3.1. Requirements for Integration via REST API

Any operation or management request must be authenticated with a signed request via Signature Version 2 or 4 of the Amazon S3 protocol of the corresponding S3 system user. You can create system users on any storage node in the cluster with the ostor-s3-admin create-user -S -e <email> command:

# ostor-s3-admin create-user -S -e user@example.com
UserEmail:user@example.com
UserId:a14040e0b2ef8b28
KeyPair[0]:S3AccessKeyId:a14040e0b2ef8b28FZZ8
KeyPair[0]:S3SecretAccessKey:dbwTnQTW602aAAdq8DQVFzB6yrTCFTNiGB8C8RFA
Flags:system

With this user, you can now authenticate further API requests for managing the S3 cluster. You can create multiple system accounts for different types of management operations.

3.1.1. Preparing the Environment

Examples in this chapter use cURL for authentication as well as GET, PUT, POST, and DELETE requests run in Bash. To make sending requests easier, you can create the following script ~/.s3_environment, replacing s3_key with S3AcessKeyId and s3_secret with S3SecretAccessKey of a system user:

# S3 login variables.
s3_key="a14040e0b2ef8b28FZZ8"
s3_secret="dbwTnQTW602aAAdq8DQVFzB6yrTCFTNiGB8C8RFA"

# Sign S3 requests and run curl.
function s3_curl() {

    # Parse command line.
    [ -z "${2}" ] && {
        echo "Usage: ${FUNCNAME[0]} <request_type> <s3_url>"
        return 1
    }

    # Prepare a signature.
    s3_url="${2%/*}"
    s3_host="${s3_url##*://}"
    s3_query="${2##*/}"
    s3_date="$(date -R)"

    # Generate a signature.
    s3_signature="$(echo -en "${1}\n\n\n${s3_date}\n/${s3_query%%&*}" |\
        openssl sha1 -hmac ${s3_secret} -binary | base64)"

    # Make the request.
    curl -H "Host: ${s3_host}" \
         -H "Accept: */*" \
         -H "Date: ${s3_date}" \
         -H "Authorization: AWS ${s3_key}:${s3_signature}" \
         -X "${1}" \
         "${s3_url}/${s3_query}"
}

Load the script into your default environment to make the s3_curl function available.

# source ~/.s3_environment

Once the script is loaded, you can make S3 requests using s3_curl.

3.1.2. Enabling Statistics

You need to have statistics collection enabled on your S3 gateway. The S3 gateway will save the statistics as regular storage objects. On each S3 storage node, create a file /var/lib/ostor/local/gw.conf with the following contents:

# Enable usage statistics collection.
S3_GW_COLLECT_STAT=1

Restart the S3 storage service to apply the configuration changes. Run the following command on all S3 storage nodes:

# systemctl restart ostor-agentd.service
Jul 21, 2020
Print