Ubuntu
python-boto package

Bug #1278529
Comment #33

Comment 33 for bug 1278529

Revision history for this message

Mark Stosberg (markstos) wrote on 2014-12-26:

#33

There are multiple potential causes for the root cause of this issue. The key problem is that duplicity or a dependency is swallowing an error returned by Amazon instead of passing it along to the user to decide what to do with.

I figured out an an approach to see what error is actually being returned by Amazon. I new the calls to Amazon were going over HTTPS, so I figured if I could see the raw HTTP request and response from Amazon, I would have a better idea of what was going on.

To that end, I installed the Charles Debug Proxy application, and then routed the applications traffic through it. I tried setting 'HTTP_PROXY' in the environment to get the traffic to go through the proxy, but that didn't work. By digging in the code, I found I could modify this file temporarily:

/usr/lib/python2.7/dist-packages/boto/connection.py

Around line 650 there are these lines (which I needed to use sudo to edit):

self.proxy = proxy
self.proxy_port = proxy_port

I changed these to:

self.proxy = '127.0.1.1'
self.proxy_port = '8888'.

In Charles Debug Proxy, I had to change an SSL preference under "Proxy: Proxy Settings: SSL". I had to enable SSL proxying and add a location corresponding the bucket. My location named looked like: "my-bucket-name.s3.amazonaws.com:443".

Then I started Charles and reran the backup command (I'm actually using deja-dup which calls duplicity) and output showed up in Charles. I could then see that the HTTPS response from Amazon boiled down to "InvalidAccessId". Basically, I had a typo in the AWS username I was using. I corrected that, and the initial request to Amazon started to succeed.

It's not clear to me whether `python-boto` isn't passing the error messages back to `duplicity` or `duplicity` is discarding them.

Either way, we need clear diagnostics returned so we can troubleshoot the various connection problems possible with Amazon!

Alternately, there are relatively small handful of possible errors returned by S3 and they are documented. Each could be explicitly translated by the one of the layers involved here.

I figured out an an approach to see what error is actually being returned by Amazon.  I new the calls to Amazon were going over HTTPS, so I figured if I could see the raw HTTP request and response from Amazon, I would have a better idea of what was going on.

To that end, I installed the Charles Debug Proxy application, and then routed the applications traffic through it.  I tried setting 'HTTP_PROXY' in the environment to get the traffic to go through the proxy, but that didn't work.  By digging in the code, I found I could modify this file temporarily: