Problema con Backblaze para copia de seguridad: Error al listar copias de seguridad de S3: Falló la validación de la firma

Soporte
1

Hola:

Estoy intentando configurar un bucket de Backblaze solo para uso de copias de seguridad.

Seguí: REQ: Support S3 backup to a service like Backblaze - #4 by frold
Y consulté la publicación vinculada “using-object-storage-for-uploads-s3-clones”.

En app.yml he añadido:

  DISCOURSE_S3_REGION: "s3.us-west-002"
  DISCOURSE_S3_INSTALL_CORS_RULE: false
  DISCOURSE_S3_ENDPOINT: https://s3.us-west-002.backblazeb2.com
  DISCOURSE_S3_ACCESS_KEY_ID: xxxxxxxxxxxxxxxxxxxx
  DISCOURSE_S3_SECRET_ACCESS_KEY: xxxxxxxxxxxxxxxxxxxxxxx
  DISCOURSE_S3_BACKUP_BUCKET: bucket/backups
  DISCOURSE_BACKUP_LOCATION: s3

Tras leer Set up file and image uploads to S3, volví a crear un nuevo bucket configurado como público y con el nombre en minúsculas.

En Backblaze creé una nueva clave de aplicación que solo tiene acceso al bucket de Discourse; sí tiene permiso para listar todos los nombres de bucket.

En la página de copias de seguridad de Discourse aparece un carita triste/página rota. Los registros muestran:

Failed to list backups from S3: Signature validation failed

Seguimiento de la pila:

/var/www/discourse/lib/backup_restore/s3_backup_store.rb:83:in `rescue in unsorted_files'

/var/www/discourse/lib/backup_restore/s3_backup_store.rb:72:in `unsorted_files'

/var/www/discourse/lib/backup_restore/backup_store.rb:23:in `files'

/var/www/discourse/app/controllers/admin/backups_controller.rb:22:in `block (2 levels) in index'

actionpack-6.1.3.1/lib/action_controller/metal/mime_responds.rb:214:in `respond_to'

/var/www/discourse/app/controllers/admin/backups_controller.rb:11:in `index'

actionpack-6.1.3.1/lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action'

actionpack-6.1.3.1/lib/abstract_controller/base.rb:228:in `process_action'

actionpack-6.1.3.1/lib/action_controller/metal/rendering.rb:30:in `process_action'

actionpack-6.1.3.1/lib/abstract_controller/callbacks.rb:42:in `block in process_action'

activesupport-6.1.3.1/lib/active_support/callbacks.rb:117:in `block in run_callbacks'

/var/www/discourse/app/controllers/application_controller.rb:383:in `block in with_resolved_locale'

i18n-1.8.10/lib/i18n.rb:314:in `with_locale'

/var/www/discourse/app/controllers/application_controller.rb:383:in `with_resolved_locale'

activesupport-6.1.3.1/lib/active_support/callbacks.rb:126:in `block in run_callbacks'

activesupport-6.1.3.1/lib/active_support/callbacks.rb:137:in `run_callbacks'

actionpack-6.1.3.1/lib/abstract_controller/callbacks.rb:41:in `process_action'

actionpack-6.1.3.1/lib/action_controller/metal/rescue.rb:22:in `process_action'

actionpack-6.1.3.1/lib/action_controller/metal/instrumentation.rb:34:in `block in process_action'

activesupport-6.1.3.1/lib/active_support/notifications.rb:203:in `block in instrument'

activesupport-6.1.3.1/lib/active_support/notifications/instrumenter.rb:24:in `instrument'

activesupport-6.1.3.1/lib/active_support/notifications.rb:203:in `instrument'

actionpack-6.1.3.1/lib/action_controller/metal/instrumentation.rb:33:in `process_action'

actionpack-6.1.3.1/lib/action_controller/metal/params_wrapper.rb:249:in `process_action'

activerecord-6.1.3.1/lib/active_record/railties/controller_runtime.rb:27:in `process_action'

actionpack-6.1.3.1/lib/abstract_controller/base.rb:165:in `process'

actionview-6.1.3.1/lib/action_view/rendering.rb:39:in `process'

rack-mini-profiler-2.3.1/lib/mini_profiler/profiling_methods.rb:111:in `block in profile_method'

actionpack-6.1.3.1/lib/action_controller/metal.rb:190:in `dispatch'

actionpack-6.1.3.1/lib/action_controller/metal.rb:254:in `dispatch'

actionpack-6.1.3.1/lib/action_dispatch/routing/route_set.rb:50:in `dispatch'

actionpack-6.1.3.1/lib/action_dispatch/routing/route_set.rb:33:in `serve'

actionpack-6.1.3.1/lib/action_dispatch/routing/mapper.rb:19:in `block in <class:Constraints>'

actionpack-6.1.3.1/lib/action_dispatch/routing/mapper.rb:49:in `serve'

actionpack-6.1.3.1/lib/action_dispatch/journey/router.rb:50:in `block in serve'

actionpack-6.1.3.1/lib/action_dispatch/journey/router.rb:32:in `each'

actionpack-6.1.3.1/lib/action_dispatch/journey/router.rb:32:in `serve'

actionpack-6.1.3.1/lib/action_dispatch/routing/route_set.rb:842:in `call'

/var/www/discourse/lib/middleware/omniauth_bypass_middleware.rb:71:in `call'

rack-2.2.3/lib/rack/tempfile_reaper.rb:15:in `call'

rack-2.2.3/lib/rack/conditional_get.rb:27:in `call'

rack-2.2.3/lib/rack/head.rb:12:in `call'

actionpack-6.1.3.1/lib/action_dispatch/http/permissions_policy.rb:22:in `call'

/var/www/discourse/lib/content_security_policy/middleware.rb:12:in `call'

/var/www/discourse/lib/middleware/anonymous_cache.rb:355:in `call'

rack-2.2.3/lib/rack/session/abstract/id.rb:266:in `context'

rack-2.2.3/lib/rack/session/abstract/id.rb:260:in `call'

actionpack-6.1.3.1/lib/action_dispatch/middleware/cookies.rb:689:in `call'

actionpack-6.1.3.1/lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'

activesupport-6.1.3.1/lib/active_support/callbacks.rb:98:in `run_callbacks'

actionpack-6.1.3.1/lib/action_dispatch/middleware/callbacks.rb:26:in `call'

actionpack-6.1.3.1/lib/action_dispatch/middleware/actionable_exceptions.rb:18:in `call'

actionpack-6.1.3.1/lib/action_dispatch/middleware/debug_exceptions.rb:29:in `call'

actionpack-6.1.3.1/lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'

logster-2.9.6/lib/logster/middleware/reporter.rb:43:in `call'

railties-6.1.3.1/lib/rails/rack/logger.rb:37:in `call_app'

railties-6.1.3.1/lib/rails/rack/logger.rb:28:in `call'

/var/www/discourse/config/initializers/100-quiet_logger.rb:23:in `call'

/var/www/discourse/config/initializers/100-silence_logger.rb:31:in `call'

actionpack-6.1.3.1/lib/action_dispatch/middleware/remote_ip.rb:81:in `call'

actionpack-6.1.3.1/lib/action_dispatch/middleware/request_id.rb:26:in `call'

/var/www/discourse/lib/middleware/enforce_hostname.rb:23:in `call'

rack-2.2.3/lib/rack/method_override.rb:24:in `call'

actionpack-6.1.3.1/lib/action_dispatch/middleware/executor.rb:14:in `call'

rack-2.2.3/lib/rack/sendfile.rb:110:in `call'

actionpack-6.1.3.1/lib/action_dispatch/middleware/host_authorization.rb:92:in `call'

rack-mini-profiler-2.3.1/lib/mini_profiler/profiler.rb:373:in `call'

message_bus-3.3.4/lib/message_bus/rack/middleware.rb:61:in `call'

/var/www/discourse/lib/middleware/request_tracker.rb:177:in `call'

railties-6.1.3.1/lib/rails/engine.rb:539:in `call'

railties-6.1.3.1/lib/rails/railtie.rb:207:in `public_send'

railties-6.1.3.1/lib/rails/railtie.rb:207:in `method_missing'

rack-2.2.3/lib/rack/urlmap.rb:74:in `block in call'

rack-2.2.3/lib/rack/urlmap.rb:58:in `each'

rack-2.2.3/lib/rack/urlmap.rb:58:in `call'

unicorn-6.0.0/lib/unicorn/http_server.rb:634:in `process_client'

unicorn-6.0.0/lib/unicorn/http_server.rb:732:in `worker_loop'

unicorn-6.0.0/lib/unicorn/http_server.rb:547:in `spawn_missing_workers'

unicorn-6.0.0/lib/unicorn/http_server.rb:143:in `start'

unicorn-6.0.0/bin/unicorn:128:in `<top (required)>'

/var/www/discourse/vendor/bundle/ruby/2.7.0/bin/unicorn:23:in `load'

/var/www/discourse/vendor/bundle/ruby/2.7.0/bin/unicorn:23:in `<main>'

Creo que entiendo cada uno de los componentes y pasos, pero no tengo idea de cuáles son los siguientes pasos para depurar esto.

El ID de la clave y la clave son alfanuméricos, sin “+” ni otros símbolos… pero, aun así, ¿deberían ir entre comillas?

¡Agradecería cualquier sugerencia!

2

¿Puedes probar siguiendo Usar almacenamiento de objetos para cargas (S3 y clones)?

3 Me gusta
3

¡Gracias por la sugerencia, @Falco!

La sección correspondiente de mi app.yml ahora se ve así:

  ## DISCOURSE_USE_S3: true  -- ¿para uso de CDN?!
  DISCOURSE_S3_REGION: "us-west-002"
  DISCOURSE_S3_INSTALL_CORS_RULE: false
  DISCOURSE_S3_CONFIGURE_TOMBSTONE_POLICY: false
  DISCOURSE_S3_ENDPOINT: https://s3.us-west-002.backblazeb2.com
  DISCOURSE_S3_ACCESS_KEY_ID: XXXXXXXXXXXXXXXXXX
  DISCOURSE_S3_SECRET_ACCESS_KEY: XXXXXXXXXXXXXXXXXX
  ## DISCOURSE_S3_CDN_URL: https://
  DISCOURSE_S3_BUCKET: discourse
  DISCOURSE_S3_BACKUP_BUCKET: discourse/backups
  DISCOURSE_BACKUP_LOCATION: s3

También noté la nota sobre CORS, así que también intenté configurar la política CORS del bucket para permitir el acceso desde todos los dominios tanto para los protocolos S3 como B2 (lo restringiré una vez que funcione).

No tuve éxito con eso.

Además, he creado otra clave de aplicación con acceso completo a todos los buckets y he vuelto a compilar con ella. Tampoco ha funcionado.

¿Alguna otra sugerencia?

4

También acabo de probar con la configuración anterior, pero con

DISCOURSE_USE_S3: true

Tengo otros buckets que se están utilizando correctamente para hacer copias de seguridad de otros servicios (nota: esa herramienta de copias de seguridad utiliza la API de B2).

Pequeña actualización: eliminé la clave API de “todos los buckets” y ahora obtengo un error de clave inválida, por lo que mi servidor se está conectando a Backblaze. No tengo idea de por qué la firma es incorrecta. Acabo de verificar de nuevo y la hora es correcta (la zona horaria es UTC).

5

Simplemente “funcionó” al día siguiente. :roll_eyes:

1 me gusta