Backup to non AWS S3

Percona Everest
1

Hi

I have installed the latest version today and tried to “add backup storage”.
I am working with pure storage which provides full S3 compatibility.

I have provided to following parameters:
Type: Amazon S3 (the only one in the dropdown)
Endpoint: http://xxx-oure-1.yyy
Access and Secret keys

The same configuration works when I use aws cli for any operation.

The error i am getting is “cant connect to S3 please check your credentials”

How can I fix it ?

Regards

2

Hi, @shemreader

Welcome to the forum and thank for your question.

We recently did a video on how to configure S3 Bucket in AWS, the video is very short, about 4 minutes.

As I understand it, you are using AWS S3 Bucket

Probably really a problem with the credentials. Try again, maybe create another user and S3 Bucket.

For AWS, the URL should be
https://s3.<region>.amazonaws.com

Docs

3

If you’re not using AWS, tell us what you’re using so we can check it out.

4

Hi

Thank you for your reply.
As mentioned in my issue, i am using pure storage (on prem s3 storage) and i cant configre it fot backups.

1 Like
6

:slight_smile:
Thanks, have a great weekend.

BTW, how do i configure minio as an alternative ?

1 Like
7

Hi, unfortunately, Everest only allows TLS-trusted connections now. You can use only https. We have a task about it, and we will improve it in one of the feature releases. We will have the same approach as e.g. PXC operator has percona-xtradb-cluster-operator/deploy/cr.yaml at main · percona/percona-xtradb-cluster-operator · GitHub.

1 Like
8

Please see the example of how we deploy minio for k8s operator tests percona-xtradb-cluster-operator/e2e-tests/functions at main · percona/percona-xtradb-cluster-operator · GitHub

1 Like
9

Hi folks, I’m reaching out just to let you know that version 0.10.0, which is planned to be released at the end of April, will include the option to disable TLS certificate verification. This will hopefully help out with using on-prem deployments of S3-compatible storages.

2 Likes
10

This is fantastic! My first attempt was to configure Everest to use a local minio server that did not have TLS configured. It wasn’t obvious to me at the time that TLS was required. I think this change will be great for a lot of people :slight_smile:

1 Like
11

Thank you very much for your update
I will wait

1 Like
12

For completeness on this subject and because we have also been asked about this over on support minio for mongo · Issue #164 · percona/everest · GitHub, here’s a summary of the state of non-AWS S3 compatibility in everest.

Everest supports any S3-compatible API as long as it meets 2 requirements:

  1. If you use HTTPS, the TLS certificate must be signed by a trusted authority (self-signed certificates are not allowed)
  2. Your S3-compatible API must support Virtual-hosted–style requests (instances using path-style URL access will not work)

We are planning to remove both limitations in the near future:

  1. Allowing to skip TLS certificate checks is already being developed and will be part of 0.10.0 which is planned to be released at the end of April
  2. Supporting path-style URL access is in our roadmap, no ETA on this one yet.
2 Likes
13

CEPH s3 in my case. I’m not sure it supports virtual based routing.

14

Hi @shemreader, @JayV, @Hal_Lesesne,
I’m jumping in just to let you know that last week we released Percona Everest v0.10.0 which removes both limitations I mentioned previously. Now you can use an S3 compatible storage that:

  1. Uses self-signed certificates
  2. Only supports path-style URL access
1 Like
15

Thanks.
Already upgraded today.