Unable to restore from readonly S3 bucket

davidbkemp · January 25, 2019, 4:22am

We don't seem to be able to restore the S3 backup/snapshot of one cluster to another (exactly the same version of Elasticsearch). Note, this is for version 1.7 (yeah, I know that is really ancient). Not sure if it is still a problem in more recent versions.

It looks like it might be due to the target cluster having read-only access to the S3 bucket. It seems to attempt to write a test object event when the repository is registered as read-only.

curl -XPUT -H 'Content-Type: application/json' localhost:9200/_snapshot/s3restore -d '{"type": "s3", "settings": {"bucket": "my-bucket", "base_path": "7", "region": "ap-southeast-2", "readonly": true}}'

{"error":"RepositoryVerificationException[[s3restore] path [7] is not accessible on master node]; nested: IOException[Unable to upload object 7/tests-xmzsBVjuRmuwKxiZY93cCw-master due to AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: A020A9CD5348F9EC)]; ","status":500}

Is there a way to do this without relaxing the S3 access permissions?

dadoonet · January 25, 2019, 4:53am

There is a verify=false option but I don't know if it's available for your version. See https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-snapshots.html#_repository_verification

davidbkemp · January 30, 2019, 10:27pm

This fixed it thanks! Somehow we missed the verify=false as it was a URL parameter instead of a field in the settings. Makes sense though, and we don't really need the verification step as we will immediately perform the restore after registering the repository.

system · February 27, 2019, 10:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.