Alexander Reinthal
03/11/2023, 10:43 PMsudo docker run \
--name lakefs \
-p 80:8000 \
-e LAKEFS_DATABASE_TYPE="postgres" \
-e LAKEFS_DATABASE_POSTGRES_CONNECTION_STRING=$LAKEFS_DATABASE_POSTGRES_CONNECTION_STRING \
-e LAKEFS_AUTH_ENCRYPT_SECRET_KEY=$LAKEFS_AUTH_ENCRYPT_SECRET_KEY \
-e LAKEFS_BLOCKSTORE_TYPE="azure" \
-e LAKEFS_BLOCKSTORE_AZURE_STORAGE_ACCOUNT=$LAKEFS_BLOCKSTORE_AZURE_STORAGE_ACCOUNT \
-e LAKEFS_BLOCKSTORE_AZURE_STORAGE_ACCESS_KEY=$LAKEFS_BLOCKSTORE_AZURE_STORAGE_ACCESS_KEY \
and I get the following error
time="2023-03-11T22:41:44Z" level=error msg="failed to get azure blob from container &{%!s(*generated.ContainerClient=&{<https://lakefs11673f4e.blob.core.windows.net/mds> {[0x1400120 0xc008045c00 0xc0080b01c0 0xc008077770 0xc00804ff38 0x13ffda0 0x13ffaa0 {0xc000159350}]}}) %!s(*exported.SharedKeyCredential=<nil>)} key &{%!s(*generated.BlobClient=&{<https://lakefs11673f4e.blob.core.windows.net/mds/dummy> {[0x1400120 0xc008045c00 0xc0080b01c0 0xc008077770 0xc00804ff38 0x13ffda0 0x13ffaa0 {0xc000159350}]}}) %!s(*generated.BlockBlobClient=&{<https://lakefs11673f4e.blob.core.windows.net/mds/dummy> {[0x1400120 0xc008045c00 0xc0080b01c0 0xc008077770 0xc00804ff38 0x13ffda0 0x13ffaa0 {0xc000159350}]}}) %!s(*exported.SharedKeyCredential=<nil>)}" func="pkg/logging.(*logrusEntryWrapper).Errorf" file="build/pkg/logging/logger.go:262" error="DefaultAzureCredential: failed to acquire a token.\nAttempted credentials:\n\tEnvironmentCredential: missing environment variable AZURE_TENANT_ID\n\tManagedIdentityCredential: no default identity is assigned to this resource\n\tAzureCLICredential: Azure CLI not found on path" host=68.219.229.172 method=POST operation_id=CreateRepository path=/api/v1/repositories request_id=94bca5e0-f1e3-49e0-ab44-20313230bbdf service_name=rest_api user=alex
time="2023-03-11T22:41:44Z" level=warning msg="Could not access storage namespace" func="pkg/api.(*Controller).CreateRepository" file="build/pkg/api/controller.go:1406" error="DefaultAzureCredential: failed to acquire a token.\nAttempted credentials:\n\tEnvironmentCredential: missing environment variable AZURE_TENANT_ID\n\tManagedIdentityCredential: no default identity is assigned to this resource\n\tAzureCLICredential: Azure CLI not found on path" reason=unknown service=api_gateway storage_namespace="<https://lakefs11673f4e.blob.core.windows.net/mds>"
Reading the above, it looks like lakefs tries to use my storage access key, then fails and tries to fall back on Service principal credentials.
I verified that shared key works using python. What should I do?Guy Hardonag
03/11/2023, 11:00 PMAlexander Reinthal
03/11/2023, 11:01 PMimport os
import os, uuid
from azure.identity import DefaultAzureCredential
from azure.storage.blob import BlobServiceClient, BlobClient, ContainerClient
# Create a local directory to hold blob data
local_path = "./data"
os.mkdir(local_path)
# Create a file in the local data directory to upload and download
local_file_name = str(uuid.uuid4()) + ".txt"
upload_file_path = os.path.join(local_path, local_file_name)
# Write text to the file
file = open(file=upload_file_path, mode='w')
file.write("Hello, World!")
file.close()
blob_service_client = BlobServiceClient(os.environ["LAKEFS_BLOCKSTORE_AZURE_STORAGE_ACCOUNT"], credential=os.environ["LAKEFS_BLOCKSTORE_AZURE_STORAGE_ACCESS_KEY"])
# Create a blob client using the local file name as the name for the blob
blob_client = blob_service_client.get_blob_client(container='mds', blob=local_file_name)
print("\nUploading to Azure Storage as blob:\n\t" + local_file_name)
# Upload the created file
with open(file=upload_file_path, mode="rb") as data:
blob_client.upload_blob(data)
Guy Hardonag
03/11/2023, 11:08 PMAlexander Reinthal
03/11/2023, 11:16 PMsudo docker exec -it lakefs sh
~ $ env
LAKEFS_BLOCKSTORE_TYPE=azure
LAKEFS_DATABASE_TYPE=postgres
HOSTNAME=22de2fd23000
SHLVL=1
HOME=/home/lakefs
LAKEFS_DATABASE_POSTGRES_CONNECTION_STRING=<postgres://madonna>:<REDACTED>@siversky-server.postgres.database.azure.com/postgres?sslmode=require
TERM=xterm
PATH=/app:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
LAKEFS_AUTH_ENCRYPT_SECRET_KEY=<REDACTED>
LAKEFS_BLOCKSTORE_AZURE_STORAGE_ACCOUNT=<https://lakefs11673f4e.blob.core.windows.net/>
PWD=/home/lakefs
LAKEFS_BLOCKSTORE_AZURE_STORAGE_ACCESS_KEY=<REDACTED>
Guy Hardonag
03/11/2023, 11:18 PMAlexander Reinthal
03/11/2023, 11:57 PMGuy Hardonag
03/12/2023, 5:45 PMLAKEFS_BLOCKSTORE_AZURE_STORAGE_ACCOUNT
should get only the name of the storage account and the full URL
Please try using
LAKEFS_BLOCKSTORE_AZURE_STORAGE_ACCOUNT=lakefs11673f4e
Alexander Reinthal
03/12/2023, 8:53 PMLAKEFS_BLOCKSTORE_AZURE_STORAGE_ACCOUNT=<http://lakefs11673f4e.blob.core.windows.net|lakefs11673f4e.blob.core.windows.net>
but got the same error! With only lakefs11673f4e it works! Thank you so much! made my day!Guy Hardonag
03/12/2023, 8:58 PM