Hi,

 

I have tried to do this twice now and can’t get it to work 100%. In my last attempt I have secondary zone correctly syncing:

 

sudo radosgw-admin sync status

          realm 2cc7226c-2cce-4b75-a719-97ba22756289 (prod)

      zonegroup 04702b5e-faa4-4110-9e98-6097f5e5e4b9 (us)

           zone ece9f510-e910-49be-a89f-7b1f47b3faf8 (zone2)

  metadata sync syncing

                full sync: 0/64 shards

                incremental sync: 64/64 shards

                metadata is caught up with master

      data sync source: 8f0e7a41-f71c-45e8-869a-9bfbadbcbf2c (zone1)

                        syncing

                        full sync: 0/128 shards

                        incremental sync: 128/128 shards

                        data is caught up with source

 

but master zone can’t sync from secondary:

 

sudo radosgw-admin sync status

          realm 2cc7226c-2cce-4b75-a719-97ba22756289 (prod)

      zonegroup 04702b5e-faa4-4110-9e98-6097f5e5e4b9 (us)

           zone 8f0e7a41-f71c-45e8-869a-9bfbadbcbf2c (zone1)

  metadata sync no sync (zone is master)

2019-08-06 16:43:36.228 7f059c7ab640  0 data sync zone:ece9f510 ERROR: failed to fetch datalog info

      data sync source: ece9f510-e910-49be-a89f-7b1f47b3faf8 (zone2)

                        failed to retrieve sync info: (13) Permission denied

 

I can see in our secondary rgw hosts that there is a 403 from master zone

 

2019-08-06 16:27:58.137 7ff3f3d30700  1 ====== req done req=0x7ff3f3d298d0 op status=0 http_status=403 latency=0s ======

2019-08-06 16:27:58.137 7ff3f3d30700  1 civetweb: 0x563d52f64000: 10.130.30.210 - - [06/Aug/2019:16:27:58 -0700] "GET /admin/log?type=data&rgwx-zonegroup=04702b5e-faa4-4110-9e98-6097f5e5e4b9 HTTP/1.1" 403 320 - -