You are here
TKLBAM backups to S3 are simply not working for me. I would appreciate some guidance.
Here's what happens when I try the backup to S3:
Uploading s3://s3.amazonaws.com/tklbam-ezpl7752hiwwe27a/duplicity-full.20160126T191540Z.vol1.difftar.gpg to STANDARD Storage Upload 's3://s3.amazonaws.com/tklbam-ezpl7752hiwwe27a/duplicity-full.20160126T191540Z.vol1.difftar.gpg' failed (attempt #1, reason: error: [Errno 104] Connection reset by peer)
... over and over until it gives up. It does not appear to have even created the tklbam bucket.
What I've done:
I have a local install of a TKL image on a VM. Works great.
I have an AWS account and I believe I've set up the role/property stuff up properly. I've initialized TKLBAM with the API key. I even attached the AmazonS3FullAccess policy to the turnkeyhub role and it still failed:
Failed to create bucket (attempt #1) 'tklbam-ezpl7752hiwwe27a' failed (reason: error: [Errno 104] Connection reset by peer) ...
I installed s3cmd on the machine in question as was able to create buckets and poke around from the command line, so I know that the machine can theoretcially access S3. There's not a firewall in the way or something.
I'm able to use TKLBAM to backup to local storage.
What version of TurnKey and TKLBAM?
I'm not an expert in these things but AFAIK "Connection reset by peer" is essentially the server refusing the connection (cancelling it). My guess at possible causes:
When you connected to AWS S3 did you use the same IAMs role that was setup for the Hub? If not then my guess is something wrong with your IAMs role and the Hub authentication setup. I recommend that you log into AWS console and remove all the IAMs stuff you added for TKLBAM. Then log back into the Hub, remove what you have added there too and start again. You just need to copy paste from the Hub into your AWS console. The instructions should be fairly good but if you get stuck please ask.
Tried some stuff, still not working.
Thanks for helping. Working through your suggestions:
I updated all the packages and rebooted the server. Tried again, no change.
I redid and checked the role/policy stuff. Hub shows green on the connectivity checks. (I actually cannot find the detailed AWS setup instructions on the hub that I originally followed. Do you have a link?)
Deleted /var/lib/tklbam and ran tklbam-init and then tklbam-backup.
This time it managed to create a bucket, confirming access to S3, but the connection was still reset.
Agree that this looks like a networking issue. I will try doing some larger data transfers with s3cmd.
You're right, I can't see how to re-enter the AWS info
Also it might be worth testing from the commandline inside your appliance. I.e. install awscli. Official AWS-cli install docs Arguably easier instructions.
Tested some data transfers
Tested some data transfers using s3cmd. No problems. ('azure' is the TKL VM that cannot do TKLBAM backups to S3)
So I can clearly access and transfer files to/from S3. I even used one of the TKLBAM backup files for test data. That rules out network connectivity
I suppose that s3cmd is different than duplicity/TKLBAM. I need to figure out how to debug duplicity/TKLBAM...
That's really weird...
Can you (or did you) use the Hub IAMs user that you set up for the Hub?
If you did and that worked then it pretty much proves that its a TKLBAM/Hub bug of some sort.
OTOH if you didn't use the same credentials, it still doesn't rule out an issue with the IAMs role in the Hub. TBH I still think that's the cause (mostly because no one else is having this issue right now; at least no one has reported it). Although I acknowledge the fact that TKLBAM was (at least at one point) able to create an S3 bucket does make it seem tenuous...
If possible (and if you haven't already), can you please try authenticating s3cmd with the Hub's IAMs user . If that's not possible then try aws-cli (I'm 99% sure that you can use an IAMs role with that).
If you can confirm that you can access and write to your S3 bucket using the Hub's IAMs user then please send me an email via the Hub's feedback (log into the Hub and click the "feedback" top row, towards the left). I'll then escalate this to Liraz (the TKLBAM Daddy).
Will try
I was using my own credentials with s3cmd. I'll try to use the Hub's IAMs user with s3cmd and/or awscli and report back.
Thanks for the suggestions.
Add new comment