IPV6 S3 endpoints not accessible

Lars · January 10, 2018, 7:51pm

Hello,

I am using an ESXi host with only IPV6, IPV4 is not configured. It looks like vertical does not have the Amazon S3 IPV6 endpoints implemented since the vertical init commands finishes up with error

Allowing outgoing connections on port 443 to connect to S3 servers
Failed to connect to the bucket vertical: gaierror(-2, ‘Name or service not known’)

Is there any known remedy for that?

Thanks,
Lars

Lars · January 11, 2018, 4:11am

OK, slight progress, but still not solved.

When I try to manually configure S3 endpoint with

vertical init esxi s3://s3.dualstack.eu-central-1.amazonaws.com/

I get the following error:

Failed to connect to the bucket : The authorization header is malformed; the region ‘dualstack’ is wrong; expecting ‘eu-central-1’

Does vertical support AWS dual-stack endpoints?

Thanks, Lars

gchen · January 11, 2018, 8:32pm

Vertical Backup uses boto (https://github.com/boto/boto) for the S3 library and I don’t know if boto supports IPv6 S3 endpoints. I’ll take a look.

Lars · January 11, 2018, 9:04pm

Hi,

I think boto handles IPv6 quite fine, the issue may be how the authorization header is contructed. In this case it looks the region is incorrectly parsed from the url. AWS defines endpoint naming scheme here:

https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region

Looks like the proper way is to extract the third part of the url from the right, not the second from the left

I also tried to force the region with with boto3 envvar AWS_DEFAULT_REGION, no luck.

Thanks,
Lars

gchen · January 12, 2018, 4:42am

AWS_DEFAULT_REGION is available only in boto3, but not boto.

I think it is just boto failed to parse the region name when ‘eu-central-1’ goes with ‘dualstack’. Endpoints for other regions seem to work fine, like s3.dualstack.us-west-1.amazonaws.com.

I might be able to modify boto to fix the parsing issue. Please stay tuned.

gchen · January 12, 2018, 6:04am

Can you try this build: http://acrosync.com/esxi/vertical (sha256: 52012c7f4680d75df25f77f10800d5f2952120580786c28f1395e4e6f2210680).

I don’t have an IPv6 only esxi to test, but it worked fine on an IPv4 esxi with s3://s3.dualstack.eu-central-1.amazonaws.com/duplicacy-eu as the storage url.

Lars · January 12, 2018, 1:28pm

Hi,

works like a charm, you are super-quick!

I am going to buy the license.

Thanks,
Lars