Closed tomcrane closed 5 years ago
The bagger seems to be working as expected in the new account.
@tomcrane I'm going to close this, as we might need to revisit exactly where access copies are vs archive copies. Will keep you updated. I'm hoping we can work out a way to do it without having to change DLCS.
There is a mixture of different objects in bagger buckets created by different accounts. We should start again with migration related-data written and read by just one account, as it makes it difficult to report on progress.
~
platform/temp-bagit-drop-test
~ =>storage/bagger-drop
~platform/temp-bagit-drop-test-mets-only
~ =>storage/bagger-drop-mets-only
~platform/temp-bagit-drop-test-errors
~ =>storage/bagger-errors
done in: https://github.com/wellcometrust/platform/pull/3236 https://github.com/wellcometrust/storage-service/pull/8
There's a storage account called
dds
that is used for ad hoc Python migration testing, batch enqueuing of bagging instructions, collecting data about current state of migration per bnumber and writing it to a DynamoDB table. The DDS application also uses this account.platform/wellcomecollection-assets-workingstorage
) where it is, as it's too big to movestorage/dds
account needs to read and listplatform/wellcomecollection-assets-workingstorage
storage/storage-migration-status
in the storage account to replaceplatform/storage-migration-status table
Applications that use the storage account
bagger
The bagger ECS task, and the
storage/dds
user:platform/wellcomecollection-assets-workingstorage
storage/bagger-drop
storage/bagger-drop-mets-only
storage/bagger-errors
dds/storage
needs to read from queuestorage/storageNNNNNN_bagger
Even after this change the bagger works across 2 wellcomecollection estates, the dlcs estate and the systemstrategy estate, but there's no way round that for now.
Local enqueue is used to manually start bagging batches:
dds/storage
needs to enqueue queuestorage/storageNNNNNN_bagger
Error reporter runs as
storage/dds
so gets the permissions above, it uses a subset of what's required above.Migration tools runs as
storage/dds
so gets the permissions above, but also means:storage/dds
needs to read from and write to new dynamoDB tablestorage/storage-migration-status
DDS (.NET)
storage/dds
needs to read from the access location bucket reported in the storage manifest.Plan
This shouldn't take very long, it's just testing that permissions are all working in the right places.
Then... Let rip, and revert to plan in https://github.com/wellcometrust/platform/issues/2789