bash - 即使设置了有效的凭证,AWS CLI 也会在 Docker 上返回 (AcessDenied)
问题描述
所以我有一个在 Docker 容器中运行的应用程序,我需要能够使用 cron 作业备份它的文件系统中的目录。我使用Filebase作为我的 S3 兼容存储服务。我已经安装了 AWS CLI,但是每当我的备份脚本运行时,我得到的只是An error occurred (AccessDenied) when calling the CreateMultipartUpload operation: Access Denied.
#!/bin/bash
# from https://github.com/peterrus/docker-s3-cron-backup
# default storage class to standard if not provided
S3_STORAGE_CLASS=${S3_STORAGE_CLASS:-STANDARD}
# generate file name for tar
FILE_NAME=/tmp/$BACKUP_NAME-`date "+%Y-%m-%d_%H-%M-%S"`.tar.gz
# Check if TARGET variable is set
if [ !-z ${FILE_TARGET} ];
then
echo "TARGET env var is not set so we use the default value (/crafty_web/minecraft_servers)"
FILE_TARGET=/crafty_web/minecraft_servers
else
echo "TARGET env var is set, continuing..."
fi
echo "creating archive"
tar -zcvf $FILE_NAME $FILE_TARGET
echo "uploading archive to S3 [$FILE_NAME, storage class - $S3_STORAGE_CLASS]"
aws --endpoint $S3_ENDPOINT s3 cp $FILE_NAME $S3_BUCKET_URL
echo "removing local archive"
rm $FILE_NAME
echo "done"
我已经检查了凭据是否已设置并且有效(我使用docker run -eargs 设置了它们),我什至尝试过 sudo,但是使用 sudo,CLI 找不到任何凭据,所以我假设它是作用域的。如果你需要 Dockerfile(我已经分叉了),这里是:
FROM ubuntu:20.04
ENV DEBIAN_FRONTEND="noninteractive"
LABEL maintainer="Phillip Tarrant <https://gitlab.com/Ptarrant1> and Dockerfile created by kevdagoat <https://gitlab.com/kevdagoat>"
RUN apt-get update
RUN apt-get install -y python3 python3-dev python3-pip default-jre libmysqlclient-dev cron curl unzip sudo
RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
RUN unzip -q awscliv2.zip && ./aws/install
COPY requirements.txt /crafty_web/requirements.txt
RUN pip3 install -r /crafty_web/requirements.txt
COPY crontab /etc/cron.d/backup-task
RUN chmod 0644 /etc/cron.d/backup-task &&\
crontab /etc/cron.d/backup-task
COPY ./ /crafty_web
WORKDIR /crafty_web
RUN chmod +x backup.sh
EXPOSE 8000
EXPOSE 25500-25600
COPY entry /entry
RUN chmod +x /entry
ENTRYPOINT [ "/entry" ]
CMD ["python3", "crafty.py", "-c", "/crafty_web/configs/docker_config.yml"]
/entry:
#!/bin/sh
# this is not my script but I can't find a link to it atm.
#fix link-count, as cron is being a pain, and docker is making hardlink count >0 (very high)
touch /etc/crontab /etc/cron.*/*
service cron start
# Hand off to the CMD
exec "$@"
我不知道出了什么问题。
解决方案
推荐阅读
- javascript - Vue.js Dom 不会在更改 Object 的键值时更新
- android - 什么是 gradle 插件(例如 gradle plugin 4.1.1)?它存储在电脑的什么地方?
- jquery - 无法获取本地 JSON 数据 getJSON
- json - 如何在 Jira 中格式化包含大括号的 JSON 等文本
- javascript - Three.js - 如何沿着一条线找到最近的对象
- python-3.x - 捕获 runpy.run_module 标准输出
- regex - 正则表达式匹配某些字符的出现
- java - Kruskal 算法:从加权矩阵显示邻接矩阵
- c++ - 编译似乎在预处理器宏扩展之前开始
- angular - Angular:从包含 null 的异步数据中打印 Null