Bucket access
I'm trying to do a backup to a bucket I created.
I'm using a backup software called Duplicati (that has an S3 compatible option) and it asks me for:
AWS Access ID
AWS Access Key
aws_secret_access_key
For the last 2 I know what to write (as they are provided by the linode bucket "access keys" tab but I have no clue as to the first one and it's mandatory, I cannot leave it blank.
Any suggestion would be welcomed!
Thanks
9 Replies
Hmm I’m suspicious that “access key” and “secret key” are usually one and the same.
The naming also looks a little weird for the last field.
Typically you have an “Access Key ID” and an “Access Key Secret” - both collectively are the “access key.”
These are exactly what Linode provides - they term it as “Access Key” (the key ID) and “Secret Key” (the key secret.)
Even this Duplicati forum post looks like there should only be 2 fields.
Is there maybe an issue with your Duplicati version? Are there any updates for it?
EDIT:
Not sure if you’re using a GUI but the command line options only list 2 Key-related parameters:
- aws_secret_access_key
- aws_access_key_id
You will also need to specify “s3-server-name” and possibly “s3-location-constraint” to point to Linode Object Storage instead of AWS.
andysh thanks so much for your reply.
I'm not sure what's happening.
By default in the Duplicati GUI these 2 fields are displayed:
AWS Access ID
AWS Access Key
I thought that the first one would correspond to the linode access key and the second to the secret key.
The 3rd field I was talking about can be displayed with an option "advanced option" which I tried when the fist trial didn't work.
I tried again today with just the 2 initial fields and this time got:
"Failed to connect: A WebException with status NameResolutionFailure was thrown"
Tried the link for my bucket in the web browser and of course got "access denied" but the link did resolve correctly.
Not sure anymore but can I access this bucket from outside linode, meaning from a server that is not on linode? I assumed the answer would be "yes" but not sure anymore. Looked at the docs and not specified anywhere I could see.
Anyway I'll keep investigating and thanks again for the help.
P.S. Yes I did provide to duplicati the bucket url for my bucket and apparently the region (according to duplicati's docs) is only needed when creating a new bucket. Did try both with and without the region.
To be continued…
I thought that the first one would correspond to the linode access key and the second to the secret key.
This sounds correct.
Not sure anymore but can I access this bucket from outside linode, meaning from a server that is not on linode? I assumed the answer would be "yes"
Indeed you can, you don’t need a Linode to use object storage.
Yes I did provide to duplicati the bucket url
What did you constitute as the bucket URL?
Looking at the docs, the URL should be:
s3://bucket-name/prefix
I.e.
s3://my-backups
If you put the full URL here (e.g. my-backups.us-east-1.linodeobjects.com) this might explain the name resolution error (which sounds like a DNS error.)
You provide the URL minus your bucket name (e.g. us-east-1.linodeobjects.com.) as the “s3-server-name”.
rl0nergan
Linode Staff
Hey there,
Thanks for reaching out to us about this. While I don't have too much experience with Duplicati, I was able to get this up and running on one of my Linodes. I just wanted to verify the settings I used which allowed me to connect to my personal bucket.
- Storage Type = S3 Compatible
- Use SSL = Yes
- Server = Custom Server URL ()
- Custom S3 Endpoint = $REGION.linodeobjects.com
- Bucket Name = $BUCKET
- AWS Access ID = Your Object Storage Access ID
- AWS Access Key = Your Object Storage Access Key
In your case, you'll want to replace $REGION with eu-central-1, since that's where your bucket's located. You'll also want to replace $BUCKET with the name of your bucket, which I won't say here. :)
You should be able to leave the rest of the settings with their default options and click the Test Connection button. You'll see a popup asking The bucket name should start with your username, prepend automatically? You'll want to answer no.
You should get a new popup letting you know that the connection is now working. I hope this helps. Be sure to let us know how it goes using this configuration!
Regards,
Ryan L.
Linode Support Staff
Ok thanks Ryan and andysh for all the efforts, warms my heart!
Got it working!
The error is was making is including the whole url given in my linode bucket definition, which included the name of the bucket.
Once I took the name out and only entered the rest of the url and it worked like a charm! Well at least the connection worked. I'm just hoping the backup will work as well.
Again thanks so much for pointing me in the right direction. Big relief because mo other backup place was running out of space.
Thanks again
Francois
Well apparently I was too optimistic.
The saga continues.
The connection is now happening, it starts the backup but when trying to write what seems to me the fist file to the bucket I get:
"Error while running to bucket my_bucket(not the real name of my bucket):
One or more errors occurred. (Could not find file "/tmp/dup-16cea6a9-5f0b-4a5e-b68b-69723bb031a6" (Could not find file "/tmp/dup-16cea6a9-5f0b-4a5e-b68b-69723bb031a6") (One or more errors occurred. (The remote server returned an error: (403) Forbidden.)))"
Never worked with AWS before so while I know that apparently writing is forbidden, not sure why.
I tried first by indicating a folder for the backup which I assumed it would create and then no folder, just root (/). Both times returned the same error.
Hmm 403 suggests access to the bucket is being denied.
Linode’s access keys are not as fine-grained as AWS’ permissions. If your key/secret is valid, you have read/write access to all the buckets on your account.
Can you please post a screenshot or excerpt of your config (with the access key/secret blanked out)?
Trying to use Duplicati as well. I have my settings as per rl0nergan, and when I click "Test Connection" I get a popup saying Failed to connect: A WebException with status TrustFailure was thrown
Not sure what I'm missing here. I've tried leaving the folder path blank, or just making one up (like "storage") but no difference.
Does it take time for a new access key to become valid? Or should it work immediately?
Edit: Further research shows that the root certificate that Linode is using to sign this domain isn't trusted by my machine. Not sure why that would be -- I'm on Arch Linux, and ca-certificates is up to date. If it's not self-signed, then it should be accepted. I was able to (temporarily) get around this by using the advanced option to accept all certificates, but I'd much rather just have it work properly.