<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <style type="text/css" style="display:none"></style> </head> <body dir="ltr" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;"> Turns out the issue was on my end. I had to add aws_default_acl: None to the pulp_settings section of the playbook. The public-read ACL was incompatible with the BlockPublicAccess settings that I had set on my S3 bucket. <div> <div id="Signature"> <div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0"> <font style=""><font><br> </font></font></div> <div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0"> <font style=""><font>I'm now encountering a different issue, but I'll start another thread for that one.</font></font></div> <div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0"> <font style=""><font><br> </font></font></div> <div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0"> <font style=""><font>Thanks for the pointers, they were very helpful!</font></font></div> <div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0"> <font style=""><font><br> </font></font></div> <div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0"> <font style=""><font>Joey Dumont</font></font> <div style=""><br> </div> <div style="">Technical Advisor, Knowledge, Information, and Technology Services</div> <div style="">National Research Council Canada / Governement of Canada</div> <div style=""><a tabindex="0" href="mailto:joey.dumont@nrc-cnrc.gc.ca" id="NoLP">joey.dumont@nrc-cnrc.gc.ca</a> / Tel: 613-990-8152 / Cell: 438-340-7436</div> <div style=""><br> </div> <div style="">Conseiller technique, Services du savoir, de l'information et de la technologie</div> <div style="">Conseil national de recherches Canada / Gouvernement du Canada</div> <div style=""><a tabindex="0" href="mailto:joey.dumont@nrc-cnrc.gc.ca" id="NoLP">joey.dumont@nrc-cnrc.gc.ca</a> / Tél.: 613-990-8152 / Tél. cell.: 438-340-7436</div> </div> </div> <div style="color:rgb(33,33,33)"> <hr tabindex="-1" style="display:inline-block; width:98%"> <div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> David Davis <daviddavis@redhat.com><br> <b>Sent:</b> 01 November 2019 15:51<br> <b>To:</b> Dumont, Joey<br> <b>Cc:</b> pulp-list@redhat.com<br> <b>Subject:</b> Re: [Pulp-list] Issues with using S3 storage when running pulp on Amazon EC2 (pulp3)</font> <div> </div> </div> <div> <div dir="ltr">Unfortunately I don't know of a good way to debug the problem other than to dig into the code. If you want to debug from the Pulp code, you could stick a debugger in the artifact saver stage: <div><br> </div> <div><a href="https://github.com/pulp/pulpcore/blob/2203fee1407738a4ddd8e644fcbc741aab0bca63/pulpcore/plugin/stages/artifact_stages.py#L179-L200">https://github.com/pulp/pulpcore/blob/2203fee1407738a4ddd8e644fcbc741aab0bca63/pulpcore/plugin/stages/artifact_stages.py#L179-L200</a></div> <div><br> </div> <div>What I would probably do though is stick a debug statement here in django-storages to see what params it's passing to boto3:</div> <div><br> </div> <div><a href="https://github.com/jschneier/django-storages/blob/0ab2b1e3efd2bcaf0f24540a718993acc7742d9b/storages/backends/s3boto3.py#L511">https://github.com/jschneier/django-storages/blob/0ab2b1e3efd2bcaf0f24540a718993acc7742d9b/storages/backends/s3boto3.py#L511</a><br> </div> <div><br> </div> <div>You can see the location of django-storages with `pip show django-storages`.</div> <div><br> </div> <div>Sorry I don't have a better answer for you. Perhaps this is something we can improve in the future. Also, I'd be curious as to what the issue is as it sounds like everything should work in theory.<br clear="all"> <div> <div dir="ltr" class="gmail_signature"> <div dir="ltr"> <div> <div dir="ltr"> <div> <div dir="ltr"> <div><br> </div> <div>David<br> </div> </div> </div> </div> </div> </div> </div> </div> <br> </div> </div> <br> <div class="gmail_quote"> <div dir="ltr" class="gmail_attr">On Fri, Nov 1, 2019 at 2:26 PM Dumont, Joey <<a href="mailto:Joey.Dumont@nrc-cnrc.gc.ca">Joey.Dumont@nrc-cnrc.gc.ca</a>> wrote:<br> </div> <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex"> <div dir="ltr" style="font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255); font-family:Calibri,Arial,Helvetica,sans-serif"> <p>I've installed the latest pulp3 using the Ansible installer using the following playbook:<br> </p> <p><br> </p> <div></div> <div> <div>---</div> <div>- hosts: mirrors</div> <div> vars:</div> <div> prereq_pip_packages:</div> <div> - django-storages</div> <div> - boto3</div> <div> pulp_use_system_wide_pkgs: True</div> <div> pulp_default_admin_password: !vault |</div> <div> $ANSIBLE_VAULT;1.1;AES256</div> <div> ...<br> </div> <div> pulp_settings:</div> <div> secret_key: !vault |</div> <div> $ANSIBLE_VAULT;1.1;AES256</div> <div> ...<br> </div> <div> default_file_storage: 'storages.backends.s3boto3.S3Boto3Storage'</div> <div> aws_storage_bucket_name: 'xxx-pulp-storage'<br> </div> <div> aws_s3_region_name: 'ca-central-1'</div> <div> aws_s3_addressing_style: "path"</div> <div> media_root: '/pulp3/'</div> <div> pulp_install_plugins:</div> <div> pulp-file: {}</div> <div> pulp-rpm:</div> <div> prereq_role: "pulp.pulp_rpm_prerequisites"</div> <div> # pulp-docker: {}</div> <div> roles:</div> <div> - pulp-database</div> <div> - pulp-workers</div> <div> - pulp-resource-manager</div> <div> - pulp-webserver</div> <div> - pulp-content</div> <div> environment:</div> <div> DJANGO_SETTINGS_MODULE: pulpcore.app.settings</div> <div><br> </div> <div>I also set up an RPM repo that uses S3 for storage. However, when I try to sync, I get an AccessDenied error. I know the instance profile is correct, as I can upload objects from that instance using both the AWS CLI and Boto3 without specifying credentials. <br> </div> <br> How can I debug this further? Is there a way for me know what parameters are passed to the put_object boto3 call by the sync task?<br> </div> <div><br> </div> <div>Cheers,<br> </div> <p><br> </p> <p><br> </p> <div id="gmail-m_-2646072161816306239Signature"> <div name="divtagdefaultwrapper"><font><font>Joey Dumont</font></font> <div><br> </div> <div>Technical Advisor, Knowledge, Information, and Technology Services</div> <div>National Research Council Canada / Governement of Canada</div> <div><a href="mailto:joey.dumont@nrc-cnrc.gc.ca" id="gmail-m_-2646072161816306239NoLP" target="_blank">joey.dumont@nrc-cnrc.gc.ca</a> / Tel: 613-990-8152 / Cell: 438-340-7436</div> <div><br> </div> <div>Conseiller technique, Services du savoir, de l'information et de la technologie</div> <div>Conseil national de recherches Canada / Gouvernement du Canada</div> <div><a href="mailto:joey.dumont@nrc-cnrc.gc.ca" id="gmail-m_-2646072161816306239NoLP" target="_blank">joey.dumont@nrc-cnrc.gc.ca</a> / Tél.: 613-990-8152 / Tél. cell.: 438-340-7436</div> </div> </div> </div> _______________________________________________<br> Pulp-list mailing list<br> <a href="mailto:Pulp-list@redhat.com" target="_blank">Pulp-list@redhat.com</a><br> <a href="https://www.redhat.com/mailman/listinfo/pulp-list" rel="noreferrer" target="_blank">https://www.redhat.com/mailman/listinfo/pulp-list</a></blockquote> </div> </div> </div> </div> </body> </html>