I'm trying to use Eric Hammond's ec2-consistent-snapshot utility on a dedicated mysql server.
I've created an IAM user and attached a power user permission policy (using the AWS console).
On a 32bit Ubuntu 10.10 ec2 instance and an XFS volume, I have installed ec2-consistent-snapshot following these instructions : http://alestic.com/mt/mt-search.cgi?blog_id=1&tag=ec2-consistent-snapshot&limit=20.
The command I launch is the following :
ec2-consistent-snapshot \
--freeze-filesystem /data03 \
--description "Test description $(date +'%Y-%m-%d %H:%M:%S')" \
--mysql \
--mysql-user \
--mysql-host 127.0.0.1 \
--mysql-socket /var/run/mysqld/mysqld.sock \
--debug \
vol-11111111
And the debug output is :
ec2-consistent-snapshot: Using AWS access key: AWSAccessKeyId=AKI[...]
ec2-consistent-snapshot: Thu Mar 22 10:28:53 2012: MySQL connect as
ec2-consistent-snapshot: Thu Mar 22 10:28:53 2012: MySQL flush
ec2-consistent-snapshot: Thu Mar 22 10:28:53 2012: MySQL flush & lock
ec2-consistent-snapshot: master_log_file="mysql-bin.000726", master_log_pos=106
ec2-consistent-snapshot: Thu Mar 22 10:28:53 2012: sync
ec2-consistent-snapshot: Thu Mar 22 10:28:53 2012: xfs_freeze -f /data03
ec2-consistent-snapshot: Thu Mar 22 10:28:54 2012: create EC2 object
ec2-consistent-snapshot: Thu Mar 22 10:28:54 2012: ec2-create-snapshot vol-11111111
ec2-consistent-snapshot: ERROR: AWS was not able to validate the provided access credentials
ec2-consistent-snapshot: Thu Mar 22 10:28:56 2012: xfs_freeze -u /data03
ec2-consistent-snapshot: Thu Mar 22 10:28:56 2012: MySQL unlock
ec2-consistent-snapshot: Thu Mar 22 10:28:56 2012: MySQL disconnect
ec2-consistent-snapshot: Thu Mar 22 10:28:56 2012: done
(Of course, volume id is not actually 111111111).
I tried modifying the code to be sure it was using the correct secret key, which turned out to be the right one.
I also have an evironment variable that points to /root/.awssecret
echo $AWS_CREDENTIAL_FILE
/root/.awssecret
Other things I've tried, and have produced the same results :
-Passing the credential file's path as a paramater.
-Generating new credentials and using those.
-Specifying the region as us-east-1 rather than letting it go to default.
Here is what my credentials file LOOKS like :
AWSAccessKeyId=AKI[...]
AWSSecretKey=DPh[..]
That's pretty much it, thanks for any help.
Answer
The debug output of ec2-consistent-snapshot usually reads:
'Using AWS access key: AKI[...]'
Since the output you are shown includes AWSAccessKeyId=
and after a quick glance at the code (lines 470-471) - which simply reads in each line, with no further parsing:
($aws_access_key_id, $aws_secret_access_key) =
File::Slurp::read_file($aws_credentials_file);
The solution is likely to leave off the 'AWSAccessKeyId=' and 'AWSSecretKey=' prefixes in your credentials file. Your credentials file should, therefore, resemble:
AKI[...]
DPh[...]
As per the script's documentation, the file should contain the Amazon AWS access key and secret access key on seprate lines and in that order. Additionally, the script reads the $AWS_CREDENTIALS environment variable.
You could also try to pass the authentication parameters directly to the script, using the --aws-access-key-id
and --aws-secret-access-key
parameters.
No comments:
Post a Comment