Hi all, I have an Azure LakeFS installation and I want to do a zero copy import from Azure Data Lake Storage Gen2 storage account. I used `lakefs ingest`as per the documentation which ingested all files in my repo. However when I try to read them using from Azure Databricks using the s3a path I get a

Missing Credential Scope

error, which I guess comes from lakeFS not being able to authenticate to the storage account where the files actually are. The

ingest

command worked and could authenticate cause I set the Azure Storage Account key in the

AZURE_STORAGE_ACCESS_KEY

environment variable locally, but how can I make LakeFS authenticate later to read the files when I need them?

Hi @Miguel Rodríguez

If I upload a file and read it works fine

That’s helpful, thank you!

I guess I somehow need to tell LakeFS how to authenticate to my ADLS Gen2 but I don't see any way in the docs how to add the key to lakeFS (only the key to the underlying Azure Storage but that's a different account and I can't seem to set 2 keys there) LMK if I can share any more info to help @Iddo Avneri

@Miguel Rodríguez Can you try

lakectl import

command instead of

lakectl ingest

? As per documentation:

The lakectl cli supports import and ingest commands to import objects from an external source.

• The import command acts the same as the UI import wizard. It imports (zero copy) and commits the changes on _<branch_name>_imported branch with an optional flag to also merge the changes to <branch_name>. • The Ingest is listing the source bucket (and optional prefix) from the client, and creating pointers to the returned objects in lakeFS. The objects will be staged on the branch.

I get an authentication error on

lakectl import

because the storage account I want to import from is different from my LakeFS underlying storage account

That’s a great idea @Amit Kesarwani. I think one way or another we will need to grant access to read from these files to the lakeFS account… @Miguel Rodríguez - let us look into this and update you.

Thank you @Iddo Avneri and @Amit Kesarwani, looking forward for your reply I also tried installing LakeFS in the same storage account where I need to import data from, but I had problems because hierarchical namespace is not supported in LakeFS underlying storage. I opened an issue in GitHub so that you can please document this for future people installing LakeFS in Azure https://github.com/treeverse/lakeFS/issues/4931

Thank you for the context @Miguel Rodríguez let us consult and get back to you.

@Miguel Rodríguez I am using hierarchical namespace (a.k.a. ADLS Gen2) for my setup and it works fine. Would you like to get on the call with me to resolve this issue? It you can’t then I will send the instructions.

@Miguel Rodríguez I replied to the issue you've opened. Please note that the error you are receiving comes from the azure blob storage and not from lakeFS. The feature you were trying to use is not supported in HNS mode: https://learn.microsoft.com/en-us/azure/storage/blobs/storage-feature-support-in-storage-accounts

Thank you @Amit Kesarwani, I did what you mentioned to install LakeFS in ADLS Gen2 but I got the error mentioned in the Github issue when trying to write multiple large files with Spark. I'm happy to jump into a call today to discuss today or one of these days if you have the time. @Niro I replied to the issue too, please note I'm not using the Blob Tag feature myself, it's probably the LakeFS installation trying to use it

@Miguel Rodríguez Will today 10am PST work for you? If not then please schedule a call with me: https://calendly.com/d/dmv-xcy-6zr/meeting-with-amit-iddo

Yeah @Amit Kesarwani that time is good! See you in 30 min then. You have my email already you can send it there 🙂

@Miguel Rodríguez I sent you the meeting invite to your Gmail address. If you didn’t receive it then here is the Zoom link for the call at 10am PST: https://us02web.zoom.us/j/84503853423?pwd=UjRDem5QNGUwbVNwU3RIWlpycEp4UT09