I’m trying to get the operator’s backup function to work. But it appears to be something in the container. I’ve inspected the backup.sh inside the backup container and it appears that the adding of credentials is not working. I have tested it from other machines and containers with the same credentials and my account settings do work.
I’ve discovered the issue which if you are using minio you need to specify the API on the minio client command “–api S3v4” for the add credentials to work. Could this be a fix on the backup script?
I tested this manually from inside the container and it works only when applying the API parameter
As you see in the comments there we have tested the latest minio client and it works. We will release PXC Operator 1.7.0 in January with the latest client. Please stay tuned.
Hi, I experiencing the same issue.
With percona 1.7.0 and with 1.8.0 as well.
2021-04-06 10:22:04.219 INFO: [SST script] Backup to s3://XXXXXX/cluster1-2021-04-06-10:21:47-full started
2021-04-06 10:22:04.219 INFO: [SST script] + '[' -n XXXXXX ']'
2021-04-06 10:22:04.219 INFO: [SST script] + backup_s3
2021-04-06 10:22:04.219 INFO: [SST script] + S3_BUCKET_PATH=cluster1-2021-04-06-10:21:47-full
2021-04-06 10:22:04.219 INFO: [SST script] + mc -C /tmp/mc config host add dest https://s3.amazonaws.com ACCESS_KEY_ID SECRET_ACCESS_KEY
2021-04-06 10:22:04.219 INFO: [SST script] + echo 'Backup to s3://XXXXXX/cluster1-2021-04-06-10:21:47-full started'
2021-04-06 10:22:05.604 INFO: [SST script] mc: <ERROR> Unable to initialize new alias from the provided credentials. 400 Bad Request.
Here if I launch minio commands from inside the backup pod
with --api s3v2 or s3v4 (the command works)
bash-4.4$ mc C /tmp/mc config host add dest “${ENDPOINT:https://s3.amazonaws.com}” $ACCESS_KEY_ID $SECRET_ACCESS_KEY --api s3v2 Added dest successfully.
bash-4.4$ mc C /tmp/mc config host add dest “${ENDPOINT:https://s3 .amazonaws.com}” $ACCESS_KEY_ID $SECRET_ACCESS_KEY --api s3v4 Added dest successfully.
and without --api option (as the backup script does - but it doesn’t work)
bash-4.4$ mc C /tmp/mc config host add dest “${ENDPOINT:https ://s3.amazonaws.com}” $ACCESS_KEY_ID $SECRET_ACCESS_KEY mc: Unable to initialize new alias from the provided credentials. 400 Bad Request.
Is there any tested solution to this?
thank you very much
Hi, I just cloned the release-1.8.0 branch to get the 1.8.0 verison. But now I’m not sure I did well.
Anyway i get the issue with 1.7.0 … here my cr.yaml.txt
Greetings, we also got hit by this issue while trying to create backups, we are on 1.7.0 release which uses percona/percona-xtradb-cluster-operator:1.7.0-pxc8.0-backup image.
Appreciate if someone could share a workaround, so that I can continue with my testings. Thanks!
As you can see when you add --api key , mc does not call the validation call path: `mc config host add` can have an option to skip the credentials verify. · Issue #2422 · minio/mc · GitHub So, it is not connected with mc version.
You need to check your s3 IAM policies, maybe you do not have enough permission to your bucket or you have some specific configuration of your bucket.
I need to have more information from your end (e.g. example of your s3 IAM policies) to reproduce it.