Openstack Object Storage

From CAC Documentation wiki
Jump to navigation Jump to search

Red Cloud object storage can be accessed using the following interfaces:

Swift

S3

Known Issue: At this time, Red Cloud's s3 interface supports only AWS signature v2. InvalidAccessKeyId error will be returned if AWS signature v4 is used.

  1. To use the S3 interface, first create ec2 credentials for your Openstack account using the openstack ec2 credentials create command in the Openstack CLI client.
    • List existing ec2 credentials in your Openstack account using the openstack ec2 credentials list command or revoke one using openstack ec2 credentials delete.
  2. You can now use an s3 client or SDK to access the object storage. Remember to specify to use AWS signature v2 if your tool defaults to signature v4. For reference, here's a configuration file for s3cmd
[default]
access_key = <<ACCESS KEY>>
secret_key = <<SECRET KEY>>
host_base = redcloud.cac.cornell.edu:8443
host_bucket = redcloud.cac.cornell.edu:8443
signature_v2 = True
bucket_location = US
default_mime_type = binary/octet-stream
delete_removed = False
dry_run = False
encoding = UTF-8
encrypt = False
follow_symlinks = False
force = False
get_continue = False
gpg_command = /usr/local/bin/gpg
gpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
gpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
gpg_passphrase =
guess_mime_type = True
human_readable_sizes = False
list_md5 = False
preserve_attrs = True
progress_meter = True
recursive = False
recv_chunk = 4096
reduced_redundancy = False
send_chunk = 4096
skip_existing = False
socket_timeout = 300 
urlencoding_mode = normal
use_https = True
verbosity = WARNING

Globus

Red Cloud object storage is accessible via the cac#redcloud Globus endpoint. See documentation here on Globus access

Enabling Your Red Cloud Account on the Endpoint

  1. First create ec2 credentials for your Openstack account using the openstack ec2 credentials create command in the Openstack CLI client.
    • List existing ec2 credentials in your Openstack account using the openstack ec2 credentials list command or revoke one using openstack ec2 credentials delete.
    • If you have multiple Red Cloud accounts, you can only configure one account for Globus access at any given time.
  2. ssh to globus-redcloud.cac.cornell.edu and log in using your CAC user name and password.
  3. Create the ~/.globus directory: mkdir ~/.globus
  4. Create the following ~/.globus/s3 file:
 <CAC user name>;<access key>;<secret key>