0

On my management server:

/usr/bin/ec2-consistent-snapshot --freeze-filesystem /mnt/websites --description "FOO-DATA $(date)" vol-d84bhi64 --region eu-west-1
/mnt/websites: No such file or directory
ec2-consistent-snapshot: ERROR: xfs_freeze -f /mnt/websites: failed(256)

On the server that the volume in question is attached to:

[root@foo ec2-user]# df -TH
Filesystem    Type     Size   Used  Avail Use% Mounted on
/dev/xvda1    ext4     8.5G   1.2G   7.2G  15% /
tmpfs        tmpfs     880M    50k   880M   1% /dev/shm
/dev/xvdf      xfs      54G   321M    54G   1% /mnt

[root@foo ec2-user]# ls -al /mnt
total 4
drwxr-xr-x  4 root           root     45 Sep  8 12:36 .
dr-xr-xr-x 22 root           root   4096 Sep 13 15:07 ..
drwxr-xr-x  3 mysql          mysql    16 Sep  8 12:36 mysql
-rw-r--r--  1 root           root      0 Sep  8 12:11 stuff
drwsrwsr-x  5 someuser       apache   37 Sep 21 15:41 websites

Running xfs_freeze on the machine works:

[root@fb ec2-user]# xfs_freeze -f /mnt/websites
[root@fb ec2-user]# xfs_freeze -u /mnt/websites
jdw
  • 3,855
  • 2
  • 17
  • 21

1 Answers1

5

If you use the --freeze-filesystem (or --xfs-filesystem) option, then the ec2-consistent-snapshot program must be run on the instance where the file system is mounted. Otherwise, it can't run xfs_freeze against that filesystem.

I am the author/maintainer of ec2-consistent-snapshot. I'll look at making this requirement clearer in the documentation.

There was a submitted patch that went a ways towards making ec2-consistent-snapshot work on remote systems (with ssh to run commands like xfs_freeze). This would help reduce the existing requirement to have the AWS credentials on the instance. I forget why the patch did not get incorporated, but will take another look at it.

If you're trying to avoid having AWS credentials on the instance, here's an article I wrote to limit your risk:

Improving Security on EC2 With AWS Identity and Access Management (IAM)
http://alestic.com/2010/09/aws-iam

Eric Hammond
  • 11,163
  • 1
  • 36
  • 56
  • Oh, ok. That is not clear. I found the same thing with the --mysql flag. It seems that I needed to set up remote mysql access to the instance I was snapshotting on in order to connect and issue the mysql flush/lock commands. I discovered that through informative error messages, but the error messages for the freeze are not so clear. So...basically, to use this the instance has to snapshot itself. Is that correct? – jdw Sep 28 '11 at 00:46
  • jdw: You got it. – Eric Hammond Sep 28 '11 at 00:47
  • OK, thanks for the clarification. That's gonna take some re-jigging of my methodology. – jdw Sep 28 '11 at 01:03