Page Comparison

...

Table of Contents

maxLevel	3

title

Info

Backup only

Objects in the S3 backup bucket are wholly dedicated to disaster recovery for Swarm and are not for general use by owners of the account where the bucket resides. Consider this feature a restricted form of S3, with constraints on the bucket's namespace that support Swarm's ability to backup and restore. For this reason, do not expect the namespace to be end-user friendly.

Swarm S3 backups to Wasabi targets have been verified. To implement an S3 backup feed, you first need to complete a one-time set up of the destination: you will set up an account with Wasabi and then create an S3 bucket that will be dedicated to backing up this cluster only.

Setting up the S3 Bucket

Info

title

Note

Swarm has only the Wasabi access that you grant it as part of this configuration. Nether Neither the S3 Backup feed or nor the S3 Backup Restore Tool will administer administers your S3 credentials or create any S3 buckets in Wasabi.

See Wasabi Support for assistance.

These instructions are for Wasabi cloud storage, but any Internet-based S3 service will have has similar functionality:

Service — If needed, sign up for Wasabi.
1. Go to wasabi.com and choose Start your free trial.
2. Follow the on-screen instructions.
3. Once setup is finished, log in to the Wasabi console.
Bucket — Create a bucket
that will be
dedicated to backing up your Swarm cluster.
1. Sign in to the Wasabi console: console.wasabisys.com.
2. Choose Create bucket.
3. For Name and region, make your entries:
  1. For Bucket name, enter a DNS
    -
    compliant name for your new bucket.
    You will not be able to change it later
    Buckets cannot be renamed, so choose
    well
    wisely:
    1. The name must be unique across all existing bucket names in Wasabi S3.
    2. The name must be a valid DNS name, containing only lowercase letters and numbers (and internal periods, hyphens, underscores), between 3 and 64 characters.
      (
    3. See S3 documentation: Rules for Bucket Naming.)
      Tip: For easier identification, incorporate the name of the Swarm cluster
    4. this bucket
    5. is dedicated to backing up.
  2. For Region, choose the one that is appropriate for your business needs.
    Image Modified
4. For Configure options, take the defaults.
  Best practice: Do not enable versioning or logging unless it is required for your organization.
  Image RemovedImage Added
5. Choose Create, and record the fully qualified bucket name (such as "arn:aws:s3:::remote-bucket") for use later, in policies.
6. Record these values for configuring your S3 Backup feed in Swarm:
  - Bucket Name
  - Region
User — Create a programmatic (non-human/console) user that
will be
dedicated to Swarm access.
1. On the Wasabi console, select the service IAM (Identity and Access Management), click Users.
  Image Modified
2. Add a dedicated user, such as caringo_backup, to provide Programmatic access for Swarm.
  Image Modified
3. The Wasabi console generates an access key (an access key ID + secret access key), which you must record immediately.
  Image Modified
  - This is the only time that you can view or download the secret access key, so save it in a secure place.
4. Record the fully qualified user (such as "arn:aws:iam::123456789012:user/caringo_backup") for use later, in policies.
5. Record these values for configuring your S3 Backup feed in Swarm:
  - Access Key ID
  - Secret Access Key

Policies — Create policies on both the user and the bucket so that the programmatic user has exclusive rights to your S3 bucket. You may use the policy generators provided or enter edited versions of the examples below.

Create an IAM policy for this user, allowing it all S3 actions on the backup bucket, which you need to specify as a fully qualified Resource (which you recorded above), starting with arn:aws:s3:::

IAM policy

Code Block

title

language	xml		IAM policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::example.cluster1.backup"
        }
    ]
}

Create a matching bucket policy to grant access to the dedicated backup user, which you need to specify as a fully qualified Principal, which is the User ARN (which you recorded above) starting with arn:aws:iam::.
Using the Policy Generator, be sure to allow all S3 actions for your bucket, using the full ARN name:
Image Modified

Bucket policy

Code Block

language	xml	title	Bucket policy

{
  "Id": "Policy1560809845679",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1560809828003",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::example.cluster1.backup",
      "Principal": {
        "AWS": [
          "arn:aws:iam::123456789012:user/caringo_backup"
        ]
      }
    }
  ]
}

Configuring the S3 Backup Feed

On the Swarm side, create a new S3 backup feed with Wasabi as its target.

In the Swarm UI, open the Feeds page.
Image Modified
Click + Add at the top right.
Choose the feed type S3 Backup.
Provide the following values. For details on these fields, see S3 Backup Feeds.
- Name - For description only, such as "Replication to Wasabi"
- Endpoint - Include the complete endpoint, without the bucket: s3.us-west-1.wasabisys.com
- Region - This example uses the us-west-1 storage region. For any other region, use the appropriate Wasabi service URL.
- Bucket - Enter your newly created bucket , which will be dedicated to backing up your Swarm cluster.
- Credentials - Paste in both the Access key name and Secret Key
- Use SSL - YesImage Removed
  Image Added
Confirm that your new S3 backup appears in your list of Swarm feeds:

Child pages (Children Display)

Versions Compared

Old Version 3

New Version 4

Key

Backup only

Setting up the S3 Bucket

Note

Configuring the S3 Backup Feed