Fork me on GitHub
#datomic
<
2016-05-16
>
Kira Sotnikov15:05:57

Hi guys, I did backup-db with encryption sse flag to S3. I downloaded same file and don't see difference between encrypted and non encrypted backups

Kira Sotnikov15:05:31

I would like store my backups encrypted. What I'm doing wrong? ._.

Kira Sotnikov15:05:06

./bin/datomic backup-db --encryption sse -Ddatomic.s3BackupConcurrency=350 $uri s3://$backup_bucket/encrypted/${db_name}

Kira Sotnikov16:05:50

And might be are there a way to check this behavoiur? Also, if I copy my backups from s3 to another place, am I able to restore-db with ecrypted backup files?

Ben Kamphaus16:05:26

@lowl4tency: the invocation looks correct to me on first glance. I’ll look into it. Also, re: your previous question, the expectation is that processes are down for a restore until its complete for non-dev transactors. if transasctor/peer are up they may fall over on seeing inconsistency.

Kira Sotnikov16:05:32

bkamphaus: thank you for the answer, btw I use datomic-pro-0.9.5344 for backup-db

Kira Sotnikov16:05:51

I use diff for comparing files. Also I check out it over cat. Don't see difference ._. as far as i understand files shouldn't be same if I use encryption

Ben Kamphaus16:05:41

the encryption is amazon level, I haven’t thought through it entirely before but I don’t think you should see a file level difference if you’re actually able to inspect the files - it’s probably handled by some aspect of AWS access control.

Kira Sotnikov16:05:48

bkamphaus: thx, will check out how it works on AWS level and back 🙂

Kira Sotnikov16:05:21

bkamphaus: if I understand correctly encryption in datomic implemented via this http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html

Ben Kamphaus16:05:28

@lowl4tency: if you look at one of the files in the AWS management console view for s3, under properties in the drop down menu there should be a “Details” expandable view where you can see if “Server Side Encryption” is listed as either None or AES-256.

Ben Kamphaus16:05:55

trying to find an equivalent cli invocation, no luck thus far.

sdegutis19:05:49

Does :db.error/transaction-timeout mean the transaction did not happen, or only that requesting the transaction's result simply timed out?

sdegutis19:05:14

Ah, found it: "When a transaction times out, the peer does not know whether the transaction succeeded, and will need to query a recent value of the database to discover what happened."

Ben Kamphaus19:05:16

@sdegutis: you don't know until you reconnect and check. Pitfalls of distributed systems and all that.

sdegutis19:05:35

Great. Just queried the database and figured it out. Thanks.

sdegutis19:05:45

The docs say to use the overloaded Future.get() method that accepts a timeout, but I still got a timeout even though I didn't pass one and didn't set it via System/setProperty either. Is there a default timeout value or something?

sdegutis19:05:51

Ah, datomic.txTimeoutMsec defaults to 10000.

zane19:05:17

Datomic doesn't have a built-in query log or anything like that, does it?

Kira Sotnikov20:05:30

bkamphaus: wow, yeah exactly I see the checkpoint AES-256. I've read the doc more carefully, so when I downloaded the file it's non-encrypted yet 🙂