Solved

Archive Offload to AWS Glacier error


Userlevel 5
Badge

Hi,

I would like to offload Archives to AWS Glacier. I added a AWS Glacier Repository to an sobr as archive exent. Once offloading starts I get the following error messages.

I thing that the gateway server is not able to connect by ssh to the ec2 proxy appliance? Are these Appliances deployed in advance, or just temporary during archive offloading job? It is a new deploy, we didnt use these feature.

 

01:42:55    Failed to provision a proxy appliance: Unable to connect by SSH to appliance.     04:32
01:47:28    Queued for processing at 28.04.2021 01:47:28     
01:47:33    Task failed. Error: Unable to archive backups: no proxy appliances are available.     
01:47:33    Processing finished with errors at 28.04.2021 01:47:33     
 

icon

Best answer by StefanZi 28 April 2021, 09:21

View original

3 comments

Userlevel 5
Badge

Hi Hartmut, 

we do need an appliance to convert from the “normal” S3 objects to the bigger archive objects. This appliance is created on demand just for this job and then decommissioned afterwards.

 

Does your used AWS IAM account have the right permissions? Due to this process we of course need to be able to configure a new instance and all the security stuff around it. Check the Required Permissions for a special section on “Amazon S3 Glacier Storage Permissions” for a C&P version of the required IAM policy.

And of course you have to double check whether it’s possible at all to connect to the provisioned EC2 instance via SSH from the VBR with the configured settings (VPC/subnet/security group) - check the Used Ports section for the Proxy Appliance - it requires a connection via SSH (TCP/22) and HTTPS (TCP/443).

I assume it’s just the missing ports in the SG or maybe a limitation of the network ACL.

It is TCP/22. I found the suitable Veeam logfiles. Thx to you.

Userlevel 5
Badge

I guess it is tcp/22 i will check this.

Userlevel 6
Badge +3

Hi Hartmut, 

we do need an appliance to convert from the “normal” S3 objects to the bigger archive objects. This appliance is created on demand just for this job and then decommissioned afterwards.

 

Does your used AWS IAM account have the right permissions? Due to this process we of course need to be able to configure a new instance and all the security stuff around it. Check the Required Permissions for a special section on “Amazon S3 Glacier Storage Permissions” for a C&P version of the required IAM policy.

And of course you have to double check whether it’s possible at all to connect to the provisioned EC2 instance via SSH from the VBR with the configured settings (VPC/subnet/security group) - check the Used Ports section for the Proxy Appliance - it requires a connection via SSH (TCP/22) and HTTPS (TCP/443).

I assume it’s just the missing ports in the SG or maybe a limitation of the network ACL.

Comment