We have a pretty old bug that Copr download statistics lie. There's some problem on our side, but we delayed the fix because we moved to AWS CDN, and the download statistics can not nowadays be easily calculated only on the copr-backend side...
I think that @kevin (with @msuchy's on-call) created the CDN distribution for Copr.
According to the documentation, we should be able to analyze statistics: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cache-statistics.html
I'd like to experiment a bit with the statistics API, and perhaps fix the statistics calculator... Though I face this error:
Failed to load distributions: User: arn:aws:sts::125523088429:assumed-role/aws-copr/praiskup is not authorized to perform: cloudfront:ListDistributions because no identity-based policy allows the cloudfront:ListDistributions action
Honestly, I don't know what permissions are needed to "read" the info about the distribution, and what permissions are needed to access the statistics. All I found is these docs.
Could anyone help us to configure the account?
Note there's also #10264 so we can handle these two issues together (at least if video or a real-time IRC chat is needed).
@mobrien can you look at this one? :)
Metadata Update from @zlopez: - Issue assigned to mobrien - Issue tagged with: aws, low-gain, low-trouble, ops
Metadata Update from @mohanboddu: - Issue priority set to: Waiting on Assignee (was: Needs Review)
Already working for us, now we have to implement the log parser (and dispose the data in s3 bucket): https://pagure.io/copr/copr/issue/1263
Metadata Update from @praiskup: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Thanks a lot, @mobrien !
Already working for us
I can see the s3 buckets and all their files in the AWS web UI, but CLI causing is me some troubles. There is possibly an error on my side but ...
$ aws s3 ls An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied
$ aws s3 ls s3://fedora-copr An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied
Even though I have a token
$ aws ec2 describe-instances $ echo $? 0
Is it possible that the token for Copr is missing some permissions?
Metadata Update from @mobrien: - Issue status updated to: Open (was: Closed)
@frostyx the cli permissions are separate to the web UI permissions as they are accessed using different creds, I will have a look at this and update the perms for you.
I just need to confirm the user you are using for the cli. The error should output an arn containing a username or short of that if you tell me the last 4 chars of your Access key that will do.
Okay, thank you very much @mobrien
I added permissions to the copr IAM user to access the S3 bucket, also added an acl rule to the S3 bucket itself to allow access to that user
Metadata Update from @mobrien: - Issue close_status updated to: Fixed with Explanation - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.