Getting Started with the Swift S3 API – Articles

Objective

The Swift s3api middleware providing S3 API compatibility has been enabled on all Public Cloud regions. This guide will help you access objects in Swift using a software designed to interact with S3-compatible endpoints.

Requirements

Instructions

Set the OpenStack environment variables

user@host:~$ source <user_name>-openrc.sh
Please enter your OpenStack Password for project <project_name> as user <user_name>:

Install OpenStack client if needed

user@host:~$ pip install python-openstackclient

OpenStack client command reference here.

Create EC2 credentials

S3 tokens are different, you need 2 parameters (access and secret) to generate a S3 token. These credentials will be safely stored in Keystone. To generate it:

With python-openstack client:

user@host:~$ openstack ec2 credentials create
+------------+----------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                      |
+------------+----------------------------------------------------------------------------------------------------------------------------+
| access     | 5a4d8b8d88104123a862c527ede5a3d3                                                                                           |
| links      | {u'self': u'https://auth.cloud.ovh.us/v3/users/d74d05ff121b44bea9216495e7f0df61/credentials/OS-                     |
|            | EC2/5a4d8b8d88104123a862c527ede5a3d3'}                                                                                     |
| project_id | 20e124b71be141299e111ec26b1892fa                                                                                           |
| secret     | 925d5fcfcd9f436d8ffcb20548cc53a2                                                                                           |
| trust_id   | None                                                                                                                       |
| user_id    | d74d05ff121b44bea9216495e7f0df61                                                                                           |
+------------+----------------------------------------------------------------------------------------------------------------------------+

With curl:

user@host:~$ curl -s -D headers -H "Content-Type: application/json" -d '
{ "auth": {
    "identity": {
      "methods": ["password"],
      "password": {
        "user": {
          "name": "'$OS_USERNAME'",
          "domain": { "name": "'$OS_USER_DOMAIN_NAME'" },
          "password": "'$OS_PASSWORD'"
        }
      }
    },
    "scope": {
      "project": {
        "name": "'$OS_PROJECT_NAME'",
        "domain": { "name": "'$OS_PROJECT_DOMAIN_NAME'" }
      }
    }
  }
}' "${OS_AUTH_URL}/auth/tokens" > token_info
user@host:~$ OS_TOKEN=$(egrep "^X-Subject-Token:" headers | awk '{print $2}')
user@host:~$ OS_USER_ID=$(cat token_info  | jq -r '.["token"]["user"]["id"]')
user@host:~$ OS_PROJECT_ID=$(cat token_info  | jq -r '.["token"]["project"]["id"]')
user@host:~$ curl -s -X POST -H "Content-Type: application/json" -H "X-Auth-Token: $OS_TOKEN" -d '{"tenant_id": "$OS_PROJECT_ID"}' "${OS_AUTH_URL}/users/${OS_USER_ID}/credentials/OS-EC2" | jq .
{
  "credential": {
    "user_id": "d74d05ff121b44bea9216495e7f0df61",
    "links": {
      "self": "https://auth.cloud.ovh.us/v3/users/d74d05ff121b44bea9216495e7f0df61/credentials/OS-EC2/660c89cfc4764271ba169941c7b2f310"
    },
    "tenant_id": "20e124b71be141299e111ec26b1892fa",
    "access": "660c89cfc4764271ba169941c7b2f310",
    "secret": "fc9e8eb545724accadcfabbd99207df1",
    "trust_id": null
  }
}

Configure aws client

Install the aws client and configure it as follows:

user@host:~$ pip install awscli awscli-plugin-endpoint
[...]
user@host:~$ cat .aws/config
[plugins]
endpoint = awscli_plugin_endpoint

[profile default]
aws_access_key_id = <access fetched in previous step>
aws_secret_access_key = <secret fetched in previous step>
region = <public cloud region in lower case>
s3 =
  endpoint_url = https://s3.<public cloud region>.cloud.ovh.us
  signature_version = s3v4
  addressing_style = virtual
s3api =
  endpoint_url = https://s3.<public cloud region>.cloud.ovh.us

Note: Replace <public cloud region> in the above example with either us-east-va or us-west-or for the Vint Hill or Hillsboro data centers respectively.

Virtual hosted-style and path-style access are supported in all regions, but we recommend to use virtual hosted-style since path-style access will be deprecated after September 30, 2020.

Use aws client

List buckets (containers):

user@host:~$ aws --profile default s3 ls

Create a new bucket:

user@host:~$ aws --profile default s3 mb s3://bucket

S3 no longer supports creating bucket names that contain uppercase letters or underscores. S3 Buckets can only be created on PCS policy (Object Storage)

Upload a local file to Swift:

user@host:~$ aws --profile default s3 cp file.txt s3://bucket/file.txt

Download an object from Swift:

user@host:~$ aws --profile default s3 cp s3://bucket/file.txt file.txt

Delete a Swift object:

user@host:~$ aws --profile default s3 rm s3://bucket/file.txt

Delete a bucket:

user@host:~$ aws --profile default s3 rb s3://bucket

Go further

OpenStack client command reference here
S3 client command reference here

Articles in this section