Skip to main content
Customize object storage after upgrade
Last update:

Customize object storage after upgrade

A major update to object storage was released on 09/29/2023. If you had containers created before the object store update, transfer them to the project to continue working with the storage in the control panel.

The most significant changes in the operation of the repository:

  • new authorization to all API for working with storage and new endpoints for access;
  • new public domain of the container (domain of the species <uuid>.selstorage.ru). This domain will replace the account's personal domain (domain of type *****.selcdn.ru), which will be disabled at a later date. We will inform you about the disconnection in advance;
  • moving the object storage facility to projects;
  • new model access control: full support for the role model and the emergence of container access policies.

Previously created users, API method calls, etc. will continue to work for a while — we will notify you in advance of the shutdown. We recommend change storage settings now and use the updated settings for new containers.

Transfer containers to the project

Without transferring to project you will not be able to work with the storage in the control panel.

You can migrate a storage once and as a whole (to one project). You cannot distribute old containers to different projects. New containers can be created in different projects.

If you already have a project, you can move containers to it or create a new one.

  1. In control panel go to Object Storage. The first time you navigate to the section after 9/29/2023, a page will open to migrate containers.
  2. Specify Use an existing project.
  3. Select the project to which you want to move the containers and click Transfer.

Customize object storage

  1. Configure storage access for users.
  2. Configure the container access policy.
  3. If you are using API or FTP, update access keys and URLs.
  4. If you are using a CDN, change the CDN resource.
  5. Check it out that you replaced the domains with new ones.
  6. Delete old users of the repository.

Configure storage access for users

Object storage now supports user types and roles:

  • access to the repository via the dashboard will be for dashboard users whose role allows access to the entire account or project to which the containers have been migrated;
  • API is accessed through service users instead of storage users (created in section Object StorageUsers). Old users will continue to work and will be deactivated later. You can no longer create new users of this type.

Add new users can be found under Access controlUser management.

For users with the Object Storage User role, access is determined solely by the access policy — if it is not configured, the user will not have access to the container. For more information about the work of different roles in the storage, see the manual Manage access in object storage.

Configure the container access policy

Create a container access policy can be done through the control panel. To create an access policy via API, use AWS S3 documentation.

When configuring the policy, consider accesses within the role model, more details in the instructions Manage access in object storage.

For more information on how access policies work, see Access Policy.

update access keys and URLs

Read more about authorization in S3 API documentation.

  1. Issue an S3 key to the service user. You can also issue a key via IAM API.

  2. In the requests, replace the URL and use the key to authenticate with the new scheme:

    • AWS_ACCESS_KEY_ID — field value Access key from S3 key;
    • AWS_SECRET_KEY — field value Secret key from S3 key;
    • URL — s3.<pool>.storage.selcloud.ruwhere <pool> — pool, where the object store is located (e.g., ru-1).

modify the CDN resource

If you are using object storage as a CDN content source, change the CDN resource. See the instructions for more information about connecting storage to a CDN Connect CDN to object storage.

  1. In control panels go to CDNCDN resources.
  2. Open the CDN resource page → tab General.
  3. Click Edit source..
  4. Replace the domain with public domain of the container species <uuid>.selstorage.ru.
  5. In the field Host header override Specify the public domain of the container.

Check domains

Make sure you use the new domains everywhere. Old domains will continue to work for a while and will be disabled later. We will notify you about the disconnection in advance.

More about domains in the instructions Domains.

What it's used forOld domainNew domain
Public access*****.selcdn.ru<uuid>.selstorage.ru
Swift APIapi.selcdn.ruswift.<pool>.storage.selcloud.ru
S3 API
  • s3.storage.selcloud.ru/<container_name> (Path-Style)
  • <container_name>.s3.storage.selcloud.ru (Virtual Hosted)
  • s3.<pool>.storage.selcloud.ru/<container_name> (Path-Style)
  • <container_name>.s3.<pool>.storage.selcloud.ru (Virtual Hosted)
FTPftp.selcdn.ruftp.<pool>.storage.selcloud.ru
Domain for DNS records*****.selcdn.ruaccess.<pool>.storage.selcloud.ru

Delete old users of the repository

  1. In control panels go to Object storageUsers.
  2. In the user card, click Delete.