s3 filestore: Failed to check if bucket exists.

[esn89]

./artifactory.log:1027:2018-10-05 13:47:31,586 [art-init] [WARN ] (o.a.a.f.t.j.s.S3JetS3tBinaryProvider:444) - Failed to check if bucket exist, bucket my-bucket. Service Error Message.

Hi, I am getting this message when I try to use S3 as a filestore.

Here is my binarystore.xml:

<config version="2">
  <chain>
    <provider id="cache-fs-eventual-s3" type="cache-fs">
       <provider id="sharding-cluster-eventual-s3" type="sharding-cluster">
           <sub-provider id="eventual-cluster-s3" type="eventual-cluster">
           <provider id="retry-s3" type="retry">
               <provider id="s3" type="s3"/>
           </provider>
           </sub-provider>
           <dynamic-provider id="remote-s3" type="remote"/>
       </provider>
    </provider>
  </chain>

  <provider id="cache-fs-eventual-s3" type="cache-fs">
        <maxCacheSize>100000000000</maxCacheSize>
        <cacheProviderDir>cache</cacheProviderDir>
  </provider>

  <provider id="sharding-cluster-eventual-s3" type="sharding-cluster">
      <readBehavior>crossNetworkStrategy</readBehavior>
      <writeBehavior>crossNetworkStrategy</writeBehavior>
      <redundancy>1</redundancy>
      <property name="zones" value="local,remote"/>
  </provider>

  <provider id="eventual-cluster-s3" type="eventual-cluster">
      <zone>local</zone>
  </provider>

  <provider id="retry-s3" type="retry">
      <maxTrys>10</maxTrys>
  </provider>
  <provider id="s3" type="s3">
         <roleName>instance-profilerole</roleName>
         <endpoint>https://s3.eu-central-1.amazonaws.com</endpoint>
         <bucketName>my-bucket</bucketName>
         <httpsOnly>true</httpsOnly>
         <httpsPort>443</httpsPort>
         <refreshCredentials>true</refreshCredentials>
         <property name="s3service.server-side-encryption" value="aws:kms"></property>
     </provider>

  <provider id="remote-s3" type="remote">
     <zone>remote</zone>
  </provider>
</config>

I have checked that my instance profile has access to the bucket. It seems to be able to connect, but it doesn't seem to write a test object into it.

Some assistance would be nice

THanks in advance

[matankatz]

To test if bucket exists requires specific permissions which are not relevant for read and write procedure. If you want to bypass the existence check of the bucket, you can use the following attribute: testConnection=false

<provider id="s3" type="s3">
         <roleName>instance-profilerole</roleName>
         <endpoint>https://s3.eu-central-1.amazonaws.com</endpoint>
         <bucketName>my-bucket</bucketName>
         <httpsOnly>true</httpsOnly>
         <httpsPort>443</httpsPort>
         <refreshCredentials>true</refreshCredentials>
         <property name="s3service.server-side-encryption" value="aws:kms"></property>
         <testConnection>false</testConnection>
</provider>

Good luck.

[esn89]

Thanks @matankatz

This leaves me with a few more questions: 1) How can I tell if my Artifactory install has access to s3? 2) When it cannot test a connection to s3, does that mean my Artifactory will have no Cloud Store? 3) Do you happen to know what those s3 permissions? At the moment, I am giving it all permissions like so:

s3:*

Best regards

[matankatz]

1. If you are not using the test connection phase, then you can just start Artifactory and upload a file for testing, and verify it does not exist in your eventual data folder in your local filesystem. However, The optimal way to verify it works is to look in the bucket itself for the file, which will be its sha1.
2. No, The test connection is just another verification step. It can work also when the testConnection fails (Due to lack of permissions).
3. I'm not sure what are the minimal required permission.

For further assistance you can contact support@jfrog.com.

[eldada]

@esn89 - since this issue is not relate to the docker examples, I'll close this. As suggested by @matankatz, continue this if needed with JFrog support (support@jfrog.com).