Active-Active minio cluster sync data - kubernetes

https://docs.min.io/minio/baremetal/replication/enable-server-side-two-way-bucket-replication.html#required-permissions
I follow this guide, when I do "mc admin policy add". I got an err:
mc: <ERROR> Unable to add new policy: conditions are not supported for action s3:GetBucketVersioning.
Then I add '--debug':
mc: <DEBUG> PUT /minio/admin/v3/add-canned-policy?name=ReplicationRemoteUserPolicy.json HTTP/1.1
Host: xxxxx:xxx
User-Agent: MinIO (linux; amd64) madmin-go/0.0.1 mc/RELEASE.2022-07-06T14-54-36Z
Content-Length: 1328
Accept-Encoding: gzip
Authorization: AWS4-HMAC-SHA256 Credential=admin/20220707//s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=**REDACTED**
X-Amz-Content-Sha256: 26a5f72146edcd356b967fb84a6b1407418205af1904f9408fd2e85b196c98d1
X-Amz-Date: 20220707T094030Z
mc: <DEBUG> HTTP/1.1 400 Bad Request
Content-Length: 237
Accept-Ranges: bytes
Content-Security-Policy: block-all-mixed-content
Content-Type: application/json
Date: Thu, 07 Jul 2022 09:40:19 GMT
Server: MinIO
Vary: Origin
X-Amz-Request-Id: 16FF82A1BB2425B5
X-Xss-Protection: 1; mode=block
{"Code":"XMinioMalformedIAMPolicy","Message":"conditions are not supported for action s3:GetBucketVersioning","Resource":"/minio/admin/v3/add-canned-policy","RequestId":"16FF82A1BB2425B5","HostId":"3473e3d7-6fef-4358-83e7-f7e333eb8675"}
mc: <DEBUG> Response Time: 3.844982ms
---------START-HTTP---------
PUT /minio/admin/v3/add-canned-policy?name=ReplicationRemoteUserPolicy.json HTTP/1.1
Host: xxxxx:xxxx
User-Agent: MinIO (linux; amd64) madmin-go/0.0.1 mc/RELEASE.2022-07-06T14-54-36Z
Content-Length: 1328
Accept-Encoding: gzip
Authorization: AWS4-HMAC-SHA256 Credential=admin/20220707//s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=**REDACTED**
X-Amz-Content-Sha256: 26a5f72146edcd356b967fb84a6b1407418205af1904f9408fd2e85b196c98d1
X-Amz-Date: 20220707T094030Z
HTTP/1.1 400 Bad Request
Content-Length: 237
Accept-Ranges: bytes
Content-Security-Policy: block-all-mixed-content
Content-Type: application/json
Date: Thu, 07 Jul 2022 09:40:19 GMT
Server: MinIO
Vary: Origin
X-Amz-Request-Id: 16FF82A1BB2425B5
X-Xss-Protection: 1; mode=block
{"Code":"XMinioMalformedIAMPolicy","Message":"conditions are not supported for action s3:GetBucketVersioning","Resource":"/minio/admin/v3/add-canned-policy","RequestId":"16FF82A1BB2425B5","HostId":"3473e3d7-6fef-4358-83e7-f7e333eb8675"}
---------END-HTTP---------
mc: <ERROR> Unable to add new policy: conditions are not supported for action s3:GetBucketVersioning
(1) admin-policy-add.go:140 cmd.mainAdminPolicyAdd(..) Tags: [cluster202, ReplicationRemoteUserPolicy.json, /dev/stdin]
(0) admin-policy-add.go:140 cmd.mainAdminPolicyAdd(..)
Commit:81c4a5ad6ee4 | Release-Tag:RELEASE.2022-07-06T14-54-36Z | Host:clone-instance-testv3 | OS:linux | Arch:amd64 | Lang:go1.18.3 | Mem:3.3 MB/17 MB | Heap:3.3 MB/7.7 MB.
How can I fix this?
I used helm chart install minio cluster, the tag of docker images is :RELEASE.2021-02-14T04-01-33Z

Related

401 error after successful login using browser

Using my browser I point to a URL and I am prompted with a username/password dialog. I enter my username/password and I get my webpage.
I get a 401 error, however, when using curl:
curl --anyauth --user "$USERNAME:$PASSWORD" $URL
wget:
wget --http-user=$USERNAME --http-password=$PASSWORD $URL
Python:
response = requests.get(url, auth=requests.auth.HTTPBasicAuth(username, password))
response = requests.get(url, auth=requests.auth.HTTPDigestAuth(username, password))
The verbose (sanitized) output is below for curl:
* About to connect() to application.intranet.net port 443 (#0)
* Trying 10.10.10.139...
* Connected to application.intranet.net (10.10.10.139) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* subject: CN=application.intranet.net,OU=COMPANY - Web Hosting,O=Com Pany Inc.,STREET=address,L=city,ST=state,postalCode=12345,C=US
* start date: Apr 06 00:00:00 2020 GMT
* expire date: Apr 06 23:59:59 2022 GMT
* common name: application.intranet.net
* issuer: CN=COMODO RSA Organization Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
> GET /appname/Reporting/ReportListStart.aspx HTTP/1.1
> User-Agent: curl/7.29.0
> Host: application.intranet.net
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Cache-Control: private
< Content-Type: text/html
< Server: application Server
< WWW-Authenticate: Negotiate
< WWW-Authenticate: NTLM
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Date: Wed, 23 Dec 2020 16:17:22 GMT
< Content-Length: 1293
<
* Ignoring the response-body
* Connection #0 to host application.intranet.net left intact
* Issue another request to this URL: 'https://application.intranet.net/appname/Reporting/ReportListStart.aspx'
* Found bundle for host application.intranet.net: 0x1f4b050
* Re-using existing connection! (#0) with host application.intranet.net
* Connected to application.intranet.net (10.10.10.139) port 443 (#0)
> GET /appname/Reporting/ReportListStart.aspx HTTP/1.1
> User-Agent: curl/7.29.0
> Host: application.intranet.net
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Cache-Control: private
< Content-Type: text/html
< Server: application Server
* gss_init_sec_context() failed: : No Kerberos credentials available (default cache: KEYRING:persistent:9013)
< WWW-Authenticate: Negotiate
< WWW-Authenticate: NTLM
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Date: Wed, 23 Dec 2020 16:17:22 GMT
< Content-Length: 1293
<
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
* Connection #0 to host application.intranet.net left intact
wget:
--2020-12-23 11:18:14-- https://application.intranet.net/appname/Reporting/ReportListStart.aspx
Resolving application.intranet.net (application.intranet.net)... 10.10.10.139, 10.10.10.10
Connecting to application.intranet.net (application.intranet.net)|10.10.10.139|:443... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Reusing existing connection to application.intranet.net:443.
HTTP request sent, awaiting response... 401 Unauthorized
Reusing existing connection to application.intranet.net:443.
HTTP request sent, awaiting response... 401 Unauthorized
Authorization failed.
Python:
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): application.intranet.net:443
send: b'GET /appname/Reporting/ReportListStart.aspx HTTP/1.1\r\nHost: application.intranet.net\r\nUser-Agent: python-requests/2.25.0\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nConnection: keep-alive\r\nAuthorization: Basic U19KaXJhX0ludGVybmFsQXVkaXQ6R2l4X0lLdzFqTEYtMld0cw==\r\n\r\n'
reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: Cache-Control: private
header: Content-Type: text/html
header: Server: application Server
header: WWW-Authenticate: Negotiate
header: WWW-Authenticate: NTLM
header: X-Frame-Options: SAMEORIGIN
header: X-Content-Type-Options: nosniff
header: Date: Wed, 23 Dec 2020 17:01:10 GMT
header: Content-Length: 1293
DEBUG:urllib3.connectionpool:https://application.intranet.net:443 "GET /appname/Reporting/ReportListStart.aspx HTTP/1.1" 401 1293
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): application.intranet.net:443
send: b'GET /appname/Reporting/ReportListStart.aspx HTTP/1.1\r\nHost: application.intranet.net\r\nUser-Agent: python-requests/2.25.0\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nConnection: keep-alive\r\n\r\n'
reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: Cache-Control: private
header: Content-Type: text/html
header: Server: application Server
header: WWW-Authenticate: Negotiate
header: WWW-Authenticate: NTLM
header: X-Frame-Options: SAMEORIGIN
header: X-Content-Type-Options: nosniff
header: Date: Wed, 23 Dec 2020 17:01:10 GMT
header: Content-Length: 1293
DEBUG:urllib3.connectionpool:https://application.intranet.net:443 "GET /appname/Reporting/ReportListStart.aspx HTTP/1.1" 401 1293
From my browser there is the initial request that returns a 302:
Request URL: https://application.wuintranet.net/appname/Reporting/ReportListStart.aspx
Request Method: GET
Status Code: 302 Found
Remote Address: 10.10.10.123:443
Referrer Policy: strict-origin-when-cross-origin
Cache-Control: private
Content-Length: 160
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Dec 2020 17:14:54 GMT
Location: /appname/Reporting/ReportListStart.aspx
Persistent-Auth: true
Server: application Server
Set-Cookie: ASP.NET_SessionId=dy2rr35onasw5ctumhuqb4af; path=/; secure; HttpOnly; SameSite=Lax
Set-Cookie: appname_Cookie=ConnectionTitle=DELwLGx+KbrtS0gKvmretg==&IsConnectionTitleSet=True&IsLogOff=False&CurrentOrganization=ELx658BVmiesDFQg7w5RtA==&IsOrganizationRequired=YBfC/taoB3Ll19UPqF9IEA==; path=/; secure; HttpOnly
Set-Cookie: .application_SSO_Cookie=ConnectionTitle=DELwLGx+KbrtS0gKvmretg==&IsConnectionTitleSet=True&IsLogOff=True&CurrentOrganization=ELx658BVmiesDFQg7w5RtA==&IsOrganizationRequired=YBfC/taoB3Ll19UPqF9IEA==; path=/; secure; HttpOnly
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cache-Control: max-age=0
Connection: keep-alive
Host: application.wuintranet.net
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
and then the browser-generated followup that returns 200:
Request URL: https://application.wuintranet.net/appname/Reporting/ReportListStart.aspx
Request Method: GET
Status Code: 200 OK
Remote Address: 10.10.10.123:443
Referrer Policy: strict-origin-when-cross-origin
Cache-Control: private
Content-Encoding: gzip
Content-Length: 32914
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Dec 2020 17:14:54 GMT
Persistent-Auth: true
Server: application Server
Set-Cookie: appname_Cookie=ConnectionTitle=DELwLGx+KbrtS0gKvmretg==&IsConnectionTitleSet=True&IsLogOff=False&CurrentOrganization=ELx658BVmiesDFQg7w5RtA==&IsOrganizationRequired=YBfC/taoB3Ll19UPqF9IEA==; path=/; secure; HttpOnly
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cache-Control: max-age=0
Connection: keep-alive
Cookie: ASP.NET_SessionId=dy2rr35onasw5ctumhuqb4af; appname_Cookie=ConnectionTitle=DELwLGx+KbrtS0gKvmretg==&IsConnectionTitleSet=True&IsLogOff=False&CurrentOrganization=ELx658BVmiesDFQg7w5RtA==&IsOrganizationRequired=YBfC/taoB3Ll19UPqF9IEA==; .application_SSO_Cookie=ConnectionTitle=DELwLGx+KbrtS0gKvmretg==&IsConnectionTitleSet=True&IsLogOff=True&CurrentOrganization=ELx658BVmiesDFQg7w5RtA==&IsOrganizationRequired=YBfC/taoB3Ll19UPqF9IEA==
Host: application.wuintranet.net
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36

replace
curl --anyauth
with
curl --ntlm

Error 500 with X-Frame-Options and REST API

I send a post request that aims to update a file on Kofax TotalAgility.
I obtain an error 500 and the following error message :
HttpResponseProxy{HTTP/1.1 500 Unknown Exception [Cache-Control: private, Content-Type: application/xml; charset=utf-8, X-Frame-Options: SAMEORIGIN, Date: Mon, 23 Dec 2019 12:49:29 GMT, Content-Length: 39] ResponseEntityProxy{[Content-Type: application/xml; charset=utf-8,Content-Length: 39,Chunked: false]}}
Is this error message is resulting from this server setting : X-Frame-Options: SAMEORIGIN ?

bluemix app push hangs after upload

command bx app push hangs after message "Done uploading" is shown.
I activated CF_TRACE env var, and the following request is made several times before failing with:
Error processing app files: Error uploading application.
Server error, status code: 502, error code: 0, message:
REQUEST: [2018-08-01T11:47:21-03:00]
GET /v2/jobs/5dc92acb-8573-422b-8a60-2e6b558dc26e HTTP/1.1
Host: api.ng.bluemix.net
Accept: application/json
Authorization: [PRIVATE DATA HIDDEN]
Connection: close
Content-Type: application/json
User-Agent: go-cli 6.32.0+0191c33d9.2017-09-26 / linux
RESPONSE: [2018-08-01T11:47:21-03:00]
HTTP/1.1 200 OK
Connection: close
Content-Length: 270
Cache-Control: max-age=0, no-cache, no-store
Content-Type: application/json;charset=utf-8
Date: Wed, 01 Aug 2018 14:47:21 GMT
Expires: Wed, 01 Aug 2018 14:47:21 GMT
Pragma: no-cache
Server: nginx
X-Backside-Transport: OK OK
X-Content-Type-Options: nosniff
X-Global-Transaction-Id: 2574851421
{
"metadata": {
"guid": "5dc92acb-8573-422b-8a60-2e6b558dc26e",
"created_at": "2018-08-01T14:36:25Z",
"url": "/v2/jobs/5dc92acb-8573-422b-8a60-2e6b558dc26e"
},
"entity": {
"guid": "5dc92acb-8573-422b-8a60-2e6b558dc26e",
"status": "queued"
}
}
I noticed the status queued on the entity object. What that means ? What can I do?
EDIT:
There was a problem with the region my app was on. It was reported at: https://console.bluemix.net/status

spring cloud zuul: How can return service httpstatus(or handle zuul status return)?

If use zuul routes for eureka service id,service return some httpStatus like 503
curl 10.1.0.21:5701/usr/users/xxx/a -H "Api-Version: v10" -i
Returns:
HTTP/1.1 503 Service Unavailable
Set-Cookie: Session-Token=9e66fb56-21e2-457a-a00f-f788c5ce820b; path=/; domain=.0.21:5701; HttpOnly; Max-Age=2592000; Expires=Sat, 29-Oct-2016 09:23:41 GMT
Date: Thu, 29 Sep 2016 09:23:41 GMT
Session-Token-Expires: 2592000
Connection: keep-alive
ETag:
Session-Token: 9e66fb56-21e2-457a-a00f-f788c5ce820b
Transfer-Encoding: chunked
Content-Type: application/json;charset=UTF-8
X-Application-Context: user-api-provider:5701
Content-Language: en-
Access-Control-Max-Age: 1728000
[{"key":"serviceUnavailable","message":"无效的接口"}]
But zuul reuturns ok/200, why? How can I change how Zuul handles statuses?
curl 10.1.0.19:8090/usr/users/xxx/a -H "Api-Version: v10" -i
Returns:
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 0
X-Application-Context: zuul-server:8090
Date: Thu, 29 Sep 2016 09:24:10 GMT

Works for me with latest spring-cloud-netflix (1.2.0):
#SpringBootApplication
#EnableZuulProxy
public class SimpleApplication {
public static void main(String[] args) {
SpringApplication.run(SimpleApplication.class, args);
}
}
with application.properties:
zuul.routes.test.url=http://httpstat.us/503
zuul.routes.test.path=/test/**
and:
$ curl localhost:8080/test/
> GET /test/ HTTP/1.1
> User-Agent: curl/7.35.0
> Host: localhost:8080
> Accept: */*
>
< HTTP/1.1 503
< X-Application-Context: application
< Cache-Control: private
< X-AspNetMvc-Version: 5.1
< X-AspNet-Version: 4.0.30319
< X-Powered-By: ASP.NET
< Access-Control-Allow-Origin: *
< Date: Thu, 29 Sep 2016 10:24:16 GMT
< Content-Type: text/plain;charset=utf-8
< Transfer-Encoding: chunked
< Connection: close
<
* Closing connection 0
503 Service Unavailable$

add nickname to google group using api

I've been trying to use the directory API to add an alias to a group, and it doesn't seems to work, is this feature operational already?
Thank you!

Yes, it works properly. Here's an example of GAM 2.995 creating a domain alias for your reference. I'd need to see code to determine where you're having issues.
$ touch gam/debug.gam
$ gam create alias test-alias#jay.powerposters.org group testme#jay.powerposters.org
Creating alias test-alias#jay.powerposters.org for group testme#jay.powerposters.org
connect: (www.googleapis.com, 443)
send: 'POST /admin/directory/v1/groups/testme#jay.powerposters.org/aliases?alt=json HTTP/1.1
Host: www.googleapis.com
content-length: 44
accept-encoding: gzip, deflate
accept: application/json
user-agent: Google Apps Manager 2.995 / jay#ditoweb.com (Jay Lee)
/ Python 2.7.4 final
/ Linux-3.8.0-26-generic-x86_64-with-Ubuntu-13.04-raring x86_64
/ google-api-python-client/1.1
content-type: application/json
authorization: Bearer ya29.XXX
{"alias": "test-alias#jay.powerposters.org"}'
reply: 'HTTP/1.1 200 OK\r\n'
header: Cache-Control: no-cache, no-store, max-age=0, must-revalidate
header: Pragma: no-cache
header: Expires: Fri, 01 Jan 1990 00:00:00 GMT
header: Date: Wed, 10 Jul 2013 17:34:38 GMT
header: ETag: "2rnFeCLM59Q4Hv06VzEjKQtYAxk/uYyLVNg9ntD0jUUkkana74HyFfQ"
header: Content-Type: application/json; charset=UTF-8
header: Content-Encoding: gzip
header: X-Content-Type-Options: nosniff
header: X-Frame-Options: SAMEORIGIN
header: X-XSS-Protection: 1; mode=block
header: Content-Length: 112
header: Server: GSE