-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Applying retention to an ObjectBucketClaim for Loki #75
Comments
I was able to set a bucket lifecycle configuration by adding a (bogus) prefix:
However, still stuck when trying to GET that same lifecycle configuration:
This looks like a bug in the reply-handling portion of the code somewhere... |
We were able to get further using the AWS CLI instead via a debug pod running in the
Use these commands inside the
|
Just confirming (and documenting the commands used) that we can both put and get noobaa bucket lifecycle configs via awscli. Here we're changing the expiration days from 123 to 180:
|
For the aws v2 api see: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
dnf install -y unzip
unzip awscliv2.zip
aws/install
pip uninstall awscli |
To add certificate verification: export AWS_CA_BUNDLE=/run/secrets/kubernetes.io/serviceaccount/service-ca.crt |
Use these commands inside the openshift-operators-redhat namespace to get the bucket host, bucket name, access key id, and secret access key for the aws configure step and --endpoint-url value above: $ oc get configmap -o yaml openshift-operators-redhat-objectbucketclaim -o 'jsonpath={.data.BUCKET_HOST}'
$ oc get configmap -o yaml openshift-operators-redhat-objectbucketclaim -o 'jsonpath={.data.BUCKET_NAME}'
$ oc get secrets openshift-operators-redhat-objectbucketclaim -o jsonpath='{.data.AWS_ACCESS_KEY_ID}' | base64 -d
$ oc get secrets openshift-operators-redhat-objectbucketclaim -o jsonpath='{.data.AWS_SECRET_ACCESS_KEY}' | base64 -d Create a Loki debug pod and configure the $ oc project openshift-operators-redhat
$ oc --as=system:admin debug --as-root=true
$ dnf clean all
$ dnf install python3-pip python3-virtualenv
$ virtualenv awscli
$ source awscli/bin/activate
(awscli) $ pip install awscli
(awscli) $ aws configure
# enter aws access key and secret access key from object bucket claim secret Now you can create the bucket retention: aws --endpoint-url=https://s3.openshift-storage.svc s3api put-bucket-lifecycle-configuration --bucket openshift-operators-redhat-41733583-e42b-4b42-8181-550b09249988 --lifecycle-configuration '{
"Rules": [
{
"ID": "loki-retention",
"Status": "Enabled",
"Prefix": "",
"Expiration": {"Days": 90}
}
]
}' Check that the bucket retention has been applied: (awscli) sh-4.4# aws --endpoint-url=https://s3.openshift-storage.svc s3api get-bucket-lifecycle-configuration --bucket openshift-operators-redhat-41733583-e42b-4b42-8181-550b09249988
{
"Rules": [
{
"Expiration": {
"Days": 90,
"ExpiredObjectDeleteMarker": false
},
"ID": "loki-retention",
"Prefix": "",
"Status": "Enabled"
}
]
} |
@computate what are the next steps for this issue? |
@joachimweyl This bucket retention was successfully applied earlier when the logs were in the |
@computate in yesterday's meeting it sounded like the noobaa issue was resolved. Can this issue be closed? |
Closed by OCP-on-NERC/nerc-ocp-config#201 |
I have learned from the RH Internal forum-noobaa that applying retention to an ObjectBucketClaim for Loki involves running a noobaa CLI tool as a cluster admin:
https://github.com/noobaa/noobaa.github.io/blob/master/noobaa-operator-cli.md
There are ways to filter and set expiration days on bucket entries. I could use your help here please, because I don't seem to have access to query and apply these rules.
noobaa Bucket API
noobaa common API
First try getting the status of noobaa in openshift-storage:
Set bucket lifecycle
jtriley says we are using
NooBaa Operator Version: 5.10.6
The text was updated successfully, but these errors were encountered: