Open benqua opened 2 years ago
Hi @benqua
The environment variable MINIO_ENABLE_HTTPS
isn't going to rewrite your endpoint to be http or https - it's simply instructing the minio provider to expect ssl requests or not - under the hood, it's actually mapping to the following:
minioAdmin, err := madmin.New(config.S3HostPort, config.S3UserAccess, config.S3UserSecret, config.S3SSL)
where the config.S3SSL
variable is a true
or false
based on what you are setting the environment to. There is no logic to rewrite the S3HostPort
based on the value of that parameter. So your endpoint must be configured correctly
What this parameter does do, is ensure that if the endpoint is https, that we don't try and make insecure connections to it
I hope that helps?
Paul
Hi @stack72 , thank you for your answer.
Sorry, but I still don't get how to make sure the provider use https instead of http. The variable MINIO_ENDPOINT doesn't accept an url that specify the protocole. If I set MINIO_ENDPOINT=https://s3.pub1.infomaniak.cloud
instead of MINIO_ENDPOINT=s3.pub1.infomaniak.cloud
, I get another error, basically saying I shouldn't include the protocole (I don't have access to the code right now to give you the exact error). The S3HostPort (taken from MINIO_ENDPOINT
) doesn't include the protocole, right?
How should I instruct the provider to do a request on https://s3.pub1.infomaniak.cloud/mlflow-models/?location=
instead of http://s3.pub1.infomaniak.cloud/mlflow-models/?location=
? What do I miss?
Hi @benqua
I'm sorry for the incorrect information here - you are indeed correct. I am not 100% sure why this is causing you a problem. I went digging in the issues for the upstream provider and found the following
https://github.com/aminueza/terraform-provider-minio/issues/58
I am going to try and run a test and see what I can find out here. Is there any chance you'd need to supply a cert for the HTTPS request to be made (in the case of a self signed certificate or something)?
Paul
Yes, I saw the above link before opening the issue; it confirms my configuration looks good.
The error message shows that the provider is trying to make a request to an http (without ssl) url, so it likely doesn't have anything to do with the certificate. (Moreover, the url is the one of a public cloud provider).
My guess is that the environment variable MINIO_ENABLE_HTTPS
is somehow not correctly passed to the upstream provider or that the value it should have is not true
to activate https.
Hi @benqua
Please can you try 1 last thing - it may help me out here:
pulumi config set minio:minioSsl true
and then see if that works for you?
I want to try and identify if there's an issue with environment variables here
Paul
Sure, I will, however, I won't be able to do it before tonight (CET time).
I will also test bucket creation directly with the terraform provider.
Not a worry at all - take the time you need :) I want to work out the correct fix here
Ok, will do.
Just asking myself if there isn't a type mismatch: here the minioSsl is described as a boolean, while in the terraform github issue the word true
is a quoted string, not the unquoted true boolean value of terraform HCL. Not sure it is related to the issue, but it looks suspicious.
@stack72 I can confirm that it works with pulumi config set minio:minioSsl true
!
Ok, this is good news :) thank you for confirming! This gives me enough that I can fix up now
Great! Did you find a way to fix it?
Unfortunately, it looks like this issue hasn't seen any updates in a while. If you're still encountering this problem, could you leave a quick comment to let us know so we can prioritize it? (Commenting will bump it back into our triage queue.)
What happened?
When trying to create a s3 bucket with an https endpoint, the variable MINIO_ENABLE_HTTPS is not taking into account and the provider try to access the endpoint with http.
Steps to reproduce
With
and
I get:
* [FATAL] Unable to check bucket (mlflow-models): Get "http://s3.pub1.infomaniak.cloud/mlflow-models/?location=": dial tcp 185.125.25.50:80: connect: connection refused
Expected Behavior
Because MINIO_ENABLE_HTTPS is set to true, the request should be done on
"https://s3.pub1.infomaniak.cloud/mlflow-models/?location="
(https instead of http)Actual Behavior
http is used instead of https.
Versions used
CLI
Version 3.33.2 Go Version go1.17.10 Go Compiler gc
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).