Skip to main content
Customize object storage after upgrade
Last update:

Customize object storage after upgrade

On 09/29/2023, a major update to object storage was released. If you had containers created before the object storage update, move them to the project to continue working with the storage in the control panel.

The most significant changes in the operation of the repository:

  • new authorization to all storage APIs and new endpoints for access;
  • new public domain of the container (domain of the form <uuid>.selstorage.ru). This domain will replace the personal account domain (domain of the form * ****.selcdn.ru), which will be disabled later. We will inform you about the disabling in advance;
  • moving object storage to projects;
  • new access control model: full support for the role model and the emergence of container access policies.

Previously created users, API method calls, etc. will continue to work for a while — we will notify you about the disconnection in advance. We recommend changing storage settings now and using the updated settings for new containers.

Transfer containers to the project

Without migration to the project, you will not be able to work with the repository in the control panel.

You can migrate a storage once and as a whole (to one project). You cannot distribute old containers to different projects. New containers can be created in different projects.

If you already have a project, you can move containers to it or create a new one.

  1. In the Control panel, in the top menu, click Products and select Object Storage. The first time you navigate to the section after 9/29/2023, the page for migrating containers opens.
  2. Specify Use an existing project.
  3. Select the project to which you want to migrate the containers and click Migrate.

Customize object storage

  1. Configure storage access for users.
  2. Configure the container access policy.
  3. If you are using API or FTP, update the access keys and URLs.
  4. If you are using a CDN, change the CDN resource.
  5. Make sure that you've replaced the domains with new ones.
  6. Delete old users of the repository.

1. Configure storage access for users

Object storage now supports user types and roles:

  • access to the repository via the dashboard will be for dashboard users whose role allows access to the entire account or project to which the containers have been migrated;
  • access to API is performed through service users instead of storage users (created in the Object StorageUsers section). The old users will continue to work and will be disabled later. It is no longer possible to create new users of this kind.

Add new users can be added under Access ControlUser Management.

For users with the Object Storage User role, access is determined solely by the access policy — if it is not configured, the user will not have access to the container. For more information about the work of different roles in the storage, see the Managing access in object storage instruction.

2. Configure the container access policy

You can create a container access policy can be created through the control panel. To create an access policy through the API, use the AWS S3 documentation.

When configuring the policy, consider accesses within the role model, see the Manage Access in Object Storage instructions for more information.

For more information on how access policies work, see Access Pol icies.

3. Update access keys and URLs

Read more about authorization in the S3 API documentation.

  1. Give the S3 key to the service user. You can also issue a key via the IAM API.

  2. In the requests, replace the URL and use the key to authenticate with the new scheme:

    • AWS_ACCESS_KEY_ID — field value Access key from S3 key;
    • AWS_SECRET_KEY — field value Secret key from S3 key;
    • URL — s3.<pool>.storage.selcloud.ru where <pool> — pool where pool is the pool where the object storage is located (for example, ru-1).

4. Modify the CDN resource

If you are using object storage as a CDN content source, change the CDN resource. For more information about connecting storage to a CDN, see Connect CDN to Object Storage.

  1. In the Control Panel, on the top menu, click Products and select CDN.
  2. Go to the CDN Resources section.
  3. Open the CDN resource page → General tab.
  4. Click Edit Source.
  5. Replace the domain with the public domain of the container of the form <uuid>.selstorage.ru.
  6. In the Host header override field, specify the public domain of the container.

5. Check domains

Make sure you use the new domains everywhere. Old domains will continue to work for a while and will be disabled later. We will notify you about the disconnection in advance.

For more information about domains, see the Domains in Object Storage tutorial.

What it's used forOld domainNew domain
Public access *****.selcdn.ru<uuid>.selstorage.ru
Swift APIapi.selcdn.ruswift.<pool>.storage.selcloud.ru
S3 API
  • s3.storage.selcloud.ru/<container_name> (Path-Style)
  • <container_name>.s3.storage.selcloud.ru (Virtual Hosted)
  • s3.<pool>.storage.selcloud.ru/<container_name> (Path-Style)
  • <container_name>.s3.<pool>.storage.selcloud.ru (Virtual Hosted)
FTPftp.selcdn.ruftp.<pool>.storage.selcloud.ru
Domain for DNS records *****.selcdn.ruaccess.<pool>.storage.selcloud.ru

6. Delete old users of the repository

  1. In the Control Panel, on the top menu, click Products and select Object Storage.
  2. Go to the Users section.
  3. In the user card, click Delete.