Versions Compared

Old Version 8

changes.mady.by.user Anna Liao

Saved on

compared with

New Version Current

changes.mady.by.user micheal.jones@cybera.ca

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Our implementation of object storage is powered by OpenStack’s Swift.

Some Use Cases

  • Static Web Assets

  • Large amounts of unstructured data (eg. map tiles, photos, etc.)

  • Archival (eg. tax records, backups, etc.)

  • Consistency/Protection

  • Apps that leverage extensive metadata on a file

Access

You can gain access to your containers and objects using several methods including the RAC Dashboard,  the swift command line client, interacting with the Swift API itself, or using a popular GUI application. Of note at present we don’t offer the S3 compatibility API used by some libraries to connect to Swift. (If you would like to use these feature please contact us at rac-admin@cybera.ca)

...

We offer Swift in both the Calgary region and the Edmonton region.

RAC Dashboard

You can create, delete, copy, and download objects and containers using the RAC Dashboard. Additional features such as setting metadata which is used for most advanced features are not available via the Dashboard.

Image Removed

Command Line (swift client)

If you haven’t already, it’s highly recommended you have reviewed Command-line Tools in the Advanced Guide. Installing the python-openstackclient should include installation of the python-swiftclient, but if you need to manually install it, follow the instructions below.

...

After sourcing your openrc file you can then use the swift command to interact with the  object storage. Examples can be found below.

Swift API

Additionally your application can leverage the Swift API directly - either using curl or existing libraries (such as Boto for Python).

GUI Applications

Cyberduck

Cyberduck is available for Mac OS X and Windows.

In order to use Cyberduck with RAC’s Object Storage you’ll need to download a special profile to set some extra settings for bookmarks in Cyberduck. You can download the generic profile or a profile we have created that is specific to RAC.

1. Download the additional profile from Cyberduck’s website called OpenStack Swift (Keystone). Double click on this file and enter the following details in a new bookmark using the OpenStack Swift (Keystone) preset to access  the  object storage:

 

Server

keystone-yyc.cloud.cybera.ca or keystone-yeg.cloud.cybera.ca

Port

35357

Username

project-name:user-name (eg. joe@cybera.ca:joe@cybera.ca - note the colon in between the project and user name)

Password/Secret Key

Your Password

 

This method does have the occasional issue where you need reset the port number (it will also display a warning about sending the password as clear text)

...

S3 API


Our OpenStack Swift environment has support for S3 API compatibility. This means that any application or library which supports Amazon S3 should be able to be used in our Swift environment.

To begin using the S3 API, you first need to obtain a set of "EC2 Credentials". This is a set of credentials formatted in the same way as Amazon's credentials. You can download your EC2 Credentials by going here (https://cloud.cybera.ca/project/api_access/) and clicking "View Credentials".

Using a text editor of your choice, you'll want to create a new file (eg. s3cred.sh) with the following details:

Code Block
export AWS_ACCESS_KEY_ID=foo
export AWS_SECRET_ACCESS_KEY=bar

Alternatively you can find these credentials via the OpenStack CLI tools with the command openstack ec2 credentials list .

The endpoint will be dependent on which region you are wishing to use - either yyc.cloud.cybera.ca:8080  or yeg.cloud.cybera.ca:8080 

s3cmd

For s3cmd the following example .cfg file can be used:

Code Block
host_base = https://swift-yyc.cloud.cybera.ca:8080
host_bucket = %(bucket)s.swift-yyc.cloud.cybera.ca:8080
access_key = <access key>
secret_key = <secret key>
use_https = True

To use the Edmonton region, change the yyc in the URLs to yeg.

GUI Applications

Cyberduck

Cyberduck is available for Mac OS X and Windows.

S3 Compatibility

To use Cyberaduck using the standard S3 compatibility, first obtain your EC2 Credentials, as described in the S3 API of this document.

Open Cyberduck and create a new Amazon S3 connection. Fill in the following information:

  • Server: yyc.cloud.cybera.ca (for the Calgary region) or yeg.cloud.cybera.ca (for the Edmonton region).
  • Port: 8080
  • Access Key ID: Your EC2_ACCESS_KEY
  • Secret Access Key: Your EC2_SECRET_KEY

OpenStack Swift Native

Cyberduck provides built in support OpenStack Swift with Keystone V3. To create a connection, create a new OpenStack Swift (Version 3) connection with the details below:

More documentation is available on the Cyberduck Website


Server

keystone-yyc.cloud.cybera.ca (Calgary) or keystone-yeg.cloud.cybera.ca (Edmonton)

Port

5000

Username

project-name:Default:user-name (eg. joe@cybera.ca:Default:joe@cybera.ca - note the colons in between the project, domain name, and user name)

Password/Secret Key

Your Password


Note

DO NOT upload files larger than 2 GB using Cyberduck if you wish to share them via the Web.

In Depth Features / Tutorial

See Swift CLI reference for more information.

See usage

Code Block
swift stat -v
swift stat -v container_name
swift stat container_name file_name

Create a Container

Code Block
swift post container_name

Upload a File

Code Block
echo 'Hello World' > file_on_my_computer.txt
swift upload container_name file_on_my_computer.txt

Add and Check metadata on a file

Code Block
echo 'Another file' > another_file_on_my_computer.txt
swift postswift upload container_name another_file_on_my_computer.txt container_name
swift postupload -m "X-Object-Meta-Hello: World" container_name another_file_on_my_computer.txt
swift stat -v container_name another_file_on_my_computer.txt

Download a File

Code Block
swift download container_name file_on_my_computer.txt

Managing ACLs

Code Block
# Set a container to be public
swift post -r '.r:*' container_name

# Allow another project to rw to container
swift post -w 'second_project_id:*' container_name
swift post -r 'second_project_id:*' container_name

swift stat -v container_name

...

Code Block
swift stat -v --os-storage-url https://swift-<region>.cloud.cybera.ca:8080/v1/AUTH_<first_project_id> container_name

Making Files Available via the Web

Set container to be public to anyone

...

And then visit http://swift.cloud.cybera.ca/v1/AUTH_xxxx/container_name to view all the objects (changing AUTH_xxxx for your AUTH information)

Versioning

Another feature Swift offers is automatic versioning. This means every time an object is uploaded or updated it will store the old version in a special versions container that is created.

...

Code Block
swift post -m 'X-Versions-Location: myContainer-versions' myContainer

Temporary URLs for Objects

One last feature we wanted to highlight is the ability to offer temporary URLs for objects or expiring URLs as they are also called. This allows you to provide a URL that will stop functioning after a certain amount of time.

...

To use swift-temp-url - download the file to your computer, and set the file to be executable. You can then run it and get your URL. eg. a link that lasts for 10 minutes minutes (600 seconds) 

Code Block
echo https://swift-REGION.cloud.cybera.ca:8080`swift8080$(swift-temp-url GET 600 /v1/AUTH_xxxx/public_container/my_fancy_object secretkeygoeshere`secretkeygoeshere)

Results in a shareable link:

...

https://swift-yyc.cloud.cybera.ca:8080/v1/AUTH_xxxx/public_container/my_fancy_object?temp_url_sig=af0cf3b7597f3bca86895e3796b834c6a93d6a12&temp_url_expires=1401991851

Large/Segmented Object Warnings

Swift segments files to support objects larger than 5 GB. If you want to upload a file larger than 5GB using the Swift CLI you will need to ensure you use the -S flag and set a segment size.segment size (below is 4GB segment size).

Code Block
swift upload container_name -S 4294967296 my_large_fils.tar


By default Swift splits files larger than 5 GB while Cyberduck performs this for if the file is larger than 2GB.  There are a couple caveats with the different approaches the two applications  take take to handling large files when it comes to accessing these files via a web browser (completely unrelated to the size they use to split files).

...

Cyberduck creates a folder called .file_segments in your container and places the segments in there. It then writes JSON data to the manifest file so you can download the file later

Container Sync

Container sync offers the ability to synchronize the contents of two or more containers between the two regions of the Rapid Access Cloud or if supported, other OpenStack Swift installations. Every five minutes, a sync will run copying any new or changed metadata and objects (including deletions)  from the source container to the destination container. Depending on the size of the objects it may take a couple more minutes to copy the object in it's entirety.

...

  1. Determine your AUTH ID (Account ID, line 3): 

    Code Block
    $ source openrc-yyc
$ swift stat -v
StorageURL: https://swift-yyc.cloud.cybera.ca:8080/v1/AUTH_1a2b3c4d5e6f7890
Auth Token: this_is_not_a_real_token
Account: AUTH_1a2b3c4d5e6f7890
Containers: 1
Objects: 116
Bytes: 103445941
Containers in policy "policy-0": 1
Objects in policy "policy-0": 116
Bytes in policy "policy-0": 103445941
X-Timestamp: 1418065112.84439
X-Trans-Id: txed09fb697477491b9af8d-0055e5fcce
Content-Type: text/plain; charset=utf-8
Accept-Ranges: bytes


  2. Create or modify a container in Calgary and include the `--sync-to` and `-k` attributes (the `swift post` command updates info for a container, or creates one if it doesn’t exist)

    Code Block
    $ swift post --sync-to '//rac/yeg/AUTH_1a2b3c4d5e6f7890/container2' -k 'secret' container1


  3. Create or modify a container in Edmonton to sync to Calgary

    Code Block
    $ swift post --sync-to '//rac/yeg/AUTH_1a2b3c4d5e6f7890/container2' -k 'secret' container1
    Create or modify a container in Edmonton to sync to Calgary
     '//rac/yyc/AUTH_1a2b3c4d5e6f7890/container1' -k 'secret' container2


It is possible to do a one-way sync for disaster recovery, effectively creating a backup container; in our example above, if we wanted to sync one-way from yyc => yeg we create the container in Calgary the same, but the container in Edmonton will not have a `--sync-to` switch, only a `-k`

Code Block
$ swift post -

...

k 'secret' container2

Now objects in Calgary will replicate to Edmonton, but not the other way.


Disabling Container Sync

At present disabling container sync is not available in the openstack command line tool at the time of writing. You must use the swift command.

One example of why you might want to do this if you previously had a two-way container sync with YEG ↔ YYC and only wish to sync one-way now.

To remove the sync setting, provide an empty --sync-to parameter instead versus filling in the parameter to set up sync as seen in the section above.It is possible to do a one-way sync for disaster recovery, effectively creating a backup container; in our example above, if we wanted to sync one-way from yyc => yeg we create the container in Calgary the same, but the container in Edmonton will not have a `--sync-to` switch, only a `-k`: 

Code Block
$ swift post --sync-kto 'secret' container2

...

container

If you'd like to disable the sync entirely, run the command on each container in both regions.