Hi, I have an LCM question
I would like to use th...
# gooddata-platformp
Philippe Hébert
05/04/2022, 4:01 PMHi, I have an LCM question
I would like to use the release brick to release my development master workspace from my dev domain to the test and production domains.
I am executing the brick using a domain admin email (shared across all domains, albeit with a different password across all domains).
Unfortunately when I execute the brick, I get the following error:
Error during k8s execution: 403 Forbidden: Can be accessed only by domain admin request_id: 6272a0afecab9d5a357afa68lj2D7nyA4D3zDNrVpdjrQQG8qlEHxW7I-Slfnca_nEfw:KWoY2TG8RUGEBDGwHow can I solve this issue? Configuration of the brick in thread >>>
✅ 1
Philippe Hébert
05/04/2022, 4:02 PMConfiguration:
Copy code
{
"gd_encoded_params": {
"segments": [
{
"segment_id": "segment_dso_default",
"development_pid": "{{development_pid}}",
"driver": "pg",
"master_name": "002 Master - DSO (Default) ##{version}"
}
],
"tokens": {
"pg": "{{token}}_TEST"
},
"technical_users": [
"<mailto:me@example.com|me@example.com>",
"<mailto:someone@example.com|someone@example.com>"
]
},
"data_product": "dataproduct_dso",
"organization": "company-test"
}m
Michal Hauzírek
05/04/2022, 4:14 PMHi Philippe, just to confirm - are you executing the release brick from the domain where you want to release to? For example from TEST or PROD domain? Under the requestID you provided, I can see that it was calling APIs under the user who belongs to the votresucces-dev domain.
Please note that users in different domains even if they have the same login (and even password) are still different users. And user from domain A can not access resources in domain B.
The proper way to do a release to your TEST domain from your DEV domain is this:
• have a development workspace in the DEV domain
• have a service workspace with release & rollout brick in the TEST domain
◦ log in with your TEST domain admin
◦ make sure you have proper development_pid but also development_client set in the release brick
▪︎ development_client section serves to provide the release brick (which exists in your TEST domain) the hostname, login and password for your DEV domain
◦ execute the release in your TEST domain
◦ wait for it to finish, optionally check the newly created master
◦ execute the rollout brick in your TEST domain
✅ 1
p
Philippe Hébert
05/04/2022, 4:16 PMAh OK! I did not understand that I had to "pull" from dev to test, not "push" from dev to test
👍 1
Philippe Hébert
05/04/2022, 4:16 PMI'll correct the brick and reattempt release from test instead
🤞 1
m
Michal Hauzírek
05/04/2022, 4:19 PMYes, it is a bit counter-intuitive but it has some advantages:
• you are putting credentials to your lower environment into your higher environment and not vice versa
• if you had solition in multiple datacenters, you can have exactly the same setup on them and "pull" the release from the same source
p
Philippe Hébert
05/04/2022, 4:20 PMI figured the first reason was one of the reason why it was done this way
Philippe Hébert
05/04/2022, 4:20 PMm
Michal Hauzírek
05/04/2022, 4:21 PMyes, typo. I meant "solution" :-) sorry, tiny keyboard on a phone ;-)
👍 1
p
Philippe Hébert
05/04/2022, 4:22 PMAh OK, now that I re-read it it makes sense
Philippe Hébert
05/04/2022, 4:22 PMYou mean that multiple domains can pull from a single domain and be consistent
m
Michal Hauzírek
05/04/2022, 4:23 PMYes, exactly. And the setup (of the LCM bricks) in those domains can be the same - all pointing to the same DEV domain.
👍 1
p
Philippe Hébert
05/04/2022, 4:35 PMWonderful, that worked! Thanks Michal 🙂
🎉 1