Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ACL update errors on some accounts #76

Open
dbernstein opened this issue Nov 15, 2024 · 1 comment
Open

ACL update errors on some accounts #76

dbernstein opened this issue Nov 15, 2024 · 1 comment

Comments

@dbernstein
Copy link
Member

I'm seeing a bunch of error messages in the dead letter queue like this. I'm guessing that the GlacierStorageProvider does not implement the same bucket configuration that is happening in the S3 storage provider or it is possible we need to run through all accounts and ensure that all buckets allow ACLS. Amazon changed the ACL permission defaults on buckets a while back. We fixed the issue, but we may need to write a utility to ensure all buckets are configured properly.

#Thu Nov 14 07:27:12 GMT 2024
spaceId=ala-trash
MSG_ID=3c2f1ae7-0e69-4924-baa5-5fec35763a22
destStoreId=163
RECEIPT_HANDLE=AQEBYd6+E9H1xx1Y6OUABkWcTzm4OwsQ0tcYW+SKPDXX3hWlbHGygX1pcSJQ/3UOjfVKxvcjMa4GB7NLOG8mtuj7mUrSqCyfWTeBrCRSdI/rW1sg7LJxjkFTZTtXdc4euN7ZFtXLOuJ5NLNgzim/yHh0nJ1F0FICmJL23Qupwx9SIaVo7059T7NTaBO4BlH04vdjPrlzf8UM+ccXKvqchnAiu68p7OHJMIYpgwqJ1ljEuYdnjjbqfs5CKS9ohOz2lIE9sG2U7o5rISiMSgf7YWi2R60yakFQ4iCx29fKDYRk47IASxXLi1V5A2Hk98D9h0j2LZXD83ROaaBXOMOj4rYWQER046Xa40lzB17pQxtjq9U0i9HU+0bo4yGby4eCRh1l584Lr9FCcqy1YssPrh5AUgLsv8Z0FsSTOWPKkoquyaU=
contentId=[email protected]
type=DUP
storeId=162
error=org.duracloud.mill.dup.DuplicationTaskExecutionFailedException:Failure to duplicate content item due to:Error attempting to duplicate content properties: Could not update metadata for content [email protected] in S3 bucket akiajxa54odzpfdawa2q.ala-trash due to error: The bucket does not allow ACLs (Service: Amazon S3; Status Code: 400; Error Code: AccessControlListNotSupported; Request ID: FQ7HR0KQMYA9PNSM; S3 Extended Request ID: Bv0jUD5Ip3DlfD6ePrVJVL7ORl1r4orr9GATkyXtJ428axK4bcd6zHCiq8JAzpcK5AFHCZwuEu0=; Proxy: null) Account: dspacedirect Source StoreID: 162 Destination StoreID: 163 SpaceID: ala-trash ContentID: [email protected]
account=dspacedirect
attempts=4
@dbernstein
Copy link
Member Author

dbernstein commented Nov 15, 2024
edited
Loading

I looked into this: the problem is that the mill needs to be updated to the latest duracloud version 8.1.0. There were some changes that affected the way new buckets were being configured. Since the mill creates glacier buckets when they don't exist, some buckets do not have the correct config. The error is occurring after the object has been copied when the code tries to update the original ACL.

To fix the issue we need to upgrade the mill to 8.1.0 and run a script that will do what was done here to the following for all spaces:

        // enable ACLs
        final var bucketName = bucket.getName();
        s3Client.deletePublicAccessBlock(new DeletePublicAccessBlockRequest()
            .withBucketName(bucketName));

        final var rule = new OwnershipControlsRule().withOwnership(ObjectOwnership.ObjectWriter);
        final var ownershipControls = new OwnershipControls().withRules(asList(rule));

        s3Client.setBucketOwnershipControls(new SetBucketOwnershipControlsRequest()
            .withBucketName(bucketName)
            .withOwnershipControls(ownershipControls));

@dbernstein dbernstein changed the title Duplication seems to be failing on some accounts ACL update errors on some accounts Nov 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dbernstein