Objective
The Swift s3api middleware providing S3 API compatibility has been enabled on all Public Cloud regions. This guide will help you access objects in Swift using a software designed to interact with S3-compatible endpoints.
Requirements
Instructions
Set the OpenStack environment variables
user@host:~$ source <user_name>-openrc.sh
Please enter your OpenStack Password for project <project_name> as user <user_name>:
Install OpenStack client if needed
user@host:~$ pip install python-openstackclient
OpenStack client command reference here.
Create EC2 credentials
S3 tokens are different, you need 2 parameters (access and secret) to generate a S3 token. These credentials will be safely stored in Keystone. To generate it:
With python-openstack client:
user@host:~$ openstack ec2 credentials create
+------------+----------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+----------------------------------------------------------------------------------------------------------------------------+
| access | 5a4d8b8d88104123a862c527ede5a3d3 |
| links | {u'self': u'https://auth.cloud.ovh.us/v3/users/d74d05ff121b44bea9216495e7f0df61/credentials/OS- |
| | EC2/5a4d8b8d88104123a862c527ede5a3d3'} |
| project_id | 20e124b71be141299e111ec26b1892fa |
| secret | 925d5fcfcd9f436d8ffcb20548cc53a2 |
| trust_id | None |
| user_id | d74d05ff121b44bea9216495e7f0df61 |
+------------+----------------------------------------------------------------------------------------------------------------------------+
With curl:
user@host:~$ curl -s -D headers -H "Content-Type: application/json" -d '
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "'$OS_USERNAME'",
"domain": { "name": "'$OS_USER_DOMAIN_NAME'" },
"password": "'$OS_PASSWORD'"
}
}
},
"scope": {
"project": {
"name": "'$OS_PROJECT_NAME'",
"domain": { "name": "'$OS_PROJECT_DOMAIN_NAME'" }
}
}
}
}' "${OS_AUTH_URL}/auth/tokens" > token_info
user@host:~$ OS_TOKEN=$(egrep "^X-Subject-Token:" headers | awk '{print $2}')
user@host:~$ OS_USER_ID=$(cat token_info | jq -r '.["token"]["user"]["id"]')
user@host:~$ OS_PROJECT_ID=$(cat token_info | jq -r '.["token"]["project"]["id"]')
user@host:~$ curl -s -X POST -H "Content-Type: application/json" -H "X-Auth-Token: $OS_TOKEN" -d '{"tenant_id": "$OS_PROJECT_ID"}' "${OS_AUTH_URL}/users/${OS_USER_ID}/credentials/OS-EC2" | jq .
{
"credential": {
"user_id": "d74d05ff121b44bea9216495e7f0df61",
"links": {
"self": "https://auth.cloud.ovh.us/v3/users/d74d05ff121b44bea9216495e7f0df61/credentials/OS-EC2/660c89cfc4764271ba169941c7b2f310"
},
"tenant_id": "20e124b71be141299e111ec26b1892fa",
"access": "660c89cfc4764271ba169941c7b2f310",
"secret": "fc9e8eb545724accadcfabbd99207df1",
"trust_id": null
}
}
Configure aws client
Install the aws client and configure it as follows:
user@host:~$ pip install awscli awscli-plugin-endpoint
[...]
user@host:~$ cat .aws/config
[plugins]
endpoint = awscli_plugin_endpoint
[profile default]
aws_access_key_id = <access fetched in previous step>
aws_secret_access_key = <secret fetched in previous step>
region = <public cloud region in lower case>
s3 =
endpoint_url = https://s3.<public cloud region>.cloud.ovh.us
signature_version = s3v4
addressing_style = virtual
s3api =
endpoint_url = https://s3.<public cloud region>.cloud.ovh.us
Note: Replace <public cloud region> in the above example with either us-east-va
or us-west-or
for the Vint Hill or Hillsboro data centers respectively.
Virtual hosted-style and path-style access are supported in all regions, but we recommend to use virtual hosted-style since path-style access will be deprecated after September 30, 2020.
Use aws client
List buckets (containers):
user@host:~$ aws --profile default s3 ls
Create a new bucket:
user@host:~$ aws --profile default s3 mb s3://bucket
S3 no longer supports creating bucket names that contain uppercase letters or underscores. S3 Buckets can only be created on PCS policy (Object Storage)
Upload a local file to Swift:
user@host:~$ aws --profile default s3 cp file.txt s3://bucket/file.txt
Download an object from Swift:
user@host:~$ aws --profile default s3 cp s3://bucket/file.txt file.txt
Delete a Swift object:
user@host:~$ aws --profile default s3 rm s3://bucket/file.txt
Delete a bucket:
user@host:~$ aws --profile default s3 rb s3://bucket