S3 V2 api signature

federicoballarini · December 23, 2020, 8:14pm

Hi all,
is it possibile to use V2 api signature versions for S3 compatible backup backend instead of V4?

MichaelEischer · December 23, 2020, 8:31pm

That should be possible using a MINIO_SHARED_CREDENTIALS_FILE. Set the environment variable or place the configuration at ~/.mc/config.json. The configuration should then look similar to the following:

{
	"version": "10",
	"aliases": {
		"s3": {
			"url": "http://127.0.0.1:9000",
			"accessKey": "accessKey",
			"secretKey": "secretKey",
			"api": "S3v2",
		},
	},
}

If you also set MINIO_ALIAS, then you can use an alias different than s3.

federicoballarini · December 23, 2020, 8:39pm

I’m using rpm on Centos 7 (restic-0.9.6-1.ns7.x86_64). Is your suggestion valid for this environment?
Thank you

federicoballarini · December 23, 2020, 8:48pm

I’m getting this:

[root@hosting ~]# restic -r s3:r1-it.storage.cloud.it/qgbackup init
Fatal: create repository at s3:r1-it.storage.cloud.it/qgbackup failed: client.BucketExists: Error response code AuthMethodNotRecognized.

Setted via:

export AWS_ACCESS_KEY_ID=<MY_ACCESS_KEY>
export AWS_SECRET_ACCESS_KEY=<MY_SECRET_ACCESS_KEY>

MichaelEischer · December 23, 2020, 8:54pm

Using the AWS* environment variables always uses auth version 4. I don’t see why my previous suggestion shouldn’t work.

federicoballarini · December 23, 2020, 9:34pm

Should I have to configure your suggested file and then relaunch restic -r command? Sorry but I’m new

MichaelEischer · December 23, 2020, 9:36pm

Yes, please fill in the fields in the suggested config.json structure, set the MINIO_SHARED_CREDENTIALS_FILE environment variable, make sure that the AWS_* environment variables are not set. And then run restic again.

federicoballarini · December 23, 2020, 10:18pm

Can you give me an example of how to set MINIO_SHARED_CREDENTIALS_FILE variable?

MichaelEischer · December 23, 2020, 10:18pm

export MINIO_SHARED_CREDENTIALS_FILE=path/to/config.json

?

federicoballarini · December 23, 2020, 10:20pm

[root@hosting .mc]# pwd
/root/.mc
[root@hosting .mc]# ls -l
total 4
-rw-r--r-- 1 root root 174 Dec 23 23:15 config.json

Then:

export MINIO_SHARED_CREDENTIALS_FILE=/root/.mc/config.json

Launch backup:

[root@hosting .mc]# restic -r s3:r1-it.storage.cloud.it/qgbackup init
enter password for new repository:
enter password again:
Fatal: create key in repository at s3:r1-it.storage.cloud.it/qgbackup failed: client.PutObject: Access Denied

Content of config.json:

[root@hosting .mc]# cat config.json
{
        "version": "10",
        "aliases": {
                "s3": {
                        "url": "r1-it.storage.cloud.it",
                        "accessKey": "myaccesskey",
                        "secretKey": "mypassword",
                        "api": "S3v2",
                },
        },
}

What is wrong?

federicoballarini · December 24, 2020, 7:02pm

@MichaelEischer how can I check if config file has been loaded properly?

federicoballarini · December 25, 2020, 9:30pm

Ok, I understand what you suggested. But this is my problem.

I have bought a compatible-s3 space that seems to works only with v2 signature. It is possible in restic to use v2 signature also if it’s deprecated?

I tried with s3cmd and it works by forcing v2 signature, but I think it’s not possible to create restic repo with s3cmd; or not?

dhopfm · December 26, 2020, 9:59am

The error message is a different one now. I’d suggest you try whether you can create a bucket and files within our using generic S3 tools (like mc) first to rule out any other problems such as ACL. Once that works you could continue with restic.

In addition I’d recommend to either convince cloud.it to support an up-to-date S3 interface or to switch to a different provider who does. There are plenty of choices out there so there is really no need to struggle with such problems.

federicoballarini · December 26, 2020, 8:07pm

I found a working configuration via rclone. I think I’ll use it. Thank you.