Uploaded image for project: 'OpenShift API for Data Protection'
  1. OpenShift API for Data Protection
  2. OADP-4995

velero-legacy-aws: SignatureDoesNotMatch errors found after OADP upgrade

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Blocker Blocker
    • OADP 1.4.2
    • None
    • velero-aws
    • 3
    • False
    • Hide

      None

      Show
      None
    • False
    • oadp-operator-bundle-container-1.4.2-9
    • ToDo
    • 0
    • 0.000
    • Very Likely
    • 0
    • None
    • Unset
    • Unknown
    • None

      These errors are seen in the velero pod logs after customer has upgraded their OADP operator from 1.3 to 1.4,

      message: 'BackupStorageLocation "together-forever-1" is unavailable: rpc error: code = Unknown desc = operation error S3: ListObjectsV2, https response error StatusCode: 403, RequestID: , HostID: , api error SignatureDoesNotMatch: Access denied.' phase: Unavailable

      We had them double check their secret since according to [1] it could be a conflict in their AWS secret access key and signing method. 

      Using the same set of keys, the error went away when they downgraded back to 1.3.

       

      [1]https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList

       

              sseago Scott Seago
              rhn-support-nestoros Nikkie Estorosos
              Amos Mastbaum Amos Mastbaum
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: