NAME

nbdkit-S3-plugin - open disk images stored in Amazon S3 or Ceph

SYNOPSIS

 nbdkit S3 [access-key=...] [secret-key=...] [session-token=...]
           [endpoint-url=...]
           bucket=BUCKET key=FILENAME

DESCRIPTION

"nbdkit-S3-plugin" is a plugin for nbdkit(1) which lets you open single files stored in Amazon S3 or Ceph as disk images.

Currently it only allows read access, although write access may be added in future.

This plugin uses the Python Amazon Web Services SDK called Boto3.

EXAMPLE

 nbdkit S3 endpoint-url=https://ceph.example.com \
           bucket=MY-BUCKET key=disk.img

PARAMETERS

access-key=ACCESS_KEY

secret-key=SECRET_KEY

session-token=SESSION_TOKEN

The AWS credentials may be specified on the command line using these parameters, but it is more secure to pass them using files (see "CREDENTIALS" below).

endpoint-url=ENDPOINT

If accessing Ceph or another compatible S3 service, provide the endpoint URL through this parameter.

bucket=BUCKET

The bucket containing the file. This parameter is required.

key=FILENAME

The file name within the bucket. This parameter is required.

CREDENTIALS

Although AWS credentials can be passed to nbdkit on the command line, this is not secure since a user on the same machine could read them using ps(1).

A better way is to pass the credentials through the ~/.aws/credentials file. This takes the form:

 [default]
 aws_access_key_id = XXX
 aws_secret_access_key = YYY
 
 [profile]
 aws_access_key_id = XXX
 aws_secret_access_key = YYY

Different profiles from the file can be selected by setting the "AWS_PROFILE" environment variable.

There is much more information about credentials in the Boto3 documentation.

COMPARED TO S3FS-FUSE

s3fs-fuse (https://github.com/s3fs-fuse/s3fs-fuse) presents a whole S3 bucket as a FUSE filesystem, with each object in the bucket corresponding to a single file. It is therefore quite different from this plugin which turns a single S3 object into a block device.

FILES

$plugindir/nbdkit-S3-plugin

The plugin.

Use "nbdkit --dump-config" to find the location of $plugindir.

$HOME/.aws/credentials

AWS credentials can be passed to boto3 using this file.

ENVIRONMENT VARIABLES

"AWS_*"

Boto3 reads some credential information from "AWS_*" environment variables.

VERSION

"nbdkit-S3-plugin" first appeared in nbdkit 1.24.

SEE ALSO

nbdkit(1), nbdkit-plugin(3), nbdkit-python-plugin(3), https://pypi.org/project/boto3/, https://boto3.amazonaws.com/v1/documentation/api/latest/index.html, https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html.

AUTHORS

Richard W.M. Jones

COPYRIGHT

Copyright (C) 2020 Red Hat Inc.

LICENSE

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

• Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
• Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
• Neither the name of Red Hat nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.