-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Registering MinIO (S3) snapshot repository fails with "Connect timed out" #16305
Comments
Here is the list of installed plugins from _cat/plugins: (Only from first node) |
You have to use an environment variable to disable the AWS EC2 METADATA connection. OpenSearch is trying to reach the aws magic IP on your server and of course failing. We just hit this same issue. |
Thanks, @jwitko, setting AWS_EC2_METADATA_DISABLED helped! It would be good if this was mentioned in the documentation. Here's what I put in my Helm values:
|
[Catch All Triage - 1, 2] @pjuri Looks like we got to the bottom of this, care to contribute to the documentation? |
@dblock sure, if you tell me where to put it. |
Would the right place be https://opensearch.org/docs/latest/tuning-your-cluster/availability-and-recovery/snapshots/snapshot-restore/? If so that's in https://github.com/opensearch-project/documentation-website. |
Adds info from: opensearch-project/OpenSearch#16305 Signed-off-by: pjuri <[email protected]>
@dblock done. Here's the pull request: opensearch-project/documentation-website#8734 |
* Update snapshot-restore.md Adds info from: opensearch-project/OpenSearch#16305 Signed-off-by: pjuri <[email protected]> * Update _tuning-your-cluster/availability-and-recovery/snapshots/snapshot-restore.md Co-authored-by: kolchfa-aws <[email protected]> Signed-off-by: pjuri <[email protected]> * Update _tuning-your-cluster/availability-and-recovery/snapshots/snapshot-restore.md Co-authored-by: kolchfa-aws <[email protected]> Signed-off-by: pjuri <[email protected]> * Update _tuning-your-cluster/availability-and-recovery/snapshots/snapshot-restore.md Co-authored-by: Nathan Bower <[email protected]> Signed-off-by: pjuri <[email protected]> --------- Signed-off-by: pjuri <[email protected]> Co-authored-by: kolchfa-aws <[email protected]> Co-authored-by: Nathan Bower <[email protected]>
* Update snapshot-restore.md Adds info from: opensearch-project/OpenSearch#16305 Signed-off-by: pjuri <[email protected]> * Update _tuning-your-cluster/availability-and-recovery/snapshots/snapshot-restore.md Co-authored-by: kolchfa-aws <[email protected]> Signed-off-by: pjuri <[email protected]> * Update _tuning-your-cluster/availability-and-recovery/snapshots/snapshot-restore.md Co-authored-by: kolchfa-aws <[email protected]> Signed-off-by: pjuri <[email protected]> * Update _tuning-your-cluster/availability-and-recovery/snapshots/snapshot-restore.md Co-authored-by: Nathan Bower <[email protected]> Signed-off-by: pjuri <[email protected]> --------- Signed-off-by: pjuri <[email protected]> Co-authored-by: kolchfa-aws <[email protected]> Co-authored-by: Nathan Bower <[email protected]> (cherry picked from commit 87a36f7) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* Update snapshot-restore.md Adds info from: opensearch-project/OpenSearch#16305 Signed-off-by: pjuri <[email protected]> * Update _tuning-your-cluster/availability-and-recovery/snapshots/snapshot-restore.md Co-authored-by: kolchfa-aws <[email protected]> Signed-off-by: pjuri <[email protected]> * Update _tuning-your-cluster/availability-and-recovery/snapshots/snapshot-restore.md Co-authored-by: kolchfa-aws <[email protected]> Signed-off-by: pjuri <[email protected]> * Update _tuning-your-cluster/availability-and-recovery/snapshots/snapshot-restore.md Co-authored-by: Nathan Bower <[email protected]> Signed-off-by: pjuri <[email protected]> --------- Signed-off-by: pjuri <[email protected]> Co-authored-by: kolchfa-aws <[email protected]> Co-authored-by: Nathan Bower <[email protected]> Signed-off-by: Eric Pugh <[email protected]>
Describe the bug
I’m running OpenSearch as part of Graylog Helm installation under Kubernetes. I’m trying to register a snapshot endpoint with MinIO. I’m following this document: https://opensearch.org/docs/latest/tuning-your-cluster/availability-and-recovery/snapshots/snapshot-restore/
When I try to register the repository with curl (using the REST API), I get "Connect timed out" error. Using tcpdump I can see that no connection to provided IP address is attempted. When I manually test the connection to MinIO with curl, it works. (I.e. it’s not a network issue.)
If I remove s3.client.default.endpoint setting, I can see OpenSearch connecting to Amazon servers. (Which is not what I want.)
I suspect this might be just a misconfiguration, but no matter what I try, I get the same results.
Related component
Plugins
To Reproduce
[opensearch@opensearch-cluster-master-0 ~]$ opensearch-keystore create
An opensearch keystore already exists. Overwrite? [y/N]y
Created opensearch keystore in /usr/share/opensearch/config/opensearch.keystore
[opensearch@opensearch-cluster-master-0 ~]$ opensearch-keystore add s3.client.default.access_key
Enter value for s3.client.default.access_key:
[opensearch@opensearch-cluster-master-0 ~]$ opensearch-keystore add s3.client.default.secret_key
Enter value for s3.client.default.secret_key:
[opensearch@opensearch-cluster-master-0 ~]$ grep s3.client.default config/opensearch.yml
s3.client.default.protocol: "http"
s3.client.default.endpoint: "http://1.2.3.4:9000/"
s3.client.default.path_style_access: "true"
Did steps above on all 3 cluster members.
[opensearch@opensearch-cluster-master-0 ~]$ curl -X POST "http://localhost:9200/_nodes/reload_secure_settings"
{"_nodes":{"total":3,"successful":3,"failed":0},"cluster_name":"opensearch-cluster","nodes":{"Ug2a4ZiqS_6sNDvKlFRNbg":{"name":"opensearch-cluster-master-2"},"zi7xQcAsT0WyPEXLozMEJQ":{"name":"opensearch-cluster-master-0"},"R6I3MgjqRrS85OjyIWHCaw":{"name":"opensearch-cluster-master-1"}}}[opensearch@opensearch-cluster-master-0 ~]$
[opensearch@opensearch-cluster-master-0 ~]$ curl -X PUT "http://localhost:9200/_snapshot/minio-repo?pretty" -H 'Content-Type: application/json' -d '
tcpdump shows no traffic to MinIO
Test if the Minio endpoint is reachable:
[opensearch@opensearch-cluster-master-0 ~]$ curl http://1.2.3.4:9000/
AccessDenied
Access Denied./minio17FE44A7FEAD5E72dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8[opensearch@opensearch-cluster-master-0 ~]$tcpdump shows connection with MinIO was established
Expected behavior
Snapshot endpoint should be successfully registered, allowing me to make snapshots and recoveries.
Additional Details
Plugins
plugins:
enabled: true
installList:
- repository-s3
Host/Environment (please complete the following information):
Additional context
Kubernetes: v1.28.14
Containerd: 1.7.2-0ubuntu1~22.04.1
Docker image: opensearchproject/opensearch:2.4.0
Helm chart: graylog-2.3.10 - uses https://artifacthub.io/packages/helm/opensearch-project-helm-charts/opensearch
The text was updated successfully, but these errors were encountered: