Customize object storage after upgrade
A major update to object storage was released on 09/29/2023. If you had containers created before the object store update, transfer them to the project to continue working with the storage in the control panel.
The most significant changes in the operation of the repository:
- new authorization to all API for working with storage and new endpoints for access;
- new public domain of the container (domain of the species
<uuid>.selstorage.ru
). This domain will replace the account's personal domain (domain of type*****.selcdn.ru
), which will be disabled at a later date. We will inform you about the disconnection in advance; - moving the object storage facility to projects;
- new model access control: full support for the role model and the emergence of container access policies.
Previously created users, API method calls, etc. will continue to work for a while — we will notify you in advance of the shutdown. We recommend change storage settings now and use the updated settings for new containers.
Transfer containers to the project
Without transferring to project you will not be able to work with the storage in the control panel.
You can migrate a storage once and as a whole (to one project). You cannot distribute old containers to different projects. New containers can be created in different projects.
If you already have a project, you can move containers to it or create a new one.
Into an existing project
To the new project
- In control panel go to Object Storage. The first time you navigate to the section after 9/29/2023, a page will open to migrate containers.
- Specify Use an existing project.
- Select the project to which you want to move the containers and click Transfer.
- In control panel go to Object Storage. The first time you navigate to the section after 9/29/2023, a page will open to migrate containers.
- Specify Create a new project.
- Enter a name for the project and click Transfer.
Customize object storage
- Configure storage access for users.
- Configure the container access policy.
- If you are using API or FTP, update access keys and URLs.
- If you are using a CDN, change the CDN resource.
- Check it out that you replaced the domains with new ones.
- Delete old users of the repository.
Configure storage access for users
Object storage now supports user types and roles:
- access to the repository via the dashboard will be for dashboard users whose role allows access to the entire account or project to which the containers have been migrated;
- API is accessed through service users instead of storage users (created in section Object Storage →Users). Old users will continue to work and will be deactivated later. You can no longer create new users of this type.
Add new users can be found under Access control → User management.
For users with the Object Storage User role, access is determined solely by the access policy — if it is not configured, the user will not have access to the container. For more information about the work of different roles in the storage, see the manual Manage access in object storage.
Configure the container access policy
Create a container access policy can be done through the control panel. To create an access policy via API, use AWS S3 documentation.
When configuring the policy, consider accesses within the role model, more details in the instructions Manage access in object storage.
For more information on how access policies work, see Access Policy.
update access keys and URLs
S3 API
Swift API
FTP
Read more about authorization in S3 API documentation.
-
Issue an S3 key to the service user. You can also issue a key via IAM API.
-
In the requests, replace the URL and use the key to authenticate with the new scheme:
Read more about authorization in Swift API documentation.
-
Use login and password for authorization service user.
-
In the queries, replace the URL and the data:
-
OS_USERNAME
— service user login. You can view the login in control panels: go to the section Access control → User management → tab Service users; -
OS_PASSWORD
— the service user password. If you have forgotten the password, change it; -
OS_AUTH_URL
—https://cloud.api.selcloud.ru/identity/v3
; -
OS_TENANT_ID
— ID project you can look at control panels: under Object storage open the project menu (name of the current project) → in the line of the desired project, press ; -
URL
—swift.<pool>.storage.selectel.org/v1/<project_id>
, where:
-
- Issue an S3 key to the service user. You can also issue a key via IAM API.
- Replace the URL with
ftp.<pool>.storage.selcloud.ru
where<pool>
— pool where the object storage is located.
modify the CDN resource
If you are using object storage as a CDN content source, change the CDN resource. See the instructions for more information about connecting storage to a CDN Connect CDN to object storage.
- In control panels go to CDN → CDN resources.
- Open the CDN resource page → tab General.
- Click Edit source..
- Replace the domain with public domain of the container species
<uuid>.selstorage.ru
. - In the field Host header override Specify the public domain of the container.
Check domains
Make sure you use the new domains everywhere. Old domains will continue to work for a while and will be disabled later. We will notify you about the disconnection in advance.
More about domains in the instructions Domains.
Delete old users of the repository
- In control panels go to Object storage → Users.
- In the user card, click → Delete.