Provided by: nbdkit-plugin-python_1.32.5-1ubuntu2_amd64 
NAME
nbdkit-S3-plugin - expose data in Amazon S3 or Ceph buckets as block device
SYNOPSIS
nbdkit S3 [access-key=...] [secret-key=...] [session-token=...]
[endpoint-url=...]
[size=NN object-size=NN]
bucket=BUCKET key=STRING
DESCRIPTION
"nbdkit-S3-plugin" is a plugin for nbdkit(1) which lets you open objects stored in Amazon
S3 or Ceph as disk images.
This plugin uses the Python Amazon Web Services SDK called Boto3.
EXAMPLES
nbdkit S3 endpoint-url=https://ceph.example.com \
bucket=MY-BUCKET key=disk.img
Provides read only block device holding the data contained in the "disk.img" object.
nbdkit S3 endpoint-url=https://ceph.example.com \
size=50G object-size=128k \
bucket=MY-BUCKET key=disk
Provides a read-write block device with size 50G, whose contents are stored multiple in
objects of size 128k, prefixed with disk/
PARAMETERS
access-key=ACCESS_KEY
secret-key=SECRET_KEY
session-token=SESSION_TOKEN
The AWS credentials may be specified on the command line using these parameters, but
it is more secure to pass them using files (see "CREDENTIALS" below).
endpoint-url=ENDPOINT
If accessing Ceph or another compatible S3 service, provide the endpoint URL through
this parameter.
bucket=BUCKET
The bucket containing the object(s). This parameter is required.
key=STRING
The object name (if "size" is not specified) or object prefix (if "size" is specified)
to use within the bucket. This parameter is required.
size=SIZE
object-size=SIZE
These two parameters must always be specified together. If set, data will be split
into blocks of "object-size" and stored as separate objects. The block device will
report a total size of "size" and be writeable and trim-able.
Object names will have the form key/%16x, where %16x is the 16-digit hexadecimal block
number. If there are existing objects under such name that do not have the expected
size, the plugin will crash.
PERFORMANCE CONSIDERATIONS
It is highly recommended that clients do their utmost to issue requests that exactly match
the object size: Smaller write requests will incur a performance penalty due to the need
for read-modify-write cycles (thus also incurring latency from two network round-trips).
Larger read and write requests will incur a performance penalty because of sequential
execution.
The nbdkit-blocksize-filter(1) can be used to alleviate the impact of requests larger than
the object size, but does not help if the client issues requests smaller than the block
size.
The nbdkit-stats-filter(1) can be used to investigate what block sizes and alignments are
used by the client.
When connecting through the Linux kernel's NBD module, consider setting
"/sys/block/nbd<X>/queue/max_sectors_kb" to match the object size.
CREDENTIALS
Although AWS credentials can be passed to nbdkit on the command line, this is not secure
since a user on the same machine could read them using ps(1).
A better way is to pass the credentials through the ~/.aws/credentials file. This takes
the form:
[default]
aws_access_key_id = XXX
aws_secret_access_key = YYY
[profile]
aws_access_key_id = XXX
aws_secret_access_key = YYY
Different profiles from the file can be selected by setting the "AWS_PROFILE" environment
variable.
There is much more information about credentials in the Boto3 documentation.
COMPARISON TO S3FS-FUSE AND S3BACKER
s3fs-fuse (https://github.com/s3fs-fuse/s3fs-fuse) and s3backer
(https://github.com/archiecobbs/s3backer) provide similar functionality but are based on
FUSE (rather than NBD). They provide a regular file (backed by S3) which can then be
loopback-mounted to provide a block device. s3backer also supports to optionally encrypt
and compress objects.
In theory, NBD should provide better performance than FUSE, because:
• The kernel no longer serializes write and read requests but issues them concurrently.
• Read and write request size can exceed 128 kB
• The system can still be reliably hibernated (a running FUSE daemon may prevent this)
• Requests pass through the VFS only once, not twice
• Data is present in the page cache only once, not twice
However, for high-bandwith network connections s3backer and s3fs-fuse may be faster
because they are written in C rather than Python.
FILES
$plugindir/nbdkit-S3-plugin
The plugin.
Use "nbdkit --dump-config" to find the location of $plugindir.
$HOME/.aws/credentials
AWS credentials can be passed to boto3 using this file.
ENVIRONMENT VARIABLES
"AWS_*"
Boto3 reads some credential information from "AWS_*" environment variables.
VERSION
"nbdkit-S3-plugin" first appeared in nbdkit 1.24.
SEE ALSO
nbdkit(1), nbdkit-plugin(3), nbdkit-python-plugin(3), https://pypi.org/project/boto3/,
https://boto3.amazonaws.com/v1/documentation/api/latest/index.html,
https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html.
AUTHORS
Richard W.M. Jones
Nikolaus Rath
COPYRIGHT
Copyright (C) 2020-2022 Red Hat Inc.
LICENSE
Redistribution and use in source and binary forms, with or without modification, are
permitted provided that the following conditions are met:
• Redistributions of source code must retain the above copyright notice, this list of
conditions and the following disclaimer.
• Redistributions in binary form must reproduce the above copyright notice, this list of
conditions and the following disclaimer in the documentation and/or other materials
provided with the distribution.
• Neither the name of Red Hat nor the names of its contributors may be used to endorse
or promote products derived from this software without specific prior written
permission.
THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR CONTRIBUTORS
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.