This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2021-03-14
Channels
- # announcements (2)
- # babashka (7)
- # beginners (20)
- # calva (2)
- # clj-kondo (7)
- # clojure (31)
- # clojure-australia (3)
- # clojure-dev (10)
- # clojure-europe (7)
- # clojurescript (13)
- # conjure (1)
- # cursive (27)
- # datomic (168)
- # events (3)
- # fulcro (2)
- # garden (3)
- # honeysql (2)
- # jobs (1)
- # joker (1)
- # lsp (52)
- # releases (1)
- # shadow-cljs (11)
- # slack-help (4)
- # spacemacs (22)
- # sql (1)
I tried the following code to create a datomic database and connect to it:
(let [cfg (-> env :datomic-cfg)
client (d/client cfg)]
(do
(d/create-database
client
{:db-name "humboi-march-2021"})
(d/connect client {:db-name "humboi-march-2021"})))
However, I’m getting the following error:
Execution error (ExceptionInfo) at (pro.clj:72).
Invalid connection config: {:server-type :peer-server, :access-key "key-0680cb34675d5fd59", :secret "<ELIDED>", :endpoint "", :validate-hostnames false}
How to fix this?That's not a valid access key
Also, is the secret the same key that we have in the pem file downloaded when we create the aws key? My secret looks like this:
-----BEGIN RSA PRIVATE KEY-----
utv686t3q48by7q03gr7y...
-----END RSA PRIVATE KEY-----
Hey - so this has probably been asked before - but I cannot find a decent answer. How would someone approach a multi-tenant system with Datomic?
Is there a way to make it fairly safe against errors, for example, adding a tenant attribute to every entity sounds nice and easy - but how would you enforce that every query filters on that key?
ie some sort of way of automatically adding that filter to every query/pull.
or is there a different/more idiomatic way of doing this?
Make separate databases?
Would that scale for a SaaS like application? I know in the Postgres world there is a choice between a schema per tenant vs a shared schema + tenant keys. I wondered what that looked like with Datomic
So in the small scale (10s 100s?) or clients - I guess 1 DB per client would work. Would that scale to 1000s with Datomic?
Probably beyond my ability to answer, certainly people are doing this at the 10s or 100s scale. Maybe ask at https://ask.datomic.com ?
Ok, thanks!
@ps are you trying to use datomic cloud? It looks like are using the non-cloud datomic pro client.
@joe.lane yes I’m trying to use datomic cloud
Ok. You definitely have the wrong client dependency. How far have you gotten through the cloud setup docs?
@joe.lane I’m not sure what cloud setup docs you’re referring to
I’m looking at this currently: https://docs.datomic.com/cloud/getting-started/get-connected.html
this has the same require as I have: https://docs.datomic.com/cloud/tutorial/client.html
(require '[datomic.client.api :as d])
Actually, I have two datomic dependencies:
[com.datomic/client-cloud "0.8.105"]
[com.datomic/client-pro "0.9.63"]
@joe.lane Now I’m getting the following error:
Execution error (FileNotFoundException) at datomic.client.api.impl/serialized-require* (impl.clj:16).
Could not locate datomic/client/impl/pro__init.class, datomic/client/impl/pro.clj or datomic/client/impl/pro.cljc on classpath.
user>
You’re using lein? Are you using another dep that depends on client-pro? Can you show all your deps?
Yes I’m using lein with cider.
:dependencies [[ch.qos.logback/logback-classic "1.2.3"]
[cheshire "5.10.0"]
[clojure.java-time "0.3.2"]
[com.google.guava/guava "27.0.1-jre"]
[com.novemberain/monger "3.1.0" :exclusions [com.google.guava/guava]]
[cprop "0.1.17"]
[expound "0.8.7"]
[funcool/struct "1.4.0"]
[luminus-aleph "0.1.6"]
[luminus-transit "0.1.2"]
[luminus/ring-ttl-session "0.3.3"]
[markdown-clj "1.10.5"]
[metosin/muuntaja "0.6.7"]
[metosin/reitit "0.5.10"]
[metosin/ring-http-response "0.9.1"]
[mount "0.1.16"]
[nrepl "0.8.3"]
[org.clojure/clojure "1.10.1"]
[org.clojure/tools.cli "1.0.194"]
[org.clojure/tools.logging "1.1.0"]
[org.webjars.npm/bulma "0.9.1"]
[org.webjars.npm/material-icons "0.3.1"]
[org.webjars/webjars-locator "0.40"]
[ring-webjars "0.2.0"]
[ring/ring-core "1.8.2"]
[ring/ring-defaults "0.3.2"]
[amazonica "0.3.153"]
[selmer "1.12.31"]
[com.datomic/client-cloud "0.8.105"]
;;[io.rkn/conformity "0.5.4"]
]
I'm... perplexed here. Are you starting a new project or migrating an existing one? FWIW, conformity depends on client-pro and does not work with client-cloud.
I have been working on this project for a while, but want to switch dbs, so added the datomic dependency
I suppose that means migrating?
I’m using #luminus and made some changes to it. It asked for a database string, but I used a map instead according to the docs
(defstate conn
:start (let [cfg (-> env :datomic-cfg)
client (d/client cfg)]
(do
(d/create-database
client
{:db-name "humboi-march-2021"})
(d/connect client {:db-name "humboi-march-2021"})))
:stop (-> conn .release))
when I start the server (start) I see the error
{:server-type :peer-server
:access-key "key-0680cb34675d5fd59"
:secret "-----BEGIN RSA PRIVATE KEY-----
oashfouhnHIOUNHFIOUHNFOIHU...
-----END RSA PRIVATE KEY-----"
:endpoint ""
:validate-hostnames false
}
Great, we've found our first problem! You're not running a peer when you use client-cloud, therefore that configuration map should changed. Before we do that though let's back up a bit.
You sent me https://docs.datomic.com/cloud/getting-started/get-connected.html, have you already gone through "Start a system" and "Configure Access"? If so, can you now connect to your access gateway?
I have started a system but not configured access
Ok, you should do that now and, in general, follow these steps in order https://docs.datomic.com/cloud/getting-started/getting-started.html
I have already done “Allow Inbound Traffic to the Access Gateway”
I saw that yesterday you hit https://clojurians.slack.com/archives/C03RZMDSH/p1615616996195200
but is authorizing datomic users necessary? Does one have to authorize oneself?
I created a new group and added this policy: datomic-admin-humboi-march-2021-us-east-1
but when I click on “add users to the group”, it’s empty. “No records found”
I tried refreshing. Still nothing. I don’t have any iam users associated with the account. It’s just the root. I think that’s why it doesn’t show any users.
so I created a user and added it to the group
so now I have both: • https://docs.datomic.com/cloud/getting-started/start-system.html • https://docs.datomic.com/cloud/getting-started/configure-access.html
When I run:
./datomic client access humboi-march-2021
I get:
Execution error (ExceptionInfo) at datomic.tools.ops.aws/invoke! (aws.clj:83).
AWS Error: Unable to fetch region.
okay I had to run aws configure and add the credentials
Now when I run
./datomic client access humboi-march-2021
I get
Execution error at datomic.tools.ops.aws/get-bucket (aws.clj:110).
Error finding S3 bucket for humboi-march-2021
yes added the credentials of the newly created user
btw, aws sts get-caller-identity { “UserId”: “AIDASILWYFNXUHRANK2XQ”, “Account”: “155404741487", “Arn”: “arn:aws:iam::155404741487:user/prit” }
the new user
I don’t know
Ok, what are the contents of your ~/.aws/config
?
DO NOT SHARE ~/.aws/credentials
!!!
[default]
region = us-west-1
Look inside ~/.aws/credentials
and you should see similar [bracketed]
entries. Do not share the credentials of those entries, but can you type out the [bracketed]
profile names?
there’s only one:
[default]
And I think it’s the root
Ok. Here is what I think happened:
1. you were root with admin privileges.
2. You created a new user named prit
in the iam console.
3. You generated CLI access and secret keys for prit.
<-- Whether you did this or not is important for the next section.
4. You set up your AWS CLI for the first time, adding the original root
credentials under the default
profile.
I think you should:
1. Create a new entry in your ~/.aws/credentials
for [prit]
with the credentials created in step 3 above.
2. Create a matching entry in your ~/.aws/credentials
for [prit]
with region = us-west-1
. I'm assuming here that your datomic cloud system was created in us-west-1
, if not let me know.
3. Run ./datomic client access humboi-march-2021 -p prit -r us-west-1
and let me know the output.
it was created in us-east-1
if you plan to do all of your aws work in us-east-1
you will want to set the region for the prit
profile (and likely the default
profile) to us-east-1
.
Change ./datomic client access humboi-march-2021 -p prit -r us-west-1
to ./datomic client access humboi-march-2021 -p prit -r us-east-1
okay, I did that. And actually now upon double checking the [default] is already on the newly created iam user
there was no root
So I changed the region to us-east-1 in config
but upon running the command without the -p and -r tags, I get: Execution error (ExceptionInfo) at datomic.tools.ops.aws/invoke! (aws.clj:83). AWS Error: Unable to fetch region. Full report at: /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/clojure-8861423583993777330.edn
when I use the -r tag without the -p tag, I get “unable to fetch credentials”
it seems like the .aws files are being ignored by the aws cli
If you run env | grep AWS
(DO NOT SHARE) do you have values set for AWS_ACCESS_KEY
and AWS_SECRET_ACCESS_KEY
?
env | grep AWS
returns nothingI think you meant
printenv | grep AWS
which returns nothing
What does AWS_PROFILE=prit; AWS_REGION=us-east-1; aws sts get-caller-identity
return?
{
"UserId": "AIDASILWYFNXUHRANK2XQ",
"Account": "155404741487",
"Arn": "arn:aws:iam::155404741487:user/prit"
}
Wait, when you said
> but upon running the command without the -p and -r tags, I get:
> Execution error (ExceptionInfo) at datomic.tools.ops.aws/invoke! (aws.clj:83).
> AWS Error: Unable to fetch region.
You said without, and then you said
> when I use the -r tag without the -p tag, I get “unable to fetch credentials”
Did you actually run the command WITH -p
and -r
?
@joe.lane this seems to work:
datomic-cli % ./datomic client access humboi-march-2021 -p default -r us-east-1
I get:
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/prikshetsharma/.ssh/config
debug1: /Users/prikshetsharma/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to 54.91.147.158 [54.91.147.158] port 22.
debug1: Connection established.
debug1: identity file /Users/prikshetsharma/.ssh/datomic-us-east-1-humboi-march-2021-bastion type -1
debug1: identity file /Users/prikshetsharma/.ssh/datomic-us-east-1-humboi-march-2021-bastion-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to 54.91.147.158:22 as 'ec2-user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: MAC: <implicit> compression:
debug1: kex: client->server cipher: MAC: <implicit> compression:
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:lVFD0R8H5sJCJmNagoLws+7NTjwufeApnIj0nI40llk
debug1: Host '54.91.147.158' is known and matches the ECDSA host key.
debug1: Found key in /Users/prikshetsharma/.ssh/datomic-us-east-1-humboi-march-2021-bastion.hostkey:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /Users/prikshetsharma/.ssh/datomic-us-east-1-humboi-march-2021-bastion explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/prikshetsharma/.ssh/datomic-us-east-1-humboi-march-2021-bastion
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (publickey).
Authenticated to 54.91.147.158 ([54.91.147.158]:22).
debug1: Local connections to LOCALHOST:8182 forwarded to remote address socks:0
debug1: Local forwarding listening on ::1 port 8182.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 8182.
debug1: channel 1: new [port listener]
debug1: Requesting
debug1: Entering interactive session.
debug1: pledge: exec
debug1: client_input_global_request: rtype want_reply 0
{:s3-auth-path “humboi-march-2021-storagef7f305e7-1h3lt-s3datomic-1650q253gkqr1”}%
it looks like you completed the "cloud setup" section and should proceed to https://docs.datomic.com/cloud/tutorial/client.html
Now I get a different error upon starting the server:
Execution error (ExceptionInfo) at datomic.client.impl.cloud/get-s3-auth-path (cloud.clj:179).
Unable to connect to localhost:8182
I changed datomic-cfg to the following:
{
:server-type :ion
:region "us-east-1" ;; e.g. us-east-1
:system "humboi-march-2021"
:endpoint ""
:proxy-port 8182
}
I suppose that this means that the program will automatically look for the credentials in .aws folder
what if I’m running it on something like heroku? Do I have to create a .aws folder there too?
Now I get the following error:
Execution error (ExceptionInfo) at datomic.client.api.async/ares (async.clj:58).
Forbidden to read keyfile at . Make sure that your endpoint is correct, and that your ambient AWS credentials allow you to GetObject on the keyfile.
when running the server using
(start)
which I think would run the :start for this:
(defstate conn
:start (let [cfg (-> env :datomic-cfg)
client (d/client cfg)]
(do
(d/create-database
client
{:db-name "humboi-march-2021"})
(d/connect client {:db-name "humboi-march-2021"})))
:stop (-> conn .release))
do I have to attach another policy to the group?
it also prints a lot of debug logs
I’m not convinced your using your new user. Especially since you’re using default for the access gateway.
@joe.lane the default is the new user
I was wrong when I’d said that the default is root.
the new user’s access key id on the console is the same as the access key id under [default] in ~/.aws/credentials
@joe.lane that gives “nil”
However you set environment variables, set AWS_PROFILE=default
and AWS_REGION=us-east-1
and then try it again?
that still returns “nil”
but I’ve confirmed that the env vars are set with printenv | grep AWS
after setting the environment variable, I restarted the repl, and now I’m getting a longer exception:
Mar 14, 2021 10:05:07 PM com.amazonaws.internal.InstanceMetadataServiceResourceFetcher handleException
WARNING: Fail to retrieve token
com.amazonaws.SdkClientException: Failed to connect to service endpoint:
at com.amazonaws.internal.EC2ResourceFetcher.doReadResource(EC2ResourceFetcher.java:100)
at com.amazonaws.internal.InstanceMetadataServiceResourceFetcher.getToken(InstanceMetadataServiceResourceFetcher.java:91)
at com.amazonaws.internal.InstanceMetadataServiceResourceFetcher.readResource(InstanceMetadataServiceResourceFetcher.java:69)
at com.amazonaws.internal.EC2ResourceFetcher.readResource(EC2ResourceFetcher.java:66)
at com.amazonaws.auth.InstanceMetadataServiceCredentialsFetcher.getCredentialsEndpoint(InstanceMetadataServiceCredentialsFetcher.java:58)
at com.amazonaws.auth.InstanceMetadataServiceCredentialsFetcher.getCredentialsResponse(InstanceMetadataServiceCredentialsFetcher.java:46)
at com.amazonaws.auth.BaseCredentialsFetcher.fetchCredentials(BaseCredentialsFetcher.java:112)
at com.amazonaws.auth.BaseCredentialsFetcher.getCredentials(BaseCredentialsFetcher.java:68)
at com.amazonaws.auth.InstanceProfileCredentialsProvider.getCredentials(InstanceProfileCredentialsProvider.java:165)
at com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper.getCredentials(EC2ContainerCredentialsProviderWrapper.java:75)
at com.amazonaws.auth.AWSCredentialsProviderChain.getCredentials(AWSCredentialsProviderChain.java:117)
at com.amazonaws.services.s3.S3CredentialsProviderChain.getCredentials(S3CredentialsProviderChain.java:35)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.getCredentialsFromContext(AmazonHttpClient.java:1257)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.runBeforeRequestHandlers(AmazonHttpClient.java:833)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:783)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704)
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4247)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4194)
at com.amazonaws.services.s3.AmazonS3Client.getObject(AmazonS3Client.java:1398)
at cognitect.s3_creds.store$read_s3.invokeStatic(store.clj:39)
at cognitect.s3_creds.store$read_s3.invoke(store.clj:36)
at cognitect.s3_creds.store$get_val.invokeStatic(store.clj:72)
at cognitect.s3_creds.store$get_val.invoke(store.clj:65)
at cognitect.s3_creds.store.ReadStoreImpl$fn__37920.invoke(store.clj:127)
at clojure.core.async$thread_call$fn__15992.invoke(async.clj:484)
at clojure.lang.AFn.run(AFn.java:22)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.net.ConnectException: No route to host (connect failed)
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:606)
at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:242)
at sun.net.www.http.HttpClient.New(HttpClient.java:339)
at sun.net.www.http.HttpClient.New(HttpClient.java:357)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1226)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1205)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1056)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:990)
at com.amazonaws.internal.ConnectionUtils.connectToEndpoint(ConnectionUtils.java:52)
at com.amazonaws.internal.EC2ResourceFetcher.doReadResource(EC2ResourceFetcher.java:80)
... 33 more
Mar 14, 2021 10:05:07 PM com.amazonaws.internal.InstanceMetadataServiceResourceFetcher handleException
WARNING: Fail to retrieve token
com.amazonaws.SdkClientException: Failed to connect to service endpoint:
at com.amazonaws.internal.EC2ResourceFetcher.doReadResource(EC2ResourceFetcher.java:100)
at com.amazonaws.internal.InstanceMetadataServiceResourceFetcher.getToken(InstanceMetadataServiceResourceFetcher.java:91)
at com.amazonaws.internal.InstanceMetadataServiceResourceFetcher.readResource(InstanceMetadataServiceResourceFetcher.java:69)
at com.amazonaws.internal.EC2ResourceFetcher.readResource(EC2ResourceFetcher.java:66)
at com.amazonaws.auth.InstanceMetadataServiceCredentialsFetcher.getCredentialsEndpoint(InstanceMetadataServiceCredentialsFetcher.java:58)
at com.amazonaws.auth.InstanceMetadataServiceCredentialsFetcher.getCredentialsResponse(InstanceMetadataServiceCredentialsFetcher.java:46)
at com.amazonaws.auth.BaseCredentialsFetcher.fetchCredentials(BaseCredentialsFetcher.java:112)
at com.amazonaws.auth.BaseCredentialsFetcher.getCredentials(BaseCredentialsFetcher.java:68)
at com.amazonaws.auth.InstanceProfileCredentialsProvider.getCredentials(InstanceProfileCredentialsProvider.java:165)
at com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper.getCredentials(EC2ContainerCredentialsProviderWrapper.java:75)
at com.amazonaws.auth.AWSCredentialsProviderChain.getCredentials(AWSCredentialsProviderChain.java:117)
at com.amazonaws.services.s3.S3CredentialsProviderChain.getCredentials(S3CredentialsProviderChain.java:35)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.getCredentialsFromContext(AmazonHttpClient.java:1257)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1278)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1145)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:802)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704)
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4247)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4194)
at com.amazonaws.services.s3.AmazonS3Client.getObject(AmazonS3Client.java:1398)
at cognitect.s3_creds.store$read_s3.invokeStatic(store.clj:39)
at cognitect.s3_creds.store$read_s3.invoke(store.clj:36)
at cognitect.s3_creds.store$get_val.invokeStatic(store.clj:72)
at cognitect.s3_creds.store$get_val.invoke(store.clj:65)
at cognitect.s3_creds.store.ReadStoreImpl$fn__37920.invoke(store.clj:127)
at clojure.core.async$thread_call$fn__15992.invoke(async.clj:484)
at clojure.lang.AFn.run(AFn.java:22)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.net.ConnectException: Host is down (connect failed)
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:606)
at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:242)
at sun.net.www.http.HttpClient.New(HttpClient.java:339)
at sun.net.www.http.HttpClient.New(HttpClient.java:357)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1226)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1205)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1056)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:990)
at com.amazonaws.internal.ConnectionUtils.connectToEndpoint(ConnectionUtils.java:52)
at com.amazonaws.internal.EC2ResourceFetcher.doReadResource(EC2ResourceFetcher.java:80)
... 34 more
Execution error (ExceptionInfo) at datomic.client.api.async/ares (async.clj:58).
Forbidden to read keyfile at . Make sure that your endpoint is correct, and that your ambient AWS credentials allow you to GetObject on the keyfile.
@joe.lane, I get the following:
2021-03-12 21:32:38 146 .keys
Ok. So that tells me your user has the ability to get the keys from s3 and that you are not using that user when you run your application.
lets go back to our /.aws/credentials and /.aws/config.
Create a new profile called [humboi]
and copy the [default]
credentials section to the new [humboi]
profile.
Similarly for the config file, copy [default]
to [humboi]
and make sure it's set to use the us-east-1
region.
Then, restart the access gateway with ./datomic client access humboi-march-2021 -p humboi -r us-east-1
And then change your client config map to
{
:server-type :ion
:region "us-east-1" ;; e.g. us-east-1
:system "humboi-march-2021"
:creds-profile "humboi"
:endpoint ""
:proxy-port 8182
}
This configuration will be SPECIFIC TO YOUR MACHINE and other users will need to have a different one. Also, when you deploy this, you will. need to remove that creds profile and use a different approach (we have docs on this).
@joe.lane I created [humboi] in config and credentials with the same data as the [default], ran ./datomic client access humboi-march-2021 -p humboi -r us-east-1, added :creds-profile “humboi”, restarted the repl and started the server with (start). However, I get the error:
Execution error (ExceptionInfo) at datomic.client.api.async/ares (async.clj:58). profile file cannot be null
also can you please share the link of the docs with deployment instructions?
I'd like you to:
1. clone this repo https://github.com/Datomic/ion-starter and cd into it
2. change this file in the repo to your config map https://github.com/Datomic/ion-starter/blob/master/resources/datomic/ion/starter/config.edn
3. FROM THE TERMINAL (no lein, no cider, no emacs, etc. Just plain clj
) copy-paste the forms in https://github.com/Datomic/ion-starter/blob/master/siderail/tutorial.repl one at a time up to Line 17.
4. Paste the output here.
This is an attempt at a minimal repro to help me understand whether the problem is with your IAM User/role/group or has something to do with your specific project.
@joe.lane Upon doing clj, I get: Error building classpath. Could not find artifact com.datomic:ion:jar:0.9.50 in central (https://repo1.maven.org/maven2/)
@joe.lane, after adding S3FullAccess to the group and running clj, I get the following error:
Error building classpath. Could not transfer artifact com.amazonaws:aws-java-sdk-kms:jar:1.11.210 from/to central ( ): Range Not Satisfiable (416)
That's... startling? https://repo1.maven.org/maven2/com/amazonaws/aws-java-sdk-kms/1.11.210/
i don’t know
I'm not sure why you wouldn't have been able to download that aws jar from maven central ¯\(ツ)/¯
That error is indicating a bad or unfulfillable maven version range somewhere
This specific lib error feels familiar
I’m trying to update clj with brew but get the following error:
Error: Your CLT does not support macOS 11.
It is either outdated or was modified.
Please update your CLT or delete it if no updates are available.
Update them from Software Update in System Preferences or run:
softwareupdate --all --install --force
If that doesn't show you an update run:
sudo rm -rf /Library/Developer/CommandLineTools
sudo xcode-select --install
Alternatively, manually download them from:
.
Error: An exception occurred within a child process:
SystemExit: exit
I’m not sure what CLT is, this is outside of Clojure/Datomic
Xcode command line tools maybe?
I suspect you’re in for a bit of a yak shave here to update your dev tooling
@ps what version of the Clojure CLI are you on? clj -Sdescribe
should say
trying to get datomic to run locally but keep getting an error: .lein/profiles.clj
{:user
{:plugins [[lein-datomic "0.2.0"]]
:datomic {:install-location "/Users/Dave/Projects/datomic-free-0.9.5703.21"}}}
Project.clj
(defproject pet-owners "0.1.0-SNAPSHOT"
:description "FIXME: write description"
:url ""
:license {:name "EPL-2.0 OR GPL-2.0-or-later WITH Classpath-exception-2.0"
:url " "}
:dependencies [[org.clojure/clojure "1.10.1"]
[com.datomic/datomic-free "0.9.5697"]
[expectations "2.0.9"]]
:datomic {:schemas ["resources/datomic" ["schema.edn"]]}
:plugins [[lein-autoexpect "1.9.0"]]
:profiles {:dev
{:datomic {:config "resources/datomic/free-transactor-template.properties"
:db-uri "datomic:
when i run lein datomic start
i get an error (will put in thread)clojure.lang.Compiler$CompilerException: Syntax error macroexpanding clojure.core/fn at (clojure/core/unify.clj:83:18).
#:clojure.error{:phase :macro-syntax-check, :line 83, :column 18, :source "clojure/core/unify.clj", :symbol clojure.core/fn}
at clojure.lang.Compiler.checkSpecs (Compiler.java:6972)
clojure.lang.Compiler.macroexpand1 (Compiler.java:6988)
clojure.lang.Compiler.analyzeSeq (Compiler.java:7093)
clojure.lang.Compiler.analyze (Compiler.java:6789)
clojure.lang.Compiler.analyzeSeq (Compiler.java:7095)
clojure.lang.Compiler.analyze (Compiler.java:6789)
clojure.lang.Compiler.access$300 (Compiler.java:38)
clojure.lang.Compiler$DefExpr$Parser.parse (Compiler.java:596)
clojure.lang.Compiler.analyzeSeq (Compiler.java:7107)
clojure.lang.Compiler.analyze (Compiler.java:6789)
clojure.lang.Compiler.analyze (Compiler.java:6745)
clojure.lang.Compiler.eval (Compiler.java:7181)
clojure.lang.Compiler.load (Compiler.java:7636)
clojure.lang.RT.loadResourceScript (RT.java:381)
clojure.lang.RT.loadResourceScript (RT.java:372)
clojure.lang.RT.load (RT.java:459)
clojure.lang.RT.load (RT.java:424)
clojure.core$load$fn__6839.invoke (core.clj:6126)
clojure.core$load.invokeStatic (core.clj:6125)
clojure.core$load.doInvoke (core.clj:6109)
clojure.lang.RestFn.invoke (RestFn.java:408)
clojure.core$load_one.invokeStatic (core.clj:5908)
clojure.core$load_one.invoke (core.clj:5903)
clojure.core$load_lib$fn__6780.invoke (core.clj:5948)
clojure.core$load_lib.invokeStatic (core.clj:5947)
clojure.core$load_lib.doInvoke (core.clj:5928)
clojure.lang.RestFn.applyTo (RestFn.java:142)
clojure.core$apply.invokeStatic (core.clj:667)
clojure.core$load_libs.invokeStatic (core.clj:5985)
clojure.core$load_libs.doInvoke (core.clj:5969)
clojure.lang.RestFn.applyTo (RestFn.java:137)
clojure.core$apply.invokeStatic (core.clj:667)
clojure.core$require.invokeStatic (core.clj:6007)
clojure.core$require.doInvoke (core.clj:6007)
clojure.lang.RestFn.invoke (RestFn.java:421)
clojure.core.contracts.impl.transformers$eval739$loading__6721__auto____740.invoke (transformers.clj:1)
clojure.core.contracts.impl.transformers$eval739.invokeStatic (transformers.clj:1)
clojure.core.contracts.impl.transformers$eval739.invoke (transformers.clj:1)
clojure.lang.Compiler.eval (Compiler.java:7177)
clojure.lang.Compiler.eval (Compiler.java:7166)
clojure.lang.Compiler.load (Compiler.java:7636)
clojure.lang.RT.loadResourceScript (RT.java:381)
clojure.lang.RT.loadResourceScript (RT.java:372)
clojure.lang.RT.load (RT.java:459)
clojure.lang.RT.load (RT.java:424)
clojure.core$load$fn__6839.invoke (core.clj:6126)
clojure.core$load.invokeStatic (core.clj:6125)
clojure.core$load.doInvoke (core.clj:6109)
clojure.lang.RestFn.invoke (RestFn.java:408)
clojure.core$load_one.invokeStatic (core.clj:5908)
clojure.core$load_one.invoke (core.clj:5903)
clojure.core$load_lib$fn__6780.invoke (core.clj:5948)
clojure.core$load_lib.invokeStatic (core.clj:5947)
clojure.core$load_lib.doInvoke (core.clj:5928)
clojure.lang.RestFn.applyTo (RestFn.java:142)
clojure.core$apply.invokeStatic (core.clj:667)
clojure.core$load_libs.invokeStatic (core.clj:5985)
clojure.core$load_libs.doInvoke (core.clj:5969)
clojure.lang.RestFn.applyTo (RestFn.java:137)
clojure.core$apply.invokeStatic (core.clj:667)
clojure.core$require.invokeStatic (core.clj:6007)
clojure.core$require.doInvoke (core.clj:6007)
clojure.lang.RestFn.invoke (RestFn.java:408)
leinjacker.defconstrainedfn$eval733$loading__6721__auto____734.invoke (defconstrainedfn.clj:1)
leinjacker.defconstrainedfn$eval733.invokeStatic (defconstrainedfn.clj:1)
leinjacker.defconstrainedfn$eval733.invoke (defconstrainedfn.clj:1)
clojure.lang.Compiler.eval (Compiler.java:7177)
clojure.lang.Compiler.eval (Compiler.java:7166)
clojure.lang.Compiler.load (Compiler.java:7636)
clojure.lang.RT.loadResourceScript (RT.java:381)
clojure.lang.RT.loadResourceScript (RT.java:372)
clojure.lang.RT.load (RT.java:459)
clojure.lang.RT.load (RT.java:424)
clojure.core$load$fn__6839.invoke (core.clj:6126)
clojure.core$load.invokeStatic (core.clj:6125)
clojure.core$load.doInvoke (core.clj:6109)
clojure.lang.RestFn.invoke (RestFn.java:408)
clojure.core$load_one.invokeStatic (core.clj:5908)
clojure.core$load_one.invoke (core.clj:5903)
clojure.core$load_lib$fn__6780.invoke (core.clj:5948)
clojure.core$load_lib.invokeStatic (core.clj:5947)
clojure.core$load_lib.doInvoke (core.clj:5928)
clojure.lang.RestFn.applyTo (RestFn.java:142)
clojure.core$apply.invokeStatic (core.clj:667)
clojure.core$load_libs.invokeStatic (core.clj:5985)
clojure.core$load_libs.doInvoke (core.clj:5969)
clojure.lang.RestFn.applyTo (RestFn.java:137)
clojure.core$apply.invokeStatic (core.clj:669)
clojure.core$use.invokeStatic (core.clj:6093)
clojure.core$use.doInvoke (core.clj:6093)
clojure.lang.RestFn.invoke (RestFn.java:408)
leinjacker.utils$eval725$loading__6721__auto____726.invoke (utils.clj:1)
leinjacker.utils$eval725.invokeStatic (utils.clj:1)
leinjacker.utils$eval725.invoke (utils.clj:1)
clojure.lang.Compiler.eval (Compiler.java:7177)
clojure.lang.Compiler.eval (Compiler.java:7166)
clojure.lang.Compiler.load (Compiler.java:7636)
clojure.lang.RT.loadResourceScript (RT.java:381)
clojure.lang.RT.loadResourceScript (RT.java:372)
clojure.lang.RT.load (RT.java:459)
clojure.lang.RT.load (RT.java:424)
clojure.core$load$fn__6839.invoke (core.clj:6126)
clojure.core$load.invokeStatic (core.clj:6125)
clojure.core$load.doInvoke (core.clj:6109)
clojure.lang.RestFn.invoke (RestFn.java:408)
clojure.core$load_one.invokeStatic (core.clj:5908)
clojure.core$load_one.invoke (core.clj:5903)
clojure.core$load_lib$fn__6780.invoke (core.clj:5948)
clojure.core$load_lib.invokeStatic (core.clj:5947)
clojure.core$load_lib.doInvoke (core.clj:5928)
clojure.lang.RestFn.applyTo (RestFn.java:142)
clojure.core$apply.invokeStatic (core.clj:667)
clojure.core$load_libs.invokeStatic (core.clj:5985)
clojure.core$load_libs.doInvoke (core.clj:5969)
clojure.lang.RestFn.applyTo (RestFn.java:137)
clojure.core$apply.invokeStatic (core.clj:667)
clojure.core$require.invokeStatic (core.clj:6007)
clojure.core$require.doInvoke (core.clj:6007)
clojure.lang.RestFn.invoke (RestFn.java:408)
leinjacker.eval$eval717$loading__6721__auto____718.invoke (eval.clj:1)
leinjacker.eval$eval717.invokeStatic (eval.clj:1)
leinjacker.eval$eval717.invoke (eval.clj:1)
clojure.lang.Compiler.eval (Compiler.java:7177)
clojure.lang.Compiler.eval (Compiler.java:7166)
clojure.lang.Compiler.load (Compiler.java:7636)
clojure.lang.RT.loadResourceScript (RT.java:381)
clojure.lang.RT.loadResourceScript (RT.java:372)
clojure.lang.RT.load (RT.java:459)
clojure.lang.RT.load (RT.java:424)
clojure.core$load$fn__6839.invoke (core.clj:6126)
clojure.core$load.invokeStatic (core.clj:6125)
clojure.core$load.doInvoke (core.clj:6109)
clojure.lang.RestFn.invoke (RestFn.java:408)
clojure.core$load_one.invokeStatic (core.clj:5908)
clojure.core$load_one.invoke (core.clj:5903)
clojure.core$load_lib$fn__6780.invoke (core.clj:5948)
clojure.core$load_lib.invokeStatic (core.clj:5947)
clojure.core$load_lib.doInvoke (core.clj:5928)
clojure.lang.RestFn.applyTo (RestFn.java:142)
clojure.core$apply.invokeStatic (core.clj:667)
clojure.core$load_libs.invokeStatic (core.clj:5985)
clojure.core$load_libs.doInvoke (core.clj:5969)
clojure.lang.RestFn.applyTo (RestFn.java:137)
clojure.core$apply.invokeStatic (core.clj:669)
clojure.core$use.invokeStatic (core.clj:6093)
clojure.core$use.doInvoke (core.clj:6093)
clojure.lang.RestFn.invoke (RestFn.java:408)
leiningen.datomic$eval663$loading__6721__auto____664.invoke (datomic.clj:1)
leiningen.datomic$eval663.invokeStatic (datomic.clj:1)
leiningen.datomic$eval663.invoke (datomic.clj:1)
clojure.lang.Compiler.eval (Compiler.java:7177)
clojure.lang.Compiler.eval (Compiler.java:7166)
clojure.lang.Compiler.load (Compiler.java:7636)
clojure.lang.RT.loadResourceScript (RT.java:381)
clojure.lang.RT.loadResourceScript (RT.java:372)
clojure.lang.RT.load (RT.java:459)
clojure.lang.RT.load (RT.java:424)
clojure.core$load$fn__6839.invoke (core.clj:6126)
clojure.core$load.invokeStatic (core.clj:6125)
clojure.core$load.doInvoke (core.clj:6109)
clojure.lang.RestFn.invoke (RestFn.java:408)
clojure.core$load_one.invokeStatic (core.clj:5908)
clojure.core$load_one.invoke (core.clj:5903)
clojure.core$load_lib$fn__6780.invoke (core.clj:5948)
clojure.core$load_lib.invokeStatic (core.clj:5947)
clojure.core$load_lib.doInvoke (core.clj:5928)
clojure.lang.RestFn.applyTo (RestFn.java:142)
clojure.core$apply.invokeStatic (core.clj:667)
clojure.core$load_libs.invokeStatic (core.clj:5985)
clojure.core$load_libs.doInvoke (core.clj:5969)
clojure.lang.RestFn.applyTo (RestFn.java:137)
clojure.core$apply.invokeStatic (core.clj:667)
clojure.core$require.invokeStatic (core.clj:6007)
clojure.core$require.doInvoke (core.clj:6007)
clojure.lang.RestFn.invoke (RestFn.java:408)
leiningen.core.utils$require_resolve.invokeStatic (utils.clj:102)
leiningen.core.utils$require_resolve.invoke (utils.clj:95)
leiningen.core.utils$require_resolve.invokeStatic (utils.clj:105)
leiningen.core.utils$require_resolve.invoke (utils.clj:95)
leiningen.core.main$lookup_task_var.invokeStatic (main.clj:69)
leiningen.core.main$lookup_task_var.invoke (main.clj:65)
leiningen.core.main$pass_through_help_QMARK_.invokeStatic (main.clj:79)
leiningen.core.main$pass_through_help_QMARK_.invoke (main.clj:73)
leiningen.core.main$task_args.invokeStatic (main.clj:82)
leiningen.core.main$task_args.invoke (main.clj:81)
leiningen.core.main$resolve_and_apply.invokeStatic (main.clj:339)
leiningen.core.main$resolve_and_apply.invoke (main.clj:336)
leiningen.core.main$_main$fn__7420.invoke (main.clj:453)
leiningen.core.main$_main.invokeStatic (main.clj:442)
leiningen.core.main$_main.doInvoke (main.clj:439)
clojure.lang.RestFn.applyTo (RestFn.java:137)
clojure.lang.Var.applyTo (Var.java:705)
clojure.core$apply.invokeStatic (core.clj:665)
clojure.main$main_opt.invokeStatic (main.clj:514)
clojure.main$main_opt.invoke (main.clj:510)
clojure.main$main.invokeStatic (main.clj:664)
clojure.main$main.doInvoke (main.clj:616)
clojure.lang.RestFn.applyTo (RestFn.java:137)
clojure.lang.Var.applyTo (Var.java:705)
clojure.main.main (main.java:40)
Caused by: clojure.lang.ExceptionInfo: Call to clojure.core/fn did not conform to spec.
#:clojure.spec.alpha{:problems ({:path [:fn-tail :arity-1 :params], :pred clojure.core/vector?, :val clojure.core.unify/var-unify, :via [:clojure.core.specs.alpha/params+body :clojure.core.specs.alpha/param-list :clojure.core.specs.alpha/param-list], :in [0]} {:path [:fn-tail :arity-n], :pred (clojure.core/fn [%] (clojure.core/or (clojure.core/nil? %) (clojure.core/sequential? %))), :val clojure.core.unify/var-unify, :via [:clojure.core.specs.alpha/params+body :clojure.core.specs.alpha/params+body], :in [0]}), :spec #object[clojure.spec.alpha$regex_spec_impl$reify__2509 0x57d7f8ca "clojure.spec.alpha$regex_spec_impl$reify__2509@57d7f8ca"], :value (clojure.core.unify/var-unify [G__849 G__850 G__851 G__852] (clojure.core/if-let [vb__842__auto__ (G__852 G__850)] (clojure.core.unify/garner-unifiers G__849 vb__842__auto__ G__851 G__852) (clojure.core/if-let [vexpr__843__auto__ (clojure.core/and (G__849 G__851) (G__852 G__851))] (clojure.core.unify/garner-unifiers G__849 G__850 vexpr__843__auto__ G__852) (if (clojure.core.unify/occurs? G__849 G__850 G__851 G__852) (throw (java.lang.IllegalStateException. (clojure.core/str "Cycle found in the path " G__851))) (clojure.core.unify/bind-phase G__852 G__850 G__851))))), :args (clojure.core.unify/var-unify [G__849 G__850 G__851 G__852] (clojure.core/if-let [vb__842__auto__ (G__852 G__850)] (clojure.core.unify/garner-unifiers G__849 vb__842__auto__ G__851 G__852) (clojure.core/if-let [vexpr__843__auto__ (clojure.core/and (G__849 G__851) (G__852 G__851))] (clojure.core.unify/garner-unifiers G__849 G__850 vexpr__843__auto__ G__852) (if (clojure.core.unify/occurs? G__849 G__850 G__851 G__852) (throw (java.lang.IllegalStateException. (clojure.core/str "Cycle found in the path " G__851))) (clojure.core.unify/bind-phase G__852 G__850 G__851)))))}
it is, and was fixed 5 years ago
so you're getting something old in the stack somehow
I'd be suspicious of the plugins
both lein-datomic and lein-autoexpect pull in old versions of core.unify 0.5.3 (was fixed in 0.5.7 in 2016)
oh i see now. I was doing a follow along with a youtube video i found and wasnt paying attention to the fact that everything he used in the video is super old. I should have checked those first.
@UF41YH1CM What video were you following? Just curious as we're always looking at creating updated similar resources.
@U1QJACBUM https://www.youtube.com/watch?v=ao7xEwCjrWQ&t=2026s I gravitated towards this because some of his other videos were very helpful for me. I should have been paying more attention to how old it was though. lol
@alexmiller the version is 1.10.2.796
well, that's latest stable so no reason to update that
I'm confused if you're working with lein or working clj and if so which error you're having at this point
that’s right, after deleting ~/.m2/repository it worked
I see the repl now
@joe.lane in the 6th line of https://github.com/Datomic/ion-starter/blob/master/siderail/tutorial.repl
I get:
Unable to connect to localhost:8182
You have to keep the proxy running while in use. Looks like you killed it since running it.