A central cloud service is the ability to store and retrieve objects. An object can for instance be a regular file. The NTNU OpenStack installations (SkyHiGh, stack.it) provides API's for storing and retrieving objects. Objects can be stored with access control, or publicly, depending on the users requirements.
The object storage is realized through an API which is compatible with Amazon S3 and OpenStack Swift.
Using the swift API's
There are three ways to use the swift API's, depending on the need of the user. One can either use the API directly, use the openstack CLI clients or use the Openstack Web-Interface.
Using the Swift API directly
To use the API directly one need to locate the APIs address. One way to get this address is through the use of the OpenStack CLI client command "openstack catalog show swift". This command will print three URL's, and you should use the one listed as "public". The API is documented here.
Using the openstack CLI clients
The openstack CLI clients are getting their configuration from the openstack installation, and is thus ready for use as soon as the client is authenticated. Relevant commands to start using the object storage is:
$ # To create a bucket (container) to store objects in: $ openstack container create Bøtte $ # To upload an object (here the file 10MFile.img is uploaded, and called MyObjectName) $ openstack object create Bøtte 10MFile.img --name MyObjectName $ # To display available objects $ openstack object list Bøtte $ # To delete an object $ openstack object delete Bøtte MyObjectName $ # To delete a bucket (container) $ openstack container delete Bøtte $ # To delete a bucket (container) with objects $ openstack container delete Bøtte -r
Using the openstack dashboard (horizon)
After logging in to the openstack dashboard you can select "Object Store → Containers" in the left-hand menu. At that point there are buttons to create containers, setting it public (allowing everyone to list the content of the container and download objects from the container, as long as you give them the URL), and upload/delete objects.
Using the S3 API's
The object store implemented supports API-calls compatible with amazon S3. It is thus possible to use an S3 client to connect to the object storage, but to do this the client need S3 credentials, which is something else than your username and password. To create a set of S3 credentials you would need to use the openstack CLI client:
$ #To create a set of credentials this command can be used: $ openstack --os-interface public ec2 credentials create $ # To list the credentials which can access containers belonging to your project, the following command can be used: $ openstack ec2 credentials list
To actually use the API you should look up a S3 API documentation page. The s3-api url for our clouds are:
- skyhigh: https://swift.skyhigh.iik.ntnu.no/
- stack.it: https://s3.stack.it.ntnu.no/
To find the API url you should use the command "openstack catalog show swift", and select the public URL from that command. When using S3 you should remove the "/swift/v1/<project-id" from the url.
Using the amazon aws command-line client:
The amazon aws client can be useful to get the full S3 functionality. The client is available in the ubuntu-repositories under the name "awscli". To use the client it needs to be configured with credentials in the file ".aws/credentials". The file could for example look like this:
$ cat .aws/credentials [default] aws_access_key_id = <access-key> aws_secret_access_key = <secret-key>
Storage resilliency
The object storage solutions should be a safe space to store data. A very important aspect of this is to ensure that information stored here should not be lost. There are two levels of resilliency available, which are further described in this section.
Regardless of which level of resilliency you choose, all objects stored in this storage service will be replicated to three physical storage-servers. Should one of our storage-servers malfunction, there wil be at least two copies of all the data left, and a third copy would be created as soon as possible. The same will happen if a harddrive malfunctions. The storage-cluster is thus self-healing, and would hence provide a much safer storage than a regular harddrive or a regular file-share.
The object storage solution is not backed-up to any offline storage media (tapes). This means that there will be three copies of your data, but if you delete an object yourself, the object will be deleted. We will ensure to have multiple copies of all non-deleted data
Default containers
The default containers/buckets support mainly the following operations:
- Upload (PUT): Objects can be uploaded to a certain container, and given a certain name. If there is an object with the given name in the current container, that object will be overwritten (DELETE, then PUT).
- Download (GET): Existing objects can be downloaded. If the container is private (that is the default) a user needs to be authenticated first to be allowed to download the object.
- Delete (DELETE): Objects can be deleted. This will make all the three copies of this object being removed from the permanent storage, and the object will quickly become unavailable.
When a container is created, it works with these default settings. One can change a default-container to a versioned-container.
Versioned containers
Some use-cases requires object-storage with versioning. If it is desired to keep a history of overwritten and deleted objects the S3 API can be used to enable "versioning" which will change the PUT/GET/DELETE operations a little:
- Upload (PUT): When an object is uploaded it will be given a "version ID", and there will be set a flag called "latest" related to that object. Any objects with the same name will have the "latest" flag cleared.
- Download (GET): The download operation would select the latest object with the supplied name. If the newest object is a "deletion marker" the download operation would result in an 404, which is the same response one would get when requesting a non-existant object.
- It is possible to provide a specific version-id to a download-request; in which case that specific version of the object can be downloaded. It can be used to download previous versions of a given object.
- Delete (DELETE): The delete operations would upload an empty object with a "deleted" flag set. In other words; nothing will be deleted; just marked as deleted.
- It is possible to provice a specific version-id to the delete command. In this case the specific version of the object is actually deleted from storage, and is not recoverable anymore.
It is worth noting that there will never be deleted anything from a versioned container, unless you explicitly deletes older versions of a certain object. The storage consumption would thus in general only increase in such containers, and they are thus good candidates for data that rarely change, and that requires an audit-trail for changes.
Even though the versioning is a S3-specific command, the versioning would still apply to objects uploaded to the same container through swift. So; the versioning happens regardless of which interface is used to access the objects. To retrieve older versions of the objects requires the S3 API however.
The versioning of a container can be disabled. This will stop marking new objects with a version ID; but existing objects will still keep their version ID.
Configure versioning
To enable versioning to a certain container, it is best done using the aws cli client:
$ # To see if the container "FOO" in my project in skyhigh has versioning enabled, the following command can be used:
$ aws s3api get-bucket-versioning --bucket FOO --endpoint https://swift.skyhigh.iik.ntnu.no
{
"Status": "Enabled"
}
$ # The command will return either "Enabled" or "Suspended"
$
$ # To enable versioning on the FOO container in my skyhigh project, the following command can be used:
$ aws s3api put-bucket-versioning --bucket FOO --versioning-configuration Status=Enabled --endpoint https://swift.skyhigh.iik.ntnu.no
$
$ # To disable (suspend) versioning of the container "FOO" in my skyhigh project, the following command can be used:
$ aws s3api put-bucket-versioning --bucket FOO --versioning-configuration Status=Suspended --endpoint https://swift.skyhigh.iik.ntnu.no