IPV6 S3 endpoints not accessible

Lars    Jan 10 2:51PM 2018

Hello,

I am using an ESXi host with only IPV6, IPV4 is not configured. It looks like vertical does not have the Amazon S3 IPV6 endpoints implemented since the vertical init commands finishes up with error

Allowing outgoing connections on port 443 to connect to S3 servers Failed to connect to the bucket vertical: gaierror(-2, 'Name or service not known')

Is there any known remedy for that?

Thanks, Lars


Lars    Jan 10 11:11PM 2018

OK, slight progress, but still not solved.

When I try to manually configure S3 endpoint with

vertical init esxi s3://s3.dualstack.eu-central-1.amazonaws.com/

I get the following error:

Failed to connect to the bucket : The authorization header is malformed; the region 'dualstack' is wrong; expecting 'eu-central-1'

Does vertical support AWS dual-stack endpoints?

Thanks, Lars


gchen    Jan 11 3:32PM 2018

Vertical Backup uses boto (https://github.com/boto/boto) for the S3 library and I don't know if boto supports IPv6 S3 endpoints. I'll take a look.


Lars    Jan 11 4:04PM 2018

Hi,

I think boto handles IPv6 quite fine, the issue may be how the authorization header is contructed. In this case it looks the region is incorrectly parsed from the url. AWS defines endpoint naming scheme here:

https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region

Looks like the proper way is to extract the third part of the url from the right, not the second from the left :-)

I also tried to force the region with with boto3 envvar AWS_DEFAULT_REGION, no luck.

Thanks, Lars


gchen    Jan 11 11:42PM 2018

AWS_DEFAULT_REGION is available only in boto3, but not boto.

I think it is just boto failed to parse the region name when 'eu-central-1' goes with 'dualstack'. Endpoints for other regions seem to work fine, like s3.dualstack.us-west-1.amazonaws.com.

I might be able to modify boto to fix the parsing issue. Please stay tuned.


gchen    Jan 12 1:04AM 2018

Can you try this build: http://acrosync.com/esxi/vertical (sha256: 52012c7f4680d75df25f77f10800d5f2952120580786c28f1395e4e6f2210680).

I don't have an IPv6 only esxi to test, but it worked fine on an IPv4 esxi with s3://s3.dualstack.eu-central-1.amazonaws.com/duplicacy-eu as the storage url.


Lars    Jan 12 8:28AM 2018

Hi,

works like a charm, you are super-quick!

I am going to buy the license.

Thanks, Lars


Log in to comment
Copyright © Acrosync LLC 2017