If your Panzura nodes use Amazon Web Services (AWS) as a cloud storage provider (CSP), each node uses the AWS credentials (Access Key ID and Secret Key) specified during setup to access the cloud storage. If your AWS credentials change, the nodes will need to be updated with this change.
This topic gives the procedure for changing the AWS credentials on a Panzura node. The steps will need to be performed on each node that uses AWS as a CSP.
This change can be performed without any downtime.
- Cloud object uploads or downloads that already are in progress will complete using the current AWS credentials.
- New cloud object uploads and downloads will use the new AWS credentials.
- Leave the old credentials in place on AWS until the new credentials are installed and verified on all nodes.
- First perform these steps on an HA node and verify the results, before performing the steps on the rest of the nodes.
On the nodes, do not change any values other than the AWS Username and Password (Access Key ID and Secret Key). Changing any others AWS settings will case an error. (See Cloud License Warning.)
- On the AWS Console, create the new AWS credentials (if not already created).
For instructions, see https://docs.aws.amazon.com/toolkit-for-eclipse/v1/user-guide/setup-credentials.html
Once created, your new AWS credentials (also known as keys) will look something like this:
- Access Key ID (example): AKIAIOSFODNN7EXAMPLE
- Secret Key (example): wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
- Change the AWS credentials on one of the Panzura nodes to the new ones created in the AWS Console. (See Recommendations.)
Change only the User Name and Password fields. Do not make any changes to the Path or Bucket fields.
- Click the Configuration tab and select License Manager from the left menu.
- Select the checkbox next to the row for the CSP-Amazon license, and click Edit.
- In the CSP-Amazon license field, update the User Name with the new Access Key.
- In the CSP-Amazon license field, update the Password with the new Secret Key.
- Double-check your changes, then click Done.
- Again select the checkbox next to CSP-Amazon (if not already selected), and click Activate Selected.
If the "Cannot Activate" message appears, make sure the new AWS credentials are entered correctly. It may be easier to copy and paste these values into the text boxes to avoid typing errors. Correct the text box entries and try to Activate again (steps d and e above).
- On the node, verify the new credentials.
- Navigate to Maintenance > Diagnostic Tools.
- Click the Diagnostic Tools icon to open the dialog box.
- In the Command Type drop-down box, select cloud-upload-test.
- In the Enter Parameters text box, enter the following: 1k 2
- Click Run.
If the test is successful, the output will show the following:
- After verifying the new credentials, repeat 2 and 3 on each of the remaining nodes.
- After changing and verifying the AWS credentials on all nodes, delete the old credentials from the AWS Console.
Invalid Credentials Errors
If an error such as the following appears, the new AWS credentials are invalid:
"Failed to activate cloud license. Please check Cloud Controller settings."
In this case, the cloud license cannot be activated because the node cannot communicate with Amazon.
This error can occur for any of the following reasons:
- The credentials do not exist.
- The credentials exist but do not have the correct permissions.
- The credentials exist but were entered incorrectly.
Only Pertains to Panzura CloudFS7
If you change any AWS values on a node other than the AWS Username and Password (Access Key ID and Secret Key), an error message such as the following appears: "Warning! Selected License Modules contain cloud license."
This occurs because the node thinks it is being reconfigured for use with another CloudFS and wants to clear all its cache and statistics. Most likely this is unintentional, and you should click Cancel to revert the changes.