search

mail-in-a-box / mailinabox

Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.
https://mailinabox.email/
Creative Commons Zero v1.0 Universal
13.98k stars 1.44k forks source link

S3 Backup Connection reset by peer #1631

Open OfficialBeatzcoin opened 5 years ago

OfficialBeatzcoin commented 5 years ago

I have my S3 and user account (for the access key and secret key) managed by Terraform. From that, I’m able to grab the access key and secret key once created. I use the admin UI to set the region, bucket name & path, and access / secret key. The UI accepts the values with an “OK” modal. However, the backup itself fails. I have attached the error message from a manual backup attempt as well as the bucket policy for the user account whose access and secret key I'm using.

ubuntu@mail:~/mailinabox/management$ sudo ./backup.py Attempt 1 failed. error: [Errno 104] Connection reset by peer Attempt 2 failed. error: [Errno 104] Connection reset by peer Attempt 3 failed. error: [Errno 104] Connection reset by peer Attempt 4 failed. error: [Errno 104] Connection reset by peer Giving up after 5 attempts. error: [Errno 104] Connection reset by peer Traceback (most recent call last): File “./backup.py”, line 561, in perform_backup(full_backup) File “./backup.py”, line 279, in perform_backup get_env(env)) File “/home/ubuntu/mailinabox/management/utils.py”, line 123, in shell ret = getattr(subprocess, method)(cmd_args, **kwargs) File “/usr/lib/python3.6/subprocess.py”, line 311, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command ‘[’/usr/bin/duplicity’, ‘full’, ‘–verbosity’, ‘warning’, ‘–no-print-statistics’, ‘–archive-dir’, ‘/home/user-data/backup/cache’, ‘–exclude’, ‘/home/user-data/backup’, ‘–volsize’, ‘250’, ‘–gpg-options’, ‘–cipher-algo=AES256’, ‘/home/user-data’, ‘s3://s3.us-east-2.amazonaws.com/vibravid-email-storage/ms’, ‘–allow-source-mismatch’, “–ssh-options=’-i /root/.ssh/id_rsa_miab’”, ‘–rsync-options=-e “/usr/bin/ssh -oStrictHostKeyChecking=no -oBatchMode=yes -p 22 -i /root/.ssh/id_rsa_miab”’]’ returned non-zero exit status 50.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::my-bucket-name"
            ]
        },
        {
            "Action": [
                "s3:*"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::my-bucket-name/*"
            ]
        }
    ]
}
engineertdog commented 5 years ago

After digging, it's been determined that MiaB cannot support Signature v4 only regions.

Would anyone like to weigh in on making the change from Boto to Boto3 and the implications it may have? I've looked through the code and of course, Boto is only mentioned in a few places. However, Boto3 operates quite differently from Boto.