Backing up Object Store: Difference between revisions

From SD4H wiki
Jump to navigation Jump to search
No edit summary
Line 1: Line 1:
It is possible to have a backing up of object store data to our TSM tape system. Here is the formal procedure to do so.  
It is possible to have backed up of object store data to our TSM tape system. Here is the formal procedure to do so.  


===List bucket===
===List bucket===


Send a list of bukets to backup to juno@calculquebec.ca with the name of the project where the buckets live.
Send a list of buckets to back up to juno@calculquebec.ca with the name of the project where the buckets live.


===Give us permission===  
===Give us permission===  


You need to configure the iam policy statement of *all the buckets* you want to backup so your TSM robot user in charge of the backup can access them. Here is the policy that needs to be added.
You need to configure the iam policy statement of *all the buckets* you want to back up so your TSM robot user in charge of the backup can access them. Here is the policy that needs to be added.


For example, using the [https://docs.aws.amazon.com/cli/latest/ aws cli] and apply the policy on <code>my-bucket</code> using the <code>my-profile</code> identity.  
For example, using the [https://docs.aws.amazon.com/cli/latest/ aws cli] and apply the policy on <code>my-bucket</code> using the <code>my-profile</code> identity.  
Line 18: Line 18:
</pre>
</pre>


If that command returns something you need to add the new statement the existing policy. But we are no covering that here.
If that command returns something, you need to add the new statement the existing policy. But we are not covering that here.


Adding policy.json to `my-bucket`
Adding policy.json to `my-bucket`

Revision as of 21:44, 9 October 2024

It is possible to have backed up of object store data to our TSM tape system. Here is the formal procedure to do so.

List bucket

Send a list of buckets to back up to juno@calculquebec.ca with the name of the project where the buckets live.

Give us permission

You need to configure the iam policy statement of *all the buckets* you want to back up so your TSM robot user in charge of the backup can access them. Here is the policy that needs to be added.

For example, using the aws cli and apply the policy on my-bucket using the my-profile identity.

First, we make sure that my-bucket has currently no policy. 

$aws s3api --profile my-project  get-bucket-policy --bucket  my-bucket

An error occurred (NoSuchBucketPolicy) when calling the GetBucketPolicy operation: The bucket policy does not exist

If that command returns something, you need to add the new statement the existing policy. But we are not covering that here.

Adding policy.json to `my-bucket`

File : policy.json 
{
"Statement": [
  {
    "Effect": "Allow",
    "Principal": {"AWS": ["arn:aws:iam:::user/tsm"]},
    "Action": [
      "s3:ListBucket",
      "s3:GetObject"
    ],
    "Resource": [
      "arn:aws:s3:::my-bucket/*",
      "arn:aws:s3:::my-bycket"
    ]
  }
]
}

Then loading the policy to the bucket: 

$aws s3api --profile my-profile  put-bucket-policy --policy file://my-policy.json --bucket my-bucket
Retrieved from "https://wiki.c3g-app.sd4h.ca/index.php?title=Backing_up_Object_Store&oldid=28"