AWS credentials required in the new AWS Discovery using SPI mode #29
Comments
ghost
self-assigned this
|
Thanks @thurber, we are on it. |
|
I had to be honest, although Hazelcast offers a great architecture design to my application, it have turned my life into a nightmare. Most of time I really can't trust the documentation you guys write. Other times stuffs just stop to work... |
* fixes for hazelcast-aws Github issues #29 and #22 * fixes for checkstyle errors * fixes for checkstyle errors * extended strategy factory tests * removed Configuration to AwsConfig * Configuration fixes, we now allow w/out any creds, or iam-role defined in config file. * missing default value for timeout added
|
Documentation is correct, "access-key", "secret-key", "iam-role" are optional. This is a bug introduced while implementing Discovery SPI hazelcast-aws. @thurber Thanks for reporting, it'd be appreciated if you could give a try to 2.0.2-SNAPSHOT |
|
Thanks for the update @emrahkocaman! Unfortunately my instances can no longer discover each other with the 2.0.2-SNAPSHOT provided above, regardless of including the settings or not (although I no longer receive errors for omitting them). For reference, here's the relevant piece of my config xml that worked with 2.0.1: ...
<join>
<tcp-ip enabled="false"></tcp-ip>
<multicast enabled="false"/>
<aws enabled="false" />
<discovery-strategies>
<discovery-strategy enabled="true" class="com.hazelcast.aws.AwsDiscoveryStrategy">
<properties>
<property name="access-key">not-needed</property>
<property name="secret-key">not-needed</property>
<property name="iam-role">aws-elasticbeanstalk-ec2-role</property>
<property name="region">us-west-2</property>
<property name="tag-key">my-tag-key</property>
<property name="tag-value">my-tag-value</property>
</properties>
</discovery-strategy>
</discovery-strategies>
</join>
...With 2.0.2-SNAPSHOT, I tried:
I did not try:
|
|
@thurber Hi, Could you please share hazelcast logs on each EC2 instances? |
|
Sure thing, see below for four log files -- two from instances in the working case with 2.0.1, and two from instances in the non-working case with 2.0.2-Snapshot. Let me know if I should set a more informative logging level. Also note that the application is running inside a docker container on each instance. Non-Working Case (2.0.2-SNAPSHOT): Instance 2: Working Case (2.0.1): Instance 2 |
|
@thurber Hi, Is there any specific reason to use directly Docker on EC2 host rather than AWS ECS? Moreover, is it possible to check below items on your environment? <interfaces enabled="true">
<interface>10.0.*.*</interface>
</interfaces>Please note that 3] Please make sure that 2.0.2-SNAPSHOT is accessible with or you can check here please let us know, if further help or support is required. thanks in advance. |
|
@lazerion Ack sorry about that, noob mistake: I wasn't setting the snapshot jar into the classpath correctly. It works like a charm now, thanks! I am able to avoid needing |
|
Hi! When do you plan to release 2.0.2? Thanks! |
|
Hi @destebanm , |
|
Thanks for the info @mesutcelik |
The documentation implies that the "access-key", "secret-key", and "iam-role" properties are optional and that Hazelcast can fallback to using the role and credentials assigned to the EC2 instance. This would be ideal so that I do not need to hardcode these values into my hazelcast.xml.
However, when I try to run a hazelcast cluster without these properties, startup will fail with an error stating that "access-key" property is required, or that "access-key" property cannot be blank.
Is there a way I can omit these configurations, or are they actually required?
Thanks for your help!
The text was updated successfully, but these errors were encountered: