-swift11:19
*** szaher has joined #openstack-swift11:19
*** fyx has joined #openstack-swift11:19
*** ab-a has joined #openstack-swift11:19
*** donnyd has joined #openstack-swift11:19
*** sorrison has joined #openstack-swift11:19
*** timburke has joined #openstack-swift11:20
*** ChanServ sets mode: +v timburke11:21
*** kota_ has joined #openstack-swift11:21
*** ChanServ sets mode: +v kota_11:21
*** donnyd has quit IRC11:21
*** tesseract has quit IRC11:22
*** abelur has quit IRC11:23
*** tristanC has joined #openstack-swift11:23
*** donnyd has joined #openstack-swift11:23
*** mikecmpbll has joined #openstack-swift11:24
*** abelur has joined #openstack-swift11:24
*** tesseract has joined #openstack-swift11:24
*** tesseract has quit IRC11:56
*** jvisser has quit IRC12:07
*** tesseract has joined #openstack-swift12:26
*** tesseract has quit IRC12:29
*** tesseract has joined #openstack-swift12:31
*** tesseract has quit IRC12:37
*** tesseract has joined #openstack-swift12:38
*** tesseract has quit IRC12:40
*** tesseract has joined #openstack-swift12:40
claygodyssey4me: what tools are you using to set and check acls?12:45
claygCan you try with python-swift client CLI to verify and we’ll debit from there?12:46
claygErr... Debug12:46
odyssey4meclayg: I just managed to get it all worked out. The issue I had was that I wasn't providing the storage url from the sharing user. Now that's correct, it's working as expected.12:50
*** tesseract has quit IRC12:50
manuvakeryclayg: i am trying to play with s3API acls. I have tried to set the  bucket acl to public-read with the command "aws s3api put-bucket-acl --bucket manu-test-acls-2 --acl public-read "12:51
manuvakerywhen i try to get the bucket-acl  i can see the proper grants12:52
manuvakeryhttps://www.irccloud.com/pastebin/2NKp7yY2/12:52
manuvakerynow how can i access an object in the bucket via s3 API without the ec2  creds . as far as i know s3api derive the account name from the ec2 creds .. little confused here 🙄12:54
*** odyssey4me has left #openstack-swift12:58
*** tesseract has joined #openstack-swift13:03
claygYup, public bucket in s3api is a bit difficult. Kota or timburke might have some ideas.13:03
*** tesseract has quit IRC13:07
*** tesseract has joined #openstack-swift13:15
*** jvisser has joined #openstack-swift13:26
*** tkajinam has joined #openstack-swift13:34
*** pcaruana has quit IRC13:43
*** tkajinam has quit IRC14:32
*** pcaruana has joined #openstack-swift14:56
*** mpasserini has joined #openstack-swift15:29
*** mpasserini has left #openstack-swift15:30
*** gyee has joined #openstack-swift16:17
*** mikecmpbll has quit IRC16:26
*** mikecmpbll has joined #openstack-swift16:31
timburkegood morning16:39
manuvakery@timburke: any ideas on public bucket in s3api17:03
*** rdejoux has quit IRC17:03
*** tesseract has quit IRC17:04
*** rpittau is now known as rpittau|afk17:27
*** evrardjp has quit IRC17:33
*** evrardjp has joined #openstack-swift17:34
*** mikecmpbll has quit IRC17:38
*** gyee has quit IRC19:00
*** godog has quit IRC19:00
*** Anticimex has quit IRC19:00
*** gyee has joined #openstack-swift19:02
*** godog has joined #openstack-swift19:02
*** Anticimex has joined #openstack-swift19:02
*** mcape has joined #openstack-swift20:22
mcapeHello, do you think I can downgrade account/container servers without risk of losing data? Want to go from Train to Rocky, hit strange problems with s3 signatures20:23
mcapeI've set location = US as advised in Release doc, and some clients are OK with it, but some clients are not. I'm seeing a lot of unsuccessful requests to http://controller:35357/v3/s3tokens when my upgraded proxy is up along with old Rocky proxies20:25
mcapeI have sharding enabled.20:25
claygyikes, that a big jump backwards - *I* wouldn't want to downgrade if I could avoid it, we make hardly any effort to test downgrades even from N to N-120:38
claygmaybe you could downgrade a small set of proxies that are only exposed to the effected clients assuming that would be easier/quicker than diagnosing the actual problem20:40
claygmcape: what kind of "unsuccessful requests" are you seeing20:41
mcapei start to see a lot of20:45
mcape2020-02-04 19:01:06.338 29458 INFO keystone.common.wsgi [req-bae4dcd1-8748-47f2-9173-1db0004ba436 - - - - -] POST http://172.30.3.202:35357/v3/s3tokens20:45
mcape2020-02-04 19:01:06.344 29458 WARNING keystone.common.wsgi [req-bae4dcd1-8748-47f2-9173-1db0004ba436 - - - - -] Authorization failed. The request you have made requires authentication. from 172.31.3.6: Unauthorized: The request you have made requires authentication.20:45
mcapewhat is strange, that it is Rocky proxies that start to produce a lot of such errors20:46
mcapein case of Train proxy present in load balancer20:46
mcapethe process behind is s3cmd clients trying to sync directories with Swift via s3api20:47
mcapeif I disable Train proxies, I still see auth errors, but they don't flood up Keystone20:49
mcapeso this request fails20:50
mcapeDEBUG: Sending request method_string='GET', uri=u'/logs-prod/?location',20:50
mcapebut that is probably relevant to functioning of s3cmd on client side20:52
mcapethe gist is in "normal mode" part of s3cmd requests are failing, but it manages to finish sync20:52
mcapebut with Train proxy, it does not20:53
mcapei have 4 proxies, two are upgraded, two are not20:53
mcapemaybe i can just add two new Rocky proxies (along with account/container servers), wait for replication, and then delete Rocky ones?20:54
mcapeHow s3 request is being processed? The request goes to proxy, which asks Keystone, which replies with ACK/DENY? Or there are more checks?21:02
*** mcape has quit IRC21:41
*** mcape has joined #openstack-swift21:42
*** rdejoux has joined #openstack-swift21:50
*** jvisser has quit IRC21:52
*** rdejoux has quit IRC21:54
*** rdejoux has joined #openstack-swift21:55
mattoliveraumorning21:56
mattoliverauodyssey4me: o/ sorry I missed ya, but glad you worked it out21:57
*** rdejoux has quit IRC22:00
*** jvisser has joined #openstack-swift22:05
*** UnfairFunction has joined #openstack-swift23:03
*** jvisser has quit IRC23:08
*** tkajinam has joined #openstack-swift23:09
*** UnfairFunction has quit IRC23:24
« Monday, 2020-02-03 Index Wednesday, 2020-02-05 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!