Problema con Backblaze per il backup: impossibile elencare i backup da S3: la convalida della firma non è riuscita

Supporto
1

Ciao,

sto cercando di configurare un bucket Backblaze da utilizzare esclusivamente per i backup.

Ho seguito: REQ: Support S3 backup to a service like Backblaze - #4 by frold
E ho fatto riferimento al post collegato “using-object-storage-for-uploads-s3-clones”.

Nel file app.yml ho aggiunto:

  DISCOURSE_S3_REGION: "s3.us-west-002"
  DISCOURSE_S3_INSTALL_CORS_RULE: false
  DISCOURSE_S3_ENDPOINT: https://s3.us-west-002.backblazeb2.com
  DISCOURSE_S3_ACCESS_KEY_ID: xxxxxxxxxxxxxxxxxxxx
  DISCOURSE_S3_SECRET_ACCESS_KEY: xxxxxxxxxxxxxxxxxxxxxxx
  DISCOURSE_S3_BACKUP_BUCKET: bucket/backups
  DISCOURSE_BACKUP_LOCATION: s3

Ho ricreato un nuovo bucket impostato come pubblico e con il nome tutto in minuscolo, dopo aver letto Set up file and image uploads to S3.

In Backblaze ho creato una nuova chiave App, che ha accesso solo al bucket di Discourse; ha comunque il permesso di elencare tutti i nomi dei bucket.

Nella pagina dei backup in Discourse vedo un’immagine triste/pagina rotta. I log mostrano:

Failed to list backups from S3: Signature validation failed

Backtrace:

/var/www/discourse/lib/backup_restore/s3_backup_store.rb:83:in `rescue in unsorted_files'

/var/www/discourse/lib/backup_restore/s3_backup_store.rb:72:in `unsorted_files'

/var/www/discourse/lib/backup_restore/backup_store.rb:23:in `files'

/var/www/discourse/app/controllers/admin/backups_controller.rb:22:in `block (2 levels) in index'

actionpack-6.1.3.1/lib/action_controller/metal/mime_responds.rb:214:in `respond_to'

/var/www/discourse/app/controllers/admin/backups_controller.rb:11:in `index'

actionpack-6.1.3.1/lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action'

actionpack-6.1.3.1/lib/abstract_controller/base.rb:228:in `process_action'

actionpack-6.1.3.1/lib/action_controller/metal/rendering.rb:30:in `process_action'

actionpack-6.1.3.1/lib/abstract_controller/callbacks.rb:42:in `block in process_action'

activesupport-6.1.3.1/lib/active_support/callbacks.rb:117:in `block in run_callbacks'

/var/www/discourse/app/controllers/application_controller.rb:383:in `block in with_resolved_locale'

i18n-1.8.10/lib/i18n.rb:314:in `with_locale'

/var/www/discourse/app/controllers/application_controller.rb:383:in `with_resolved_locale'

activesupport-6.1.3.1/lib/active_support/callbacks.rb:126:in `block in run_callbacks'

activesupport-6.1.3.1/lib/active_support/callbacks.rb:137:in `run_callbacks'

actionpack-6.1.3.1/lib/abstract_controller/callbacks.rb:41:in `process_action'

actionpack-6.1.3.1/lib/action_controller/metal/rescue.rb:22:in `process_action'

actionpack-6.1.3.1/lib/action_controller/metal/instrumentation.rb:34:in `block in process_action'

activesupport-6.1.3.1/lib/active_support/notifications.rb:203:in `block in instrument'

activesupport-6.1.3.1/lib/active_support/notifications/instrumenter.rb:24:in `instrument'

activesupport-6.1.3.1/lib/active_support/notifications.rb:203:in `instrument'

actionpack-6.1.3.1/lib/action_controller/metal/instrumentation.rb:33:in `process_action'

actionpack-6.1.3.1/lib/action_controller/metal/params_wrapper.rb:249:in `process_action'

activerecord-6.1.3.1/lib/active_record/railties/controller_runtime.rb:27:in `process_action'

actionpack-6.1.3.1/lib/abstract_controller/base.rb:165:in `process'

actionview-6.1.3.1/lib/action_view/rendering.rb:39:in `process'

rack-mini-profiler-2.3.1/lib/mini_profiler/profiling_methods.rb:111:in `block in profile_method'

actionpack-6.1.3.1/lib/action_controller/metal.rb:190:in `dispatch'

actionpack-6.1.3.1/lib/action_controller/metal.rb:254:in `dispatch'

actionpack-6.1.3.1/lib/action_dispatch/routing/route_set.rb:50:in `dispatch'

actionpack-6.1.3.1/lib/action_dispatch/routing/route_set.rb:33:in `serve'

actionpack-6.1.3.1/lib/action_dispatch/routing/mapper.rb:19:in `block in <class:Constraints>'

actionpack-6.1.3.1/lib/action_dispatch/routing/mapper.rb:49:in `serve'

actionpack-6.1.3.1/lib/action_dispatch/journey/router.rb:50:in `block in serve'

actionpack-6.1.3.1/lib/action_dispatch/journey/router.rb:32:in `each'

actionpack-6.1.3.1/lib/action_dispatch/journey/router.rb:32:in `serve'

actionpack-6.1.3.1/lib/action_dispatch/routing/route_set.rb:842:in `call'

/var/www/discourse/lib/middleware/omniauth_bypass_middleware.rb:71:in `call'

rack-2.2.3/lib/rack/tempfile_reaper.rb:15:in `call'

rack-2.2.3/lib/rack/conditional_get.rb:27:in `call'

rack-2.2.3/lib/rack/head.rb:12:in `call'

actionpack-6.1.3.1/lib/action_dispatch/http/permissions_policy.rb:22:in `call'

/var/www/discourse/lib/content_security_policy/middleware.rb:12:in `call'

/var/www/discourse/lib/middleware/anonymous_cache.rb:355:in `call'

rack-2.2.3/lib/rack/session/abstract/id.rb:266:in `context'

rack-2.2.3/lib/rack/session/abstract/id.rb:260:in `call'

actionpack-6.1.3.1/lib/action_dispatch/middleware/cookies.rb:689:in `call'

actionpack-6.1.3.1/lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'

activesupport-6.1.3.1/lib/active_support/callbacks.rb:98:in `run_callbacks'

actionpack-6.1.3.1/lib/action_dispatch/middleware/callbacks.rb:26:in `call'

actionpack-6.1.3.1/lib/action_dispatch/middleware/actionable_exceptions.rb:18:in `call'

actionpack-6.1.3.1/lib/action_dispatch/middleware/debug_exceptions.rb:29:in `call'

actionpack-6.1.3.1/lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'

logster-2.9.6/lib/logster/middleware/reporter.rb:43:in `call'

railties-6.1.3.1/lib/rails/rack/logger.rb:37:in `call_app'

railties-6.1.3.1/lib/rails/rack/logger.rb:28:in `call'

/var/www/discourse/config/initializers/100-quiet_logger.rb:23:in `call'

/var/www/discourse/config/initializers/100-silence_logger.rb:31:in `call'

actionpack-6.1.3.1/lib/action_dispatch/middleware/remote_ip.rb:81:in `call'

actionpack-6.1.3.1/lib/action_dispatch/middleware/request_id.rb:26:in `call'

/var/www/discourse/lib/middleware/enforce_hostname.rb:23:in `call'

rack-2.2.3/lib/rack/method_override.rb:24:in `call'

actionpack-6.1.3.1/lib/action_dispatch/middleware/executor.rb:14:in `call'

rack-2.2.3/lib/rack/sendfile.rb:110:in `call'

actionpack-6.1.3.1/lib/action_dispatch/middleware/host_authorization.rb:92:in `call'

rack-mini-profiler-2.3.1/lib/mini_profiler/profiler.rb:373:in `call'

message_bus-3.3.4/lib/message_bus/rack/middleware.rb:61:in `call'

/var/www/discourse/lib/middleware/request_tracker.rb:177:in `call'

railties-6.1.3.1/lib/rails/engine.rb:539:in `call'

railties-6.1.3.1/lib/rails/railtie.rb:207:in `public_send'

railties-6.1.3.1/lib/rails/railtie.rb:207:in `method_missing'

rack-2.2.3/lib/rack/urlmap.rb:74:in `block in call'

rack-2.2.3/lib/rack/urlmap.rb:58:in `each'

rack-2.2.3/lib/rack/urlmap.rb:58:in `call'

unicorn-6.0.0/lib/unicorn/http_server.rb:634:in `process_client'

unicorn-6.0.0/lib/unicorn/http_server.rb:732:in `worker_loop'

unicorn-6.0.0/lib/unicorn/http_server.rb:547:in `spawn_missing_workers'

unicorn-6.0.0/lib/unicorn/http_server.rb:143:in `start'

unicorn-6.0.0/bin/unicorn:128:in `<top (required)>'

/var/www/discourse/vendor/bundle/ruby/2.7.0/bin/unicorn:23:in `load'

/var/www/discourse/vendor/bundle/ruby/2.7.0/bin/unicorn:23:in `<main>'

Penso di aver compreso tutti i singoli componenti e passaggi, ma non ho idea di quali siano i prossimi passi per eseguire il debug di questo problema.

L’ID della chiave e la chiave stessa sono alfanumerici, senza “+” o altri simboli… ma anche in questo caso, dovrebbero essere racchiusi tra virgolette?

Qualsiasi suggerimento è apprezzato!

2

Puoi provare a seguire Utilizzare l’archiviazione oggetti per i caricamenti (S3 e cloni)?

3 Mi Piace
3

Grazie per il suggerimento @Falco!

La sezione appropriata del mio app.yml ora appare così:

  ## DISCOURSE_USE_S3: true  -- per l'uso della CDN?!
  DISCOURSE_S3_REGION: "us-west-002"
  DISCOURSE_S3_INSTALL_CORS_RULE: false
  DISCOURSE_S3_CONFIGURE_TOMBSTONE_POLICY: false
  DISCOURSE_S3_ENDPOINT: https://s3.us-west-002.backblazeb2.com
  DISCOURSE_S3_ACCESS_KEY_ID: XXXXXXXXXXXXXXXXXX
  DISCOURSE_S3_SECRET_ACCESS_KEY: XXXXXXXXXXXXXXXXXX
  ## DISCOURSE_S3_CDN_URL: https://
  DISCOURSE_S3_BUCKET: discourse
  DISCOURSE_S3_BACKUP_BUCKET: discourse/backups
  DISCOURSE_BACKUP_LOCATION: s3

Ho anche notato la nota relativa a CORS, quindi ho provato a impostare la policy CORS del bucket per consentire l’accesso da tutti i domini per entrambi i protocolli S3 e B2 (la restringerò non appena avrò fatto funzionare tutto).

Nessun risultato con questo metodo.

Inoltre, ho creato un’altra chiave app con accesso completo a tutti i bucket e ho ricompilato con quella. Anche in questo caso, nessun risultato.

Ulteriori suggerimenti?

4

Ho appena provato anche con la configurazione sopra, ma impostando

DISCOURSE_USE_S3: true

Ho altri bucket che vengono utilizzati con successo per eseguire il backup di altri servizi (nota: lo strumento di backup utilizza l’API B2.)

Piccolo aggiornamento: ho rimosso la chiave API “tutti i bucket” e ora ricevo un errore di chiave non valida, quindi il mio server si sta connettendo a Backblaze. Non so perché la firma sia errata. Ho appena ricontrollato e l’ora è corretta (TZ è UTC.)

5

Il giorno dopo ha funzionato “da sé”. :roll_eyes:

1 Mi Piace