Restore site replication service account

In rare circumstances, you may need to restore site replication service account information to a peer in the cluster. Seeing AccessDenied for site replication calls either in logs or with :mc-cmd:mc admin trace indicates a need to restore service account information to a peer.

This error typically results when the service accounts for site replication of one of the peer sites have been lost or corrupted.

Procedure

To restore the required information, export the service account information from an existing healthy peer site and import it to the site with the missing account information.

  1. Export information from a healthy peer site.

    mc admin cluster iam export healthysite
    
  2. Unzip the contents of the downloaded information.

    For example, on Linux, run something resembling the following:

    unzip IAM-METADATA.ZIP
    
  3. Zip svcaccts.json from the unzipped contents.

    For example, on Linux, run something resembling the following:

    zip svcaccts.zip svcaccts.json
    
  4. Import service account information to the unhealthy peer site.

    mc admin cluster iam import unhealthysite svcaccts.zip
    
All rights reserved 2024-Present, MinIO, Inc.