Hi, I have another question 🙂 Now I'm
# spicedb
g
Hi, I have another question 🙂 Now I'm running a default spicedb deployment & a readonly deployment. When I run a PermissionServiceClient.CheckPermission() request to the readonly node I get the error
unable to check permission: rpc error: code = PermissionDenied desc = invalid preshared key: invalid token
. The ReadSchemaRequest which is executed right beforehand will not fail. Now I deployed the same setup (1 postgres, 1 readonly spicedb node, 1 default spicedb node) with the same version (v1.20.0) locally and I don't run into any issues. Does anyone have an idea what the problem could be? The psk is the right one. Which I prove by intentionally passing the wrong PSK to the read only client. Which then will result in a failing ReadSchemaRequest() too.
v
The fact this works for schema read and not check request immediately tells me a problem on the Dispatch API. A node may be dispatching to another one, and somehow the preshared key are different. Is it possible the read-only cluster and the r/w cluster are forming a single clustering ring?
I suggest enabling trace logs to see if you get extra information on what could be going on
a quick way to confirm is to make both clusters have the same preshared key and see if that works
g
That was the problem. I just copy & pasted the config on my k8s cluster. I have disabled
SPICEDBB_DISPATCH_CLUSTER_ENABLED
and now it works. Funny enough I also thought this could be the problem before I took a nap. Thanks for beeing my rubber duck 😄