Can not edit topics with picture with S3 backend

Hi everybody,

we stumbled over a strange issue.

Our setting:

  • Discourse: 2.8.0.beta2
  • S3: Minio
  • CDN: Myra

The S3 is configured:

root@assets-prod-app01:~# sudo -u minio mc admin policy info minio readwrite-discourse
{
 "Version": "2012-10-17",
 "Statement": [
  {
   "Effect": "Allow",
   "Action": [
    "s3:ListBucketMultipartUploads",
    "s3:GetBucketLocation",
    "s3:ListBucket"
   ],
   "Resource": [
    "arn:aws:s3:::discourse"
   ]
  },
  {
   "Effect": "Allow",
   "Action": [
    "s3:*"
   ],
   "Resource": [
    "arn:aws:s3:::discourse/*"
   ]
  }
 ]
}

But we get all the time, when we edit following error message

In the logs files we get

Aws::S3::Errors::NotImplemented (A header you provided implies functionality that is not implemented)
lib/file_store/s3_store.rb:279:in `update_ACL'
lib/file_store/s3_store.rb:209:in `update_upload_ACL'
...

Is there a setting we did not consider, or is Minio not compatible with discourse?

Any hint would be nice, as we get a little bit pressure from our users :frowning:

Thanks in advance

Is this setting so uncommon?

I would appriciate some direction on what to look at in more detail or what to change? @Falco At the moment we are quite stuck… :frowning:

Did you enable the site setting secure_uploads? That won’t work with MinIO at all.

Hi @Falco,

unfortunatly not…

Is the S3 setup configured as the documentation at Using Object Storage for Uploads (S3 & Clones) ?

Yepp, really letter for letter :slight_smile:

Sorry to bother, but could you spot anything?

Hi, do you have any ideas? Sorry to bother…

Hey,

Today I upgraded to 2.8.0.beta2, same error:


just select secure_media, minio work again.

image

@pmusaraj / @martin looks like a regression caused by

which didn’t take into account the same stuff that was fixed by

So the post_creator does:

and models/post:

1 Like

There has already been a fix for this that was done for performance reasons but should also fix your problem:

Though I will make a fix to the job so that it exits early if secure media is disabled.

Actually, I cannot do the above because we want post uploads to be marked not secure if secure media is disabled or if the post has been moved to a different category. Instead I will add a fix to capture the Aws::S3::Errors::NotImplemented error when we run Discourse.store.update_upload_ACL(self). That way clients that do not support the private ACLs should have no problem.

Edit: I merged this fix today, hopefully it will help FIX: Handle storage providers not implementing ACLs by martin-brennan · Pull Request #13675 · discourse/discourse · GitHub. I think we are cutting a new beta next week as well.

3 Likes

This topic was automatically closed after 3 days. New replies are no longer allowed.