Use MinIO as snapshot repository failed if use https

Kathy · May 8, 2020, 8:42am

Follow Take and Restore Snapshots - Open Distro Documentation
to use MinIO bucket as snapshot repository,

Use docker
opendistro version: 1.6
install s3 plugin repository-s3-7.6.1.zip
Use MinIO bucket as repository

Setting in elasticsearch.yml:
s3.client.default.endpoint: “http://xxxxx”
s3.client.default.protocol: http

Create repository works.

But if change to use https MinIO endpoint
Setting in elasticsearch.yml:
s3.client.default.endpoint: “https://xxxxx”
s3.client.default.protocol: https

failed with error:
{
“error” : {
“root_cause” : [
{
“type” : “repository_verification_exception”,
“reason” : “[my-repository1] path is not accessible on master node”
}
],
“type” : “repository_verification_exception”,
“reason” : “[my-repository1] path is not accessible on master node”,
“caused_by” : {
“type” : “i_o_exception”,
“reason” : “Unable to upload object [tests-iNpthmjGRuCcTQR8NDiLRA/master.dat] using a single upload”,
“caused_by” : {
“type” : “sdk_client_exception”,
“reason” : “sdk_client_exception: Unable to execute HTTP request: es-repository.xxxxxxx”,
“caused_by” : {
“type” : “i_o_exception”,
“reason” : “es-repository.xxxxxxx”
}
}
}
},
“status” : 500
}

Seems still use http to request, how to fix this issue?
Thanks very much for your help.

Kathy · May 14, 2020, 1:12am

After more test, found use local minio as s3 repository, just can support endpoint wiht ip:port

I have new issues:
After s3 repository configured, I deleted the repository want to change to another endpoint not working.

Steps:
1.Stop all dockers
2.Build new image with new s3.client.default.access_key and s3.client.default_secret_key
3.Update elasticsearch.yml with new endpoint
4.Start all es nodes
5.Create S3 repository, will see error:
The AWS Access Key Id you provided does not exist in our records
6.If keep s3.client.default.access_key and s3.client.default_secret_key as old for the new endpoint, will see error:
The request signature we calculated does not match the signature you provided

Seems the s3.client.default.access_key and s3.client.default_secret_key and endpoint info are saved in somewhere.
So need to clean up the settings? How to clean up?

bin · November 7, 2020, 4:02pm

Hi Kathy,

Did you solve the https setup problem? I encountered the same issue with the following setup:

curl -k -X PUT "https://localhost:9200/_snapshot/minio_repository_tls?pretty" -H 'Content-Type: application/json' -d'
{
    "type": "s3",
    "settings": {
        "bucket": "es-snapshot",
        "endpoint": "minioserver-ip:9000",
        "protocol": "https"
    }
}'

The key and secret are saved in the Elasticsearch’s keystore file.

Topic		Replies	Views
Snapshot repository timeouts after converting to Opensearch OpenSearch	4	979	June 2, 2022
Failing to read from opensearch-keystore OpenSearch	2	383	June 18, 2024
In Opensearch failed to register repo with MINIO S3 using "HTTPS" protocol OpenSearch troubleshoot , configure , feature-request	3	317	March 15, 2024
Snapshot repository (CEPH) connecting to EC2 Metadata instance OpenSearch	0	293	October 31, 2023
Snapshot issues Open Source Elasticsearch and Kibana	1	1835	February 7, 2023

Use MinIO as snapshot repository failed if use https

Related topics