[Solved] Connect to OpenStack Swift from Windows Server

Hello.

I’m trying to figure out how to initialize a repository against a container in OpenStack Swift on a Windows Server using powershell to execute restic.

Powershell:

.\restic_0.14.0_windows_amd64.exe -r swift:limecon:/ init

The result I get is:

Fatal: create repository at swift:limecon:/ failed: conn.Authenticate: Can’t find AuthVersion in AuthUrl - set explicitly

I’ve generated a rc-file from OpenStack and it’s placed in the same directory, but I can’t find any flag specify to use it?

The structure of the rc-file looks like this:

export OS_USERNAME=
export OS_PASSWORD=
export OS_AUTH_URL=https://xxx.yyy.com:5000/
export OS_USER_DOMAIN_NAME=
export OS_PROJECT_DOMAIN_NAME=
export OS_REGION_NAME=
export OS_PROJECT_NAME=“”
export OS_TENANT_NAME=“”
export OS_AUTH_VERSION=3
export OS_IDENTITY_API_VERSION=3

Troubleshooting:
I’ve tried to set environment variables from the rc-file manually with powerhell.
I’ve executed curl https://xxx.yyy.com:5000/ to verify that it can be reached, it can.
I’ve tried to add /v3/ to the url.

Does anyone know what is happening or can suggest a way for me to further troubleshoot?

Please first try to make sure that you can successfully use the OpenStack CLI tools. If you cannot do that, then you don’t have a working authentication with your OpenStack, and in that case restic will not work either.

Once you have working authentication using the OpenStack CLI tools, you can try it with restic - it should work.

Hi. I booted a Linux (ubuntu 20) machine on the same network and installed python3-openstackclient.
With the same rc-file sourced I was able to connect to OpenStack and list,create,delete containers.

Tomorrow I’ll probably get information about the fully correct url to Swift. I’m thinking that maybe OS_AUTH_URL=https://xxx.yyy.com:5000/ is not enough for restic to find Swift? Especially if the maintainers of the OpenStack cloud has changed default path of the endpoint?

Please try to source <thercfile> in that Linux VM you tested with, and see if you can get restic working there :slight_smile:

Another thing to try is adding just /v3.0 to the OS_AUTH_URL value.

Do you know if you have keystone v2 or v3 in your OpenStack?

You do have to make sure that the environment in which you execute restic has these environment variables set. That’s what sourcing the RC file is normally used for, it’s not a file that restic or something else picks up.

I have been able to connect to Swift now!

I needed to follow your advice of updating the url for OS-AUTH_URL, though not to append /v3.0, instead only to append /v3.
So now I’ve got it working from the Linux, but I still have issue with Windows, though this might be very well that I don’t fully know how to source or set the environment variables here.

I wrote a script in Powershell that sets the variables:

Get-Content -Path .\rc-file | %{$e = ($_.Substring(7)).split(“=”); Set-Item -Path (“Env:{0}” -f $e[0]) -Value $e[1]}

It produces this (sensitive data blacked out):

So it looks like everything is correct?
I’ve tried to run restic with -v for more output but it does not tell me anything extra.

I did a test program with golang (on the windows server) to see if it could fetch the environment variables I set with the same powershell script.

package main

import (
“fmt”
“os”
)

func main() {
fmt.Println(“OS:”, os.Getenv(“OS_AUTH_URL”))
}

This works as expected, but I’m not sure that restic uses the same method of fetching the variables?

Ok, when inspecting /restic/restic/blob/master/internal/backend/swift/config.go it seems that os.Getenv is beeing used.

This is a cross-reference between config.go and the variables from my rc-file. I belive that as AUTH_VERSION and IDENTITY_API_VERSION is not beeing fetched, this could be why I had to append /v3 to the ATUH_URL.
image

I’ve tried using the --verbose flag a bit more, now also with --verbose=1 and 2 and 3. But it does not give me any extra info.

I thought you already tried that, but I guess you mean it works only without an ending slash after v3?

Do you mean that you have the connection working with restic?

Can you open a command prompt (instead of PS), run set to see the env vars in the environment, run the restic command, and then paste all of this and the output here?

Sorry if I’m beeing inexplicit.

Regarding v3. This is my result:

Working: https://xx.yy.zz:5000/v3
Not Working: https://xx.yy.zz:5000/v3.0

I belive this is a good info to submit to the docs and I will look into contribute that.

Regarding Swift. Yes I got restic to connect to Swift on the Linux machine, but at the time, not with Windows.

Regarding using cmd instead of powershell, look at this… It works! :smiley:

C:\Users<hidden>\Downloads\restic_0.14.0_windows_amd64>set OS_
OS_AUTH_URL=https://hidden:5000/v3
OS_AUTH_VERSION=3
OS_IDENTITY_API_VERSION=3
OS_PASSWORD=hidden
OS_PROJECT_DOMAIN_NAME=hidden
OS_PROJECT_NAME=Management
OS_REGION_NAME=hidden
OS_TENANT_NAME=Management
OS_USERNAME=hidden
OS_USER_DOMAIN_NAME=hidden

C:\Users<hidden>\Downloads\restic_0.14.0_windows_amd64>restic_0.14.0_windows_amd64.exe --verbose=3 -r swift:limecon:/ init
enter password for new repository:
enter password again:
Fatal: create key in repository at swift:limecon:/ failed: repository master key and config already initialized

C:\Users<hidden>\Downloads\restic_0.14.0_windows_amd64>restic_0.14.0_windows_amd64.exe --verbose=3 -r swift:limecon:/ backup .\brandbil
open repository
enter password for repository:
repository ebdc701c opened (repository version 1) successfully, password is correct
created new cache in C:\Users<hidden>\AppData\Local\restic
lock repository
no parent snapshot found, will read all files
load index files
start scan on [.\brandbil]
start backup on [.\brandbil]
scan finished in 0.705s: 1 files, 73 B
new /brandbil/brandbil200.txt, saved in 0.008s (73 B added)
new /brandbil/, saved in 0.025s (0 B added, 0 B stored, 370 B metadata)

Files: 1 new, 0 changed, 0 unmodified
Dirs: 1 new, 0 changed, 0 unmodified
Data Blobs: 1 new
Tree Blobs: 2 new
Added to the repository: 677 B (884 B stored)

processed 1 files, 73 B in 0:00
snapshot bafc0d10 saved

So the solution for me is to use cmd onwards. How ever, as powershell is gaining more and more traction within Windows Server, I would gladly like to try to help out getting it to work.

UPDATE: It is actually possible to use Powershell, so my info above is invalid.
How ever, my script could not be used, instead if Set-Item is used manually it works.

Set-Item -Path Env:\OS_AUTH_VERSION -Value 3
Set-Item -Path Env:\OS_IDENTITY_API_VERSION -Value 3
Set-Item -Path Env:\OS_PASSWORD -Value hidden
Set-Item -Path Env:\OS_PROJECT_DOMAIN_NAME -Value hidden
Set-Item -Path Env:\OS_PROJECT_NAME -Value hidden
Set-Item -Path Env:\OS_REGION_NAME -Value hidden
Set-Item -Path Env:\OS_TENANT_NAME -Value hidden
Set-Item -Path Env:\OS_USERNAME -Value hidden
Set-Item -Path Env:\OS_USER_DOMAIN_NAME -Value hidden

I don’t know why this is. When I compare the 2 methods the values produces the same output of the one bellow.

PS > ((Get-Item -Path ENV:\OS_USERNAME).value).gettype()

IsPublic IsSerial Name BaseType


True True String System.Object