N2WS 3.1.x - Warning 'Error verifying access to EBS API in region: us-east-1. CPM will not use read from snapshot for instances in this region'
Issue summary
When running copy to S3 on version 3.1 it might raise the following warning.
Issue description and troubleshooting
This warning can be caused by permission issues, communication or lack of EBS Direct API endpoint in target region.
In version 3.1 we have started to use the new EBS Direct API for copy to S3 related operations, this new API let us read the blocks directly from the snapshot and help us reduce cost & time for copy process.
When the copy process starts the server make a call to target region to check if the EBS Direct API is accessible, if it is not then it will raise a warning and fallback to 3.0.x way of copy to S3 (using volumes instead of reading blocks from snapshots).
Troubleshooting:
First you need to check that the new API is available in your target region Link - Endpoints for the EBS direct APIs, if it is not available then this warning is expected and can be ignored.
If the API is available for the region, then you need to check that you have the latest permission updated for the N2WS server role.
You can find latest permissions attached here:
You can also Check permissions in the UI:
If it is available and you updated the json permissions, then you can connect to the N2WS server via ssh(user is cpmuser & your private key) to test the connection manually.
If you don't know how to connect via SSH, You can see information from AWS on how to connect by clicking on the instance and then connect:
Once connected, you can test connectivity/permissions by running this command:
- aws ebs list-snapshot-blocks
--snapshot-id snap-05cddc7aa3c379497 --region us-east-1
Note: You need to replace us-east-1 with the relevant region, the region to choose is the one where the snapshot to copy is located
Note: If you run the command with snapshot id that does not exist, then the expected result is ‘snapshot not found’ - meaning command was able to reach the endpoint and had permission.
If it fails, it might timeout or give you permission issue:
You need to make sure that the API endpoint in the target region is accessible from N2WS server and that there is no permission issue.
Links
- Another KB for Copy to S3 with the new API: N2WS 3.1.x - worker reported error: failed processing segment 0 : Failed to load blocks meta-data
Related Articles
N2WS 3.1.x - worker reported error: failed processing segment 0 : Failed to load blocks meta-data
Issue summary When running copy to S3 on version 3.1 it might fails with below error: Issue description and troubleshooting This error is usually caused by communication issues with the EBS Direct API endpoint. In version 3.1 we have started to use ...N2WS 3.1.x - Warning Could not process CBT for volume snapshots
Issue summary When running backup for EBS volumes on version 3.1 it might raise the following warning: Issue description and troubleshooting This warning can be caused by permission issues, communication or lack of EBS Direct API endpoint in target ...How to retrieve logs from a CPM AWS Worker instance
Linux & AWS knowledge is required Please read the entire KB before starting. N2WS uses temporary EC2 worker instances for several operations (copy to S3, FLR, etc), In cases where a worker is failing before it could communicate with the main server, ...CPM RESTful API guide for CPM v2.6.0
Attached to this article is the user guide for CPM RESTful API v1.3 (for CPM v2.6.0 and up). For CPM CLI information see here: https://support.n2ws.com/portal/kb/articles/cli-guide-and-software-download-for-cpm-v2-6-0 You can find the latest version ...How to fully encrypt CPM server root and data volumes in EBS
The steps below will help you properly encrypt the CPM server root and data EBS volumes for an existing CPM server instance. If encrypting only the data volume, it is still necessary to launch a new CPM server instance. Then during initial CPM ...