Comments (9)
Adding some internal info -
When calling noobaa-cli account update
the account's config file is being updated.
NooBaa service maintains an account cache with a default expiry_ms = 10 minutes, after the expiry the old account won't be valid anymore.
NooBaa CLI and NooBaa service are different processes, we need to come up with a way to communicate to the service that the account was updated so we will get an updated view of the account's data.
from noobaa-core.
@romayalon , are we planning to fix this in 5.15.3/.4
from noobaa-core.
I have a use case:
- Update newbuckets path in the account. old_bucketspath to new_bucketspath
- Create a new bucket via aws mb or s3api bucket-create, this is still creating new buckets under old_bucketspath
- After 5-10 mins and account cache expiry, new buckets are getting created under new_bucketspath as expected.
So the issue I am facing here is , I need to wait 5-10 mins to test my scenarios or even in test automation.
Do we have a way to trigger account cache expiry manually? So that as a work around I can trigger it and proceed with my next steps?
@romayalon @guymguym
from noobaa-core.
@anandhu-karattu We do have process.env.ACCOUNTS_CACHE_EXPIRY which you can set on tests to be 1 ms, Can you try it? (add it to /etc/sysconfig/noobaa env file)
we can consider exporting it as a config as a W/A for customers who will complain the same issue, like we have config.OBJECT_SDK_BUCKET_CACHE_EXPIRY_MS...
Adding a point regarding IAM, IAM server will be on the same process as the service so we can easily invalidate accounts cache when updating accounts, this case can be a motivation for exploiting the tags for updating accounts config...
@guymguym @nimrod-becker @shirady
WDYT?
from noobaa-core.
Updating that we had an internal discussion, we wouldn't recommend exporting it to customers as it could create very wasteful config files reads.
@anandhu-karattu as we discsussed on slack, you can use it on tests if you wish as we do.
from noobaa-core.
@romayalon I verified the method you suggested . Please find my observations:
- Create a new file with config : echo ACCOUNTS_CACHE_EXPIRY=1 > /etc/sysconfig/noobaa
- Restart the S3 service .
Observations:
- On a 2 node cluster, I updated this on node1. This parameter is effective after restart of services and right after account update (for --accesskeys as well as --newbucketspath) I could find the new value is effective.
- After the test , I deleted the file “etc/sysconfig/noobaa” and restarted S3 service. Now the account expiry is back to normal 10 mins.
However this requires a restart of S3 service and we don't want to keep this config file option for all the tests.
I suspect, I might miss some issues with this config.
Instead do we have any way to call the server and refresh the cache individually ? If yes, We can even include that call in our account update cli (mms3) and refresh the cache after each update operation? Will that be possible?
from noobaa-core.
Hey @anandhu-karattu
If there was an easy option for invalidating the cache from outside of NooBaa endpoint process we would do it from our CLI...
As I wrote before, currently noobaa endpoint process supports only S3 operations (invalidate cache is a NooBaa internal function and not S3 request, so it's not supported) but in the future (currently WIP) the endpoint
process will receive IAM requests for updating access keys (and invalidating the cache), and we need to consider supporting different configurations like new_buckets_path..
CC: @guymguym @shirady @nimrod-becker
@anandhu-karattu We do have process.env.ACCOUNTS_CACHE_EXPIRY which you can set on tests to be 1 ms, Can you try it? (add it to /etc/sysconfig/noobaa env file) we can consider exporting it as a config as a W/A for customers who will complain the same issue, like we have config.OBJECT_SDK_BUCKET_CACHE_EXPIRY_MS... Adding a point regarding IAM, IAM server will be on the same process as the service so we can easily invalidate accounts cache when updating accounts, this case can be a motivation for exploiting the tags for updating accounts config... @guymguym @nimrod-becker @shirady WDYT?
from noobaa-core.
@anandhu-karattu Could you set echo ACCOUNTS_CACHE_EXPIRY=1 > /etc/sysconfig/noobaa
at the beginning of the tests (before enabling noobaa service) like we do instead of setting it for a specific test and restart the service?
from noobaa-core.
@romayalon I can set the parameter as we discussed and manage my tests (if there is no other way).
@madhuthorat how we can handle this use case ? Can we advise the customers to wait for 10 mins to create a new bucket (via s3 mb or s3api) after account update with --newbucketspath ?
from noobaa-core.
Related Issues (20)
- Nc | NSFS | Creating a Bucket with Name That Is the Same as a Internal Directory Throws `BucketAlreadyExists` HOT 1
- NC | Implement logs gathering mechanism
- aws s3 rm with --recursive option does not delete all the objects from the bucket HOT 6
- nsfs metrics from metrics port 7004 are only implemented over http. This should be changed to https as default.
- NC | NSFS | CLI | Events Improvements HOT 2
- NC | NSFS | CLI | Improve Response (To have Details)
- NC | NSFS | Log events to stderr if stderr is enabled
- S3 GetObjectAttributes API - implement new op for compatibility
- [System Test][5.2.1.0] 4k warp workload fails on power architecture because it does not finish closing the connections it opens HOT 3
- List objects with unicode - should sort keys using byte-by-byte order and not using utf8 sort order
- NSFS | Bucket is not listing when the bucket --path missing backslash(/) at the beginning of path HOT 5
- NSFS | RPM build is not generating NSFS RPM HOT 1
- S3 head-bucket should return a header with the service identifier (config option)
- NSFS | S3 | Versioning | List objects returns .versions/ folder HOT 1
- NSFS | NC | List Buckets Fails With `InvalidBucketState` In Case a Bucket Has Invalid Schema Config File
- Acess Denied for S3 buckets is not reporting HOT 1
- NSFS | NC | GLACIER restore flow needs to handle `ENOENT`
- NC | Maintenance and Short Refactoring Tasks
- NC | NSFS | Bucket Policy Should Be Managed Only by Bucket Owner HOT 3
- NC | NSFS | Updating Account's UID and GID Results in `AccessDenied` in Put-Object
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from noobaa-core.