Problem Description
On the source cluster shipping XDR to destination destdc, I see the following warning:
WARNING (xdr): (dc.c:2673) (repeated:1) {test} DC destdc abandon result 81
Explanation
Result code 81 is role violation. In particular, admin user just has user_admin privilege by default so it will not allow to write data to the destination cluster.
To verify if there is a role violation, I enabled report-violation and report-authentication to true on the destination cluster, and the following confirm the role violation:
INFO (audit): (security.c:7584) permitted | client: 172.17.0.4:59600 | authenticated user: admin | action: authentication | detail: user=admin
INFO (audit): (security.c:7584) role violation | client: 172.17.0.4:59600 | authenticated user: admin | action: write | detail: {test|testset} [S|somekey]
Solution
For XDR, you only need write privilege so it may be better to create an xdr_user with write only role. This is the minimum. Having more unneeded privileges may just increase security risks. You can create a new user like this:
Admin+> manage acl create user xdr_user_dc1 password secret123 roles write
Successfully created user xdr_user_dc1.
To confirm, just run the following in asadm:
Admin> show users
~~Users (2022-09-27 22:50:02 UTC)~~
User| Roles|Connections
admin |user-admin|6
xdr_user | write|--
xdr_user_dc1| write|--
Number of rows: 3