Giter Club home page Giter Club logo

coldsnap's Introduction

coldsnap

coldsnap is a command-line interface that uses the Amazon EBS direct APIs to upload and download snapshots.

It does not need to launch an EC2 instance or manage EBS volume attachments. It can be used to simplify snapshot handling in an automated pipeline.

Usage

Upload a local file into an EBS snapshot:

$ coldsnap upload disk.img

If you want to wait for the uploaded snapshot to be in "available" state, add --wait:

$ coldsnap upload --wait disk.img

Alternately, you can use coldsnap wait, which offers more flexibility in terms of wait duration and behavior.

$ coldsnap wait snap-1234

Download an EBS snapshot into a local file:

$ coldsnap download snap-1234 disk.img

Run coldsnap --help to see more options.

Installation

coldsnap can be installed using cargo.

$ cargo install --locked coldsnap

Security

See CONTRIBUTING for more information.

License

This project is licensed under the Apache-2.0 License.

coldsnap's People

Contributors

amazon-auto avatar bcressey avatar cbgbt avatar dependabot[bot] avatar ecpullen avatar grahamc avatar jpculp avatar rpkelly avatar rtzoeller avatar shepmaster avatar stmcginnis avatar tjkirch avatar wang384670111 avatar webern avatar zmrow avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

webern tjkirch jpculp padonija bcressey john-morales kdavyd shepmaster anoopjc rpkelly rtzoeller okudajun cbgbt oodog0126 devopsmn daiyy iq-scm adammw ecpullen tuananh wang384670111

coldsnap's Issues

Support reading and writing to volumes

This is a new feature request for coldsnap to support reading and writing to volumes at a block level. coldsnap should support:

  1. Creating snapshots from a volume using the raw device name of the volume such as /dev/hdh. This will allow volumes to be backed up to an EBS snapshot.

  2. Recovering a snapshot to a volume using the raw device name of the volume such as /dev/hdh. This will allow a volume to be recovered from an EBS snapshot.

update aws sdk: newer versions of the aws sdk do not have nativetls feature flags

Attempting to update the aws SDK libraries results in the error below. It appears the feature flags to enable native-tls support have been removed in favor of a different mechanism.

/home/ANT.AMAZON.COM/brigmatt/.cargo/bin/cargo metadata --verbose --format-version 1 --all-features --filter-platform x86_64-unknown-linux-gnu
stdout :     Updating crates.io index
error: failed to select a version for `aws-sdk-ebs`.
    ... required by package `coldsnap v0.6.0 (/home/ANT.AMAZON.COM/brigmatt/repos/coldsnap)`
versions that meet the requirements `^0.36` are: 0.36.0

the package `coldsnap` depends on `aws-sdk-ebs`, with features: `native-tls` but `aws-sdk-ebs` does not have these features.


failed to select a version for `aws-sdk-ebs` which could resolve this conflict

stderr :

Support for Tags

I'm looking at using coldsnap as an input to my terraform codebase for deploying. I'm thinking about querying the uploaded snapshots with Terraform's snapshot data source, creating AMIs, and then using that as the input for launchconfigs. To make this work, it'd be interesting to have support for tagging snapshots to give more details for the snapshot data source.

I wonder if there are any opinions of if this is a good workflow in general? Perhaps there are other workflows that someone else here could suggest as an alternative?

Separately, would a PR implementing support for arbitrary tags be wanted?

add support for downloading to an existing file

It might be useful to add an option to write a downloaded snapshot directly to a file, such as a block device. That would avoid the need for intermediate storage, trading off safety and correctness checks.

SnapshotUploader::upload_from_file should not retry file permission errors

I am currently working on an image builder (go figure!), which happens to write images with root:root -rw------- permissions. Running coldsnap as my regular user doesn't work because it can't read it, but it doesn't tell me that1; it just hangs at 0% progress.

This is related to #216 and similar, but there are certain classes of errors that should just not be retried.

Unfortunately coming up with a list of errors that should never be retried is pretty obnoxious so I might suggest attempting to open the file for reading before even calling ebs:StartSnapshot; while ENOENT will occur at the fs::metadata call, that call doesn't catch this type of permissions issue.

Footnotes

  1. actually it does if i'm patient and willing to wait ~2.5 minutes apparently longer but i'm not โ†ฉ

Docker image / pre-built binary

It would be awesome to provide a Docker image or pre-built binaries! I installed coldsnap manually, but since I don't use Rust it took me a solid 30 minutes to have everything running.

v0.4.3 should have been v0.5.0

The v0.4.3 release breaks simple use of cargo update in crates depending on coldsnap.

This is because to use structs like SnapshotUploader, you need to pass in an EbsClient struct from the aws-sdk-ebs crate. Downstream crates that use the coldsnap library also need to install aws-sdk-ebs. The version of aws-sdk-ebs was bumped from 0.18 to 0.24, which makes the EbsClient accepted by SnapshotUploader::new a different type, considered a breaking change.

While this didn't impact me because I was using a git dependency, I recommend yanking v0.4.3 and republishing as v0.5.0.

Failed to put block: snapshot does not exist

Saw this error when trying to upload a ~2GB file. I'm not sure if there's a timing issue in coldsnap, where it needs to wait for some confirmation before uploading blocks, or if it's on the EBS side, or...

Failed to upload snapshot: Failed to put 9 blocks for snapshot 'snap-abcdef':
Failed to put block 2 for snapshot 'snap-abcdef': The snapshot 'snap-abcdef' does not exist.
Failed to put block 3 for snapshot 'snap-abcdef': The snapshot 'snap-abcdef' does not exist.
Failed to put block 35 for snapshot 'snap-abcdef': The snapshot 'snap-abcdef' does not exist.
Failed to put block 258 for snapshot 'snap-abcdef': The snapshot 'snap-abcdef' does not exist.
Failed to put block 514 for snapshot 'snap-abcdef': The snapshot 'snap-abcdef' does not exist.
Failed to put block 770 for snapshot 'snap-abcdef': The snapshot 'snap-abcdef' does not exist.
Failed to put block 1282 for snapshot 'snap-abcdef': The snapshot 'snap-abcdef' does not exist.
Failed to put block 1794 for snapshot 'snap-abcdef': The snapshot 'snap-abcdef' does not exist.
Failed to put block 2047 for snapshot 'snap-abcdef': The snapshot 'snap-abcdef' does not exist.

Downloads will fail if there is a block whoes is greater than 4096

The download verb will fail if the target snapshot has a block whose index is greater than 4096.
It seems because this line tries to calculate the offset in i32.

        let offset = context.block_index * block_size;

The type of context.block_index and block_size; changed was changed to i32 at 118e586 when the AWS SDK coldsnap uses was replaced with AWS's one, and now offset can be up to 2**31-1. The block size is always 512 KiB so far, and block indices of 4096 or larger would cause bigger offsets than 2**31-1.

For example, I have a snapshot that consists of one block whose BlockIndex is 4096.

~/coldsnap$ aws ebs list-snapshot-blocks --snapshot-id snap-0261b433148779711
{
    "Blocks": [
        {
            "BlockIndex": 4096,
            "BlockToken": "ACEBAa+ZbZWpFtWhTvG78qLqkPdvXv+lqBUSfwlbNA0m53UMaQJSMF2nRYTh"
        }
    ],
    "ExpiryTime": 1660512865.211,
    "VolumeSize": 3,
    "BlockSize": 524288
}

If I try to download the snapshot, it will fail.

~/coldsnap$ git status
HEAD detached at v0.4.0
nothing to commit, working tree clean
~/coldsnap$ cargo b
    Finished dev [unoptimized + debuginfo] target(s) in 0.10s
~/coldsnap$ RUST_BACKTRACE=full cargo run -- --region us-west-2 download snap-0261b433148779711 /mnt/test.img
    Finished dev [unoptimized + debuginfo] target(s) in 0.13s
     Running `target/debug/coldsnap --region us-west-2 download snap-0261b433148779711 /mnt/test.img`
  Downloading  [                                                  ] 0/1 (0s)
thread 'main' panicked at 'attempt to multiply with overflow', /home/ubuntu/coldsnap/src/download.rs:344:22
stack backtrace:
   0:     0xaaaad1a7fb20 - std::backtrace_rs::backtrace::libunwind::trace::h2ae93b8a172c7e2c
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/../../backtrace/src/backtrace/libunwind.rs:93:5
   1:     0xaaaad1a7fb20 - std::backtrace_rs::backtrace::trace_unsynchronized::h0f06cf40aa7aae7e
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
   2:     0xaaaad1a7fb20 - std::sys_common::backtrace::_print_fmt::h7f872b389a3ec8cf
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/sys_common/backtrace.rs:66:5
   3:     0xaaaad1a7fb20 - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::h266a3ed794f7087f
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/sys_common/backtrace.rs:45:22
   4:     0xaaaad1aa24d8 - core::fmt::write::heec95e0584d70aa9
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/core/src/fmt/mod.rs:1197:17
   5:     0xaaaad1a79f34 - std::io::Write::write_fmt::h5f8fc3e116c2d68a
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/io/mod.rs:1672:15
   6:     0xaaaad1a811c4 - std::sys_common::backtrace::_print::hea499b4c6ea71818
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/sys_common/backtrace.rs:48:5
   7:     0xaaaad1a811c4 - std::sys_common::backtrace::print::hb12ed1083245fa94
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/sys_common/backtrace.rs:35:9
   8:     0xaaaad1a811c4 - std::panicking::default_hook::{{closure}}::ha2e478c9c51e1bc9
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/panicking.rs:295:22
   9:     0xaaaad1a80f18 - std::panicking::default_hook::ha8d2f60d84d0d06a
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/panicking.rs:314:9
  10:     0xaaaad1a81710 - std::panicking::rust_panic_with_hook::h5d39b9c0d5c93ea7
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/panicking.rs:698:17
  11:     0xaaaad1a815bc - std::panicking::begin_panic_handler::{{closure}}::hf31eb739ebb38a74
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/panicking.rs:586:13
  12:     0xaaaad1a7ffc8 - std::sys_common::backtrace::__rust_end_short_backtrace::h5b6d7c0cc0584595
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/sys_common/backtrace.rs:138:18
  13:     0xaaaad1a81344 - rust_begin_unwind
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/panicking.rs:584:5
  14:     0xaaaad0cf0204 - core::panicking::panic_fmt::h91686a7113e4b7c3
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/core/src/panicking.rs:142:14
  15:     0xaaaad0cf0120 - core::panicking::panic::h11a54ab253b162fe
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/core/src/panicking.rs:48:5
  16:     0xaaaad0da364c - coldsnap::download::SnapshotDownloader::download_block::{{closure}}::h024e282efb813929
                               at /home/ubuntu/coldsnap/src/download.rs:344:22
  17:     0xaaaad0de2198 - <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll::h95e880c1d7e45280
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/core/src/future/mod.rs:91:19
  18:     0xaaaad0da7018 - coldsnap::download::SnapshotDownloader::write_snapshot_blocks::{{closure}}::{{closure}}::{{closure}}::hbef382e5701b76c9
                               at /home/ubuntu/coldsnap/src/download.rs:134:69
  19:     0xaaaad0ddfc40 - <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll::h0876dfed01c65528
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/core/src/future/mod.rs:91:19
  20:     0xaaaad0cfc0b4 - <futures_util::stream::futures_unordered::FuturesUnordered<Fut> as futures_core::stream::Stream>::poll_next::h58fc83f127c43e28
                               at /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/futures-util-0.3.21/src/stream/futures_unordered/mod.rs:514:17
  21:     0xaaaad0cff18c - futures_util::stream::stream::StreamExt::poll_next_unpin::h6164735306546f34
                               at /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/futures-util-0.3.21/src/stream/stream/mod.rs:1626:9
  22:     0xaaaad0d3f0d0 - <futures_util::stream::stream::for_each_concurrent::ForEachConcurrent<St,Fut,F> as core::future::future::Future>::poll::h78cfc48390a84a42
                               at /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/futures-util-0.3.21/src/stream/stream/for_each_concurrent.rs:104:19
  23:     0xaaaad0da6804 - coldsnap::download::SnapshotDownloader::write_snapshot_blocks::{{closure}}::ha98a2dfbce6bd222
                               at /home/ubuntu/coldsnap/src/download.rs:145:17
  24:     0xaaaad0de01ac - <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll::h232424f47dcc923e
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/core/src/future/mod.rs:91:19
  25:     0xaaaad0da5054 - coldsnap::download::SnapshotDownloader::download_to_file::{{closure}}::h3a2892067838da2a
                               at /home/ubuntu/coldsnap/src/download.rs:79:81
  26:     0xaaaad0ddffd0 - <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll::h1c6845d86849b956
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/core/src/future/mod.rs:91:19
  27:     0xaaaad0d3a55c - coldsnap::run::{{closure}}::h02404bf241a18bf5
                               at /home/ubuntu/coldsnap/src/bin/coldsnap/main.rs:62:18
  28:     0xaaaad0de39e8 - <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll::heac2709e27ea1f3f
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/core/src/future/mod.rs:91:19
  29:     0xaaaad0d3b3c8 - coldsnap::main::{{closure}}::hd7bda115dcd96854
                               at /home/ubuntu/coldsnap/src/bin/coldsnap/main.rs:28:26
  30:     0xaaaad0de1b50 - <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll::h7b73d35b30c80d16
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/core/src/future/mod.rs:91:19
  31:     0xaaaad0d041b0 - tokio::park::thread::CachedParkThread::block_on::{{closure}}::h4f51e26a1eb19619
                               at /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.20.1/src/park/thread.rs:263:54
  32:     0xaaaad0d9e1ac - tokio::coop::with_budget::{{closure}}::h716c3c0f45fe02ff
                               at /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.20.1/src/coop.rs:102:9
  33:     0xaaaad0d83704 - std::thread::local::LocalKey<T>::try_with::h5fb296ebf702dbf8
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/thread/local.rs:445:16
  34:     0xaaaad0d83210 - std::thread::local::LocalKey<T>::with::h17f6b191b02eb165
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/thread/local.rs:421:9
  35:     0xaaaad0d04050 - tokio::coop::with_budget::hd9c7cb19af694597
                               at /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.20.1/src/coop.rs:95:5
  36:     0xaaaad0d04050 - tokio::coop::budget::haf65f52c94e91359
                               at /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.20.1/src/coop.rs:72:5
  37:     0xaaaad0d04050 - tokio::park::thread::CachedParkThread::block_on::hc8ed832d4848b124
                               at /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.20.1/src/park/thread.rs:263:31
  38:     0xaaaad0d82eb0 - tokio::runtime::enter::Enter::block_on::h8a97993a642fe5ef
                               at /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.20.1/src/runtime/enter.rs:152:13
  39:     0xaaaad0d91738 - tokio::runtime::thread_pool::ThreadPool::block_on::h19a6f0001ca4cf67
                               at /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.20.1/src/runtime/thread_pool/mod.rs:90:9
  40:     0xaaaad0dca808 - tokio::runtime::Runtime::block_on::h05205eb41c708c09
                               at /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.20.1/src/runtime/mod.rs:484:43
  41:     0xaaaad0d2b9e0 - coldsnap::main::hea54b014f8c09cb2
                               at /home/ubuntu/coldsnap/src/bin/coldsnap/main.rs:28:5
  42:     0xaaaad0d71be8 - core::ops::function::FnOnce::call_once::hbcee081cecd61599
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/core/src/ops/function.rs:248:5
  43:     0xaaaad0d20e44 - std::sys_common::backtrace::__rust_begin_short_backtrace::h8e11853a3061cf82
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/sys_common/backtrace.rs:122:18
  44:     0xaaaad0d89a64 - std::rt::lang_start::{{closure}}::hd0460e4dd3def126
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/rt.rs:145:18
  45:     0xaaaad1a74d78 - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::ha34b090b924c5319
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/core/src/ops/function.rs:280:13
  46:     0xaaaad1a74d78 - std::panicking::try::do_call::hf0ce84185de29a75
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/panicking.rs:492:40
  47:     0xaaaad1a74d78 - std::panicking::try::h6272ec69a2c38c6d
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/panicking.rs:456:19
  48:     0xaaaad1a74d78 - std::panic::catch_unwind::hdd65fca3d75df9e2
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/panic.rs:137:14
  49:     0xaaaad1a74d78 - std::rt::lang_start_internal::{{closure}}::h2a26dda2a979959f
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/rt.rs:128:48
  50:     0xaaaad1a74d78 - std::panicking::try::do_call::h807c1c750a5bea45
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/panicking.rs:492:40
  51:     0xaaaad1a74d78 - std::panicking::try::h9bb8257e9dc87e14
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/panicking.rs:456:19
  52:     0xaaaad1a74d78 - std::panic::catch_unwind::h6ab89aba9edfca65
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/panic.rs:137:14
  53:     0xaaaad1a74d78 - std::rt::lang_start_internal::haecda974a76ae3b0
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/rt.rs:128:20
  54:     0xaaaad0d89a30 - std::rt::lang_start::h6f67db8dc9a76ebf
                               at /rustc/6f955bfdfe093edccd6936603d4a8a548293dcf5/library/std/src/rt.rs:144:17
  55:     0xaaaad0d2d5bc - main
  56:     0xffffb9540e10 - __libc_start_main
~/coldsnap$

coldsnap wait does not wait long enough

coldsnap wait waits until the snapshot ID is ready, but if you immediately try to download that snapshot ID after coldsnap wait you can get Failed to download snapshot: Failed to list snapshot blocks for 'snap-1234': The snapshot does not exist

Maybe coldsnap wait should also check that the list snapshot blocks API call works?

Add requirements to README

As far as I could tell, it is required to have the aws cli installed and configured.
It is mentioned nowhere though.
Of course it might seem obvious to most users, but if you are an AWS newbie and quickly want to get something done on a new machine, well you are out of luck.

Also the error message is absolutely not helpful when aws cli is missing.

I happily make a PR for the README, if you confirm me that my assumptions about the requirements are correct :)

Thanks for the hard work
Q.

Edit (from webern):

  • Update the README to make it more clear how credentials are obtained
  • See if the error message can be improved (the underlying error seems to be missing)

Improve error handling on upload failures

Coldsnap has built in retries with increasing backoff delays when uploading blocks. It can be hard to tell what is happening during this time since there is no output while the retries are happening.

https://github.com/awslabs/coldsnap/blob/develop/src/upload.rs#L171-L188

It might be useful to add a --verbose flag to the command to be able to get a little more insight into what is going on. Or just default to emit some sort of warning message that a retry is happening.

The number of times retries happen also seems to be a little too high.SNAPSHOT_BLOCK_ATTEMPTS is current set to 12. It seems likely that if the upload does not succeed after 3-5 attempts, it's not going to.

It would also be good if coldsnap recognized some failures that are not worth retrying as they are not transient failures. Things like AccessDeniedException as @grosser encountered in bottlerocket-os/bottlerocket#2667 should just immediately fail:

Failed to put block 1551 for snapshot 'snap-0f48e9c316f6fa504': TransientError: connection closed before message completed
Failed to put block 1552 for snapshot 'snap-0f48e9c316f6fa504': AccessDeniedException: User: arn:aws:sts::589470546123:assumed-role/compute-arf/[email protected] is not authorized to perform: ebs:PutSnapshotBlock on resource: arn:aws:ec2:us-west-2::snapshot/snap-0f48e9c316f6fa504 because no identity-based policy allows the ebs:PutSnapshotBlock action

fix dependency hell: hide foreign types from public interface

We have created a dependency hell where tough, pubsys, and testsys all need to update the aws-sdk libraries in lockstep. This is because we have exposed types from these libraries in our public interface. Here is one such example:

https://github.com/awslabs/coldsnap/blob/d2615ece51be73966b82ebc4469516f1fd53cf4f/src/download.rs#L48C20-L48C38

We need to replace these types with types of our own that hide the underlying type. In other words, in the above example, instead of taking an EbsClient as the input, we need to take a coldsnap::Client object that wraps and hides the foreign type.

We should scrub for additional exposed types and consider whether or not they should be hidden. Sometimes libraries are so stable on a major version that it is considered fine/idiomatic to expose them (Url for example), but as a general principle it is a very bad idea to leak someone else's types in a public interface.

Related: awslabs/tough#733

always downloads to the working directory

I'm pretty sure something happens in the handling of the download arguments such that specifying a path /Users/myself/Desktop/foo.blob doesn't work and instead it downloads to ./foo.blob.

Edit: maybe that was intended, and instead its a feature request to change the positional filename argument to a filepath (or just file) argument.

Downloading snap to s3fs mount: Input/output error (os error 5)

Issue

Input/output error (os error 5) when downloading a snapshot directly to an s3fs-fuse mount

root@ip-172-31-36-184:~# coldsnap --region eu-central-1 --endpoint vpce-0026c3e27a1fcca8a-ldm2x3xi.ebs.eu-central-1.vpce.amazonaws.com download snap-079c86dd226586ca7 /s3-evidance/snap-079c86dd226586ca7.ebs
Failed to download snapshot: Failed to extend temporary file '/s3-evidance/.tmpsobmp0': Input/output error (os error 5)

s3fs

root@ip-172-31-36-184:~# s3fs --version
Amazon Simple Storage Service File System V1.86 (commit:unknown) with GnuTLS(gcrypt)
Copyright (C) 2010 Randy Rizun <[email protected]>
License GPL2: GNU GPL version 2 <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

s3fs mount command

s3fs evidance /s3-evidance -o iam_role="auto" -o url="https://s3-eu-central-1.amazonaws.com"

root@ip-172-31-36-184:~# grep s3 /etc/mtab
s3fs /s3-evidance fuse.s3fs rw,nosuid,nodev,relatime,user_id=0,group_id=0 0 0

s3fs debug log

coldsnap-github-issue-s3fs.log

Cargo install failure

Hello team, I'm suddenly having an issue compiling coldsnap w/ cargo

root@ip-172-31-13-149:~# cargo install --locked coldsnap
    Updating crates.io index
  Downloaded coldsnap v0.3.2
  Downloaded 1 crate (28.9 KB) in 0.21s
  Installing coldsnap v0.3.2
  Downloaded chrono v0.4.19
  Downloaded ppv-lite86 v0.2.10
  Downloaded rand v0.8.4
  Downloaded digest v0.9.0
  Downloaded cpufeatures v0.1.5
  Downloaded bitflags v1.2.1
  Downloaded autocfg v1.0.1
  Downloaded bytes v1.0.1
  Downloaded num-traits v0.2.14
  Downloaded md-5 v0.9.1
  Downloaded rusoto_credential v0.47.0
  Downloaded ryu v1.0.5
  Downloaded futures-task v0.3.16
  Downloaded futures-macro v0.3.16
  Downloaded hex v0.4.3
  Downloaded httpdate v1.0.1
  Downloaded rand_chacha v0.3.1
  Downloaded proc-macro-hack v0.5.19
  Downloaded rand_core v0.6.3
  Downloaded native-tls v0.2.7
  Downloaded hashbrown v0.11.2
  Downloaded mio v0.7.13
  Downloaded openssl-probe v0.1.4
  Downloaded memchr v2.4.0
  Downloaded terminal_size v0.1.17
  Downloaded serde_derive v1.0.126
  Downloaded tower-service v0.3.1
  Downloaded typenum v1.13.0
  Downloaded regex v1.5.4
  Downloaded libc v0.2.98
  Downloaded tokio v1.8.3
  Downloaded tokio-macros v1.3.0
  Downloaded xml-rs v0.8.4
  Downloaded rusoto_ec2 v0.47.0
  Downloaded quote v1.0.9
  Downloaded matches v0.1.8
  Downloaded serde v1.0.126
  Downloaded proc-macro-nested v0.1.7
  Downloaded pkg-config v0.3.19
  Downloaded serde_json v1.0.66
  Downloaded hyper-tls v0.5.0
  Downloaded rusoto_core v0.47.0
  Downloaded snafu-derive v0.6.10
  Downloaded slab v0.4.3
  Downloaded proc-macro2 v1.0.28
  Downloaded openssl-sys v0.9.65
  Downloaded tempfile v3.2.0
  Downloaded futures v0.3.16
  Downloaded shlex v1.0.0
  Downloaded pin-utils v0.1.0
  Downloaded zeroize v1.4.1
error: failed to compile `coldsnap v0.3.2`, intermediate artifacts can be found at `/tmp/cargo-installZK2Wpv`

Caused by:
  failed to parse manifest at `/root/.cargo/registry/src/github.com-1ecc6299db9ec823/zeroize-1.4.1/Cargo.toml`

Caused by:
  feature `resolver` is required

  consider adding `cargo-features = ["resolver"]` to the manifest

Support EKS IAM roles for service accounts

The default Rusoto ChainProvider doesn't include WebIdentityProvider, so it doesn't pick up the IAM role associated with a ServiceAccount in EKS.

In our own tools that use Rusoto and run inside EKS, we use AutoRefreshingProvider::new(WebIdentityProvider::from_k8s_env()) as the credential provider. It would be great if there was a way to configure coldsnap to use this provider!

Add timeout to remote calls

We've seen a few occasions where coldsnap uploads have blocked forever in a rusoto call. We should add timeouts so the calls can fail, letting the error handling code either retry or inform the user.

tokio::time::timeout can wrap any future with a maximum duration; we can use it to wrap our rusoto calls.

AWS permission errors are hidden during upload

I was attempting to use this tool to upload a disk image inside an EC2 instance, but the estimates were out of control (16h for a recent one). After a bit of dbg!ing, I found out it was because the instance did not have the ebs:PutSnapshotBlock capability. After adding that to its IAM policy, the uploader actually made progress and the estimates shrunk down to ~5 minutes.

The only reason I figured this out was because I littered dbg! statements everywhere, which led me to here:

coldsnap/src/upload.rs

Lines 171 to 188 in 5e3adc5

let upload = stream::iter(block_contexts).for_each_concurrent(
SNAPSHOT_BLOCK_WORKERS,
|context| async move {
for attempt in 0..SNAPSHOT_BLOCK_ATTEMPTS {
// Increasing wait between attempts. (No wait to start, on 0th attempt.)
time::sleep(Duration::from_secs(attempt * SNAPSHOT_BLOCK_RETRY_SCALE)).await;
let block_result = self.upload_block(&context).await;
let mut block_errors = context.block_errors.lock().expect("poisoned");
if let Err(e) = block_result {
block_errors.insert(context.block_index, e);
continue;
}
block_errors.remove(&context.block_index);
break;
}
},
);

where I inspected the error being uncovered at

coldsnap/src/upload.rs

Lines 180 to 183 in 5e3adc5

if let Err(e) = block_result {
block_errors.insert(context.block_index, e);
continue;
}

which told me that I was missing that permission in my IAM policy.

It would be ideal for these errors to be printed out eventually (I did notice them still happening, despite adding that capability to the policy, so maybe not always? No, this was just some AWS eventual-consistency stuff -- no longer happens after letting things settle for a bit).

(I also needed the ebs:CompleteSnapshot capability, but maybe that's already obvious to more experienced AWS users.)

add user-agent header to API requests

EBS has asked us to add a user-agent header to coldsnap requests, so they can identify coldsnap usage and follow up if they notice any issues.

Rusoto added a similar header in rusoto/rusoto#382, but we don't want to assume that all Rusoto usage comes from coldsnap.

Snapshot restore : bad superblock

Trying to take the backup of the drive completly for testing purpose. Following issues are appearing

  1. Lets say if we have /dev/xvdf of 5GB it takes only snap of 1GB but does creates the snapshot in aws
  2. But when create the volume out of that snapshot and then try to mount get this error

mount: /data: wrong fs type, bad option, bad superblock on /dev/xvdi, missing codepage or helper program, or other error.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.