Customize object storage after upgrade
On 09/29/2023, a major update to object storage was released. If you had containers created before the object storage update, move them to the project to continue working with the storage in the control panel.
The most significant changes in the operation of the repository:
- new authorization to all storage APIs and new endpoints for access;
- new public domain of the container (domain of the form
<uuid>.selstorage.ru
). This domain will replace the personal account domain (domain of the form* ****.selcdn.ru
), which will be disabled later. We will inform you about the disabling in advance; - moving object storage to projects;
- new access control model: full support for the role model and the emergence of container access policies.
Previously created users, API method calls, etc. will continue to work for a while — we will notify you about the disconnection in advance. We recommend changing storage settings now and using the updated settings for new containers.
Transfer containers to the project
Without migration to the project, you will not be able to work with the repository in the control panel.
You can migrate a storage once and as a whole (to one project). You cannot distribute old containers to different projects. New containers can be created in different projects.
If you already have a project, you can move containers to it or create a new one.
Into an existing project
To the new project
- In the Control panel, in the top menu, click Products and select Object Storage. The first time you navigate to the section after 9/29/2023, the page for migrating containers opens.
- Specify Use an existing project.
- Select the project to which you want to migrate the containers and click Migrate.
- In the Control panel, in the top menu, click Products and select Object Storage. The first time you navigate to the section after 9/29/2023, the page for migrating containers opens.
- Specify Create new project.
- Enter a name for the project and click Transfer.
Customize object storage
- Configure storage access for users.
- Configure the container access policy.
- If you are using API or FTP, update the access keys and URLs.
- If you are using a CDN, change the CDN resource.
- Make sure that you've replaced the domains with new ones.
- Delete old users of the repository.
1. Configure storage access for users
Object storage now supports user types and roles:
- access to the repository via the dashboard will be for dashboard users whose role allows access to the entire account or project to which the containers have been migrated;
- access to API is performed through service users instead of storage users (created in the Object Storage → Users section). The old users will continue to work and will be disabled later. It is no longer possible to create new users of this kind.
Add new users can be added under Access Control → User Management.
For users with the Object Storage User role, access is determined solely by the access policy — if it is not configured, the user will not have access to the container. For more information about the work of different roles in the storage, see the Managing access in object storage instruction.
2. Configure the container access policy
You can create a container access policy can be created through the control panel. To create an access policy through the API, use the AWS S3 documentation.
When configuring the policy, consider accesses within the role model, see the Manage Access in Object Storage instructions for more information.
For more information on how access policies work, see Access Pol icies.
3. Update access keys and URLs
S3 API
Swift API
FTP
Read more about authorization in the S3 API documentation.
-
Give the S3 key to the service user. You can also issue a key via the IAM API.
-
In the requests, replace the URL and use the key to authenticate with the new scheme:
Read more about authorization in the Swift API documentation.
-
Use the service user login and password for authorization.
-
In the queries, replace the URL and the data:
-
OS_USERNAME
— login of the service user. You can view the login in the control panel: in the top menu, click Account → section Service users; -
OS_PASSWORD
— is the password of the service user. If you have forgotten the password, change it; -
OS_AUTH_URL
—https://cloud.api.selcloud.ru/identity/v3
; -
OS_TENANT_ID
— ID of the project can be viewed in control panel under Object Storage open the projects menu (the name of the current project) → in the line of the required project press ; -
URL
—swift.<pool>.storage.selectel.org/v1/<project_id>
, where:
-
- Give the S3 key to the service user. You can also issue a key via the IAM API.
- Replace the URL with
ftp.<pool>.storage.selcloud.ru
, where<pool>
is the pool where the object storage is located.
4. Modify the CDN resource
If you are using object storage as a CDN content source, change the CDN resource. For more information about connecting storage to a CDN, see Connect CDN to Object Storage.
- In the Control Panel, on the top menu, click Products and select CDN.
- Go to the CDN Resources section.
- Open the CDN resource page → General tab.
- Click Edit Source.
- Replace the domain with the public domain of the container of the form
<uuid>.selstorage.ru
. - In the Host header override field, specify the public domain of the container.
5. Check domains
Make sure you use the new domains everywhere. Old domains will continue to work for a while and will be disabled later. We will notify you about the disconnection in advance.
For more information about domains, see the Domains in Object Storage tutorial.
6. Delete old users of the repository
- In the Control Panel, on the top menu, click Products and select Object Storage.
- Go to the Users section.
- In the user card, click → Delete.