Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-2536

Setting up ODF S3 for loki

XMLWordPrintable

    • False
    • None
    • False
    • NEW
    • VERIFIED
    • Before this update, <X problem> caused <Y situation> (OPTIONAL: under the following <Z conditions>). With this update, <fix> resolves the issue (OPTIONAL: and <agent> can <perform operation> successfully).
    • Logging (LogExp) - Sprint 219, Logging (LogExp) - Sprint 220, Log Storage - Sprint 221

      Configuring S3 storage for the loki stack on OpenShift with ODF installed. Trying to set up with RADOS Gateway (RGW):

       

      > s3cmd --configure --no-check-certificate
New settings:
  Access Key: KE1L5UM77NJUZXPH208M
  Secret Key: AFSqIcV3jPppiLvOV8ZiRPCFn5zpCDClvUTPedg7
  Default Region: eu-west-1
  S3 Endpoint: rook-ceph-rgw-ocs-storagecluster-cephobjectstore.openshift-storage.svc
  DNS-style bucket+hostname:port template for accessing a bucket: loki-datastore
  Encryption password: 
  Path to GPG program: /usr/bin/gpg
  Use HTTPS protocol: True
  HTTP Proxy server name: 
  HTTP Proxy server port: 0Test access with supplied credentials? [Y/n] 
Please wait, attempting to list all buckets...
Success. Your access key and secret key worked fine :-) 

> s3cmd ls s3://
2022-04-26 11:58  s3://loki-datastore

      Credentials are from a test cluster, there is no need to obfuscate, and I want to double check they are the same in the configuration:

       

      loki-s3 secret

       

      kind: Secret
apiVersion: v1
metadata:
  name: loki-s3
  namespace: openshift-logging
stringData:
  bucketnames: loki-datastore
  endpoint: rook-ceph-rgw-ocs-storagecluster-cephobjectstore.openshift-storage.svc
  region: "eu-west-1"
  access_key_id: KE1L5UM77NJUZXPH208M
  access_key_secret: AFSqIcV3jPppiLvOV8ZiRPCFn5zpCDClvUTPedg7

      lokistack:

       

      piVersion: loki.grafana.com/v1beta1
kind: LokiStack
metadata:
  name: loki
  namespace: openshift-logging
spec:
  size: 1x.extra-small
  storage:
    secret:
      name: loki-s3
      type: s3
  storageClassName: ocs-storagecluster-ceph-rbd
  tenants:
    mode: openshift-logging

       

       

      The storage part of the configmap:

       

      ...
common:
  storage:
    
    
    
    s3:
      s3: rook-ceph-rgw-ocs-storagecluster-cephobjectstore.openshift-storage.svc
      bucketnames: loki-datastore
      region: eu-west-1
      access_key_id: KE1L5UM77NJUZXPH208M
      secret_access_key: AFSqIcV3jPppiLvOV8ZiRPCFn5zpCDClvUTPedg7
      s3forcepathstyle: true
    
    
compactor:
...

       

       

      But all pods raise the following exception: 

       

      level=error ts=2022-04-26T16:26:24.16437656Z caller=reporter.go:202 msg="failed to delete corrupted cluster seed file, deleting it" err="InvalidAccessKeyId: The AWS Access Key Id you provided does not exist in our records.\n\tstatus code: 403, request id: ZSAAZJ9AYVGSY2Q9, host id: ZPA/4v9tuiazvVfsBgOhjkst/2QHcIq99lUl0sGwGLLKb7Ac5jAg1dgAfJCzCzTbSkQUiDAfSQo="28

      With different request id and host id. Any idea what is happening?

       

        1. noobaa-bucket-console.png
          171 kB
          Periklis Tsirakidis

              ptsiraki@redhat.com Periklis Tsirakidis
              rgordill1@redhat.com Ramon Gordillo Gutierrez
              Qiaoling Tang Qiaoling Tang
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: