I have been trying to create two virtual test clusters to learn about the RGW multisite setting. So far, I have set up two small Nautilus (v.14.2.16) clusters, designated one of them as the "master zone site" and followed every step outlined in the doc ( https://docs.ceph.com/en/nautilus/radosgw/multisite/), including create a system user, updating the period, and restarting the rgw daemon. (For the sake of simplicity, there is only one RGW daemon running on each site.) Once I installed the RGW daemon on the secondary zone site, I tried pulling the realm from the master zone cluster, but ended up with this: ``` $ radosgw-admin realm pull --url=http://<master zone gateway>:80 --access-key=<system_access_key> --secret=<system_secret_key> request failed: (13) Permission denied If the realm has been changed on the master zone, the master zone's gateway may need to be restarted to recognize this user. ``` I tried adding the --rgw-realm=<realm set up in the primary site>, but the result was the same. I restarted the rgw daemon on both sides -- that did not help, either. The output of all of the following on the master zone side, as far as I could tell, seems correct -- the realm, zonegroup, zone I created are the only ones and set to default. ``` radosgw-admin zone/zonegroup/realm list radosgw-admin zone/zonegroup/realm get ``` On the "master zone" side, the rgw log shows ``` 2021-01-22 13:34:48.404 7fb9ca89e700 1 ====== starting new request req=0x7fb9ca897740 ===== 2021-01-22 13:34:48.428 7fb9ca89e700 1 ====== req done req=0x7fb9ca897740 op status=0 http_status=403 latency=0.0240002s ====== 2021-01-22 13:34:48.428 7fb9ca89e700 1 civetweb: 0x559d6509a000: 10.33.30.55 - - [22/Jan/2021:13:34:48 -0500] "GET /admin/realm HTTP/1.1" 403 318 - - ``` I am using Ubuntu 18.04, Ceph v.14.2.16, deployed using `ceph-deploy`. *Mami Hayashida* *Research Computing Associate* Univ. of Kentucky ITS Research Computing Infrastructure _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx