plakar
plakar copied to clipboard
poolpOrg
Do not fail if shared locks can't be removed
When a backup is performed, plakar attempts to remove stale locks. If the store doesn't have permissions to remove the locks, the backup fails.
It would be great to silently ignore the error, and perform the locks deletion during maintenance instead. This way, plakar can be used with only read and write permissions, without delete.
To reproduce:
- start MinIO
docker run --rm --name minio -p 9000:9000 -p 9001:9001 quay.io/minio/minio server /data --console-address ":9001"
- create a file policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:GetObject", "s3:ListBucket", "s3:PutObject", "s3:CreateBucket"],
"Resource": ["arn:aws:s3:::plakar-kloset", "arn:aws:s3:::plakar-kloset/*"]
}
]
}
- copy the file into the container
docker cp ./policy.json minio:/tmp
- connect to MinIO
docker exec -ti minio bash
# and, from the container
mc alias set myminio http://localhost:9000 minioadmin minioadmin
mc admin user add myminio plakar_user mypassword
mc admin policy create myminio plakar-policy /tmp/policy.json
mc admin policy attach myminio plakar-policy --user=plakar_user
- configure plakar
plakar store add minio s3://localhost:9000/src access_key=plakar_user secret_access_key=mypassword use_tls=false
- create the store and add a backup
plakar at @minio create
plakar at @minio backup /etc
- wait 5 minutes without doing anything (5 minutes is the value of
LOCK_REFRESH_RATEin Kloset) - perform a new backup
plakar: failed to create snapshot: failed to delete lock: remove object: Access Denied.
