Customize object storage after upgrade
On 09/29/2023, a major update to object storage was released. If you had containers created before the object store upgrade, transfer them to project to continue working with the store in the dashboard.
The most significant changes in the operation of the repository:
- new authorization to all storage APIs and new endpoints for access;
- new container public domain (domain of the form
<uuid>.selstorage.ru). This domain will replace the account's personal domain (a domain of the form*****.selcdn.ru), which will be disabled later. We will give advance notice of the shutdown; - moving object storage to cloud platform projects;
- new access control model: full support for the role model and the introduction of container access policies.
Previously created users, API method calls, etc. suburban settlement will continue to operate for a while — we will notify you of the shutdown in advance. We recommend change storage settings now and use the updated settings for new containers.
Transfer containers to the project
Without moving to project, you will not be able to work with the storage in the dashboard.
You can migrate a repository once and as a whole (to one project). It is not possible to distribute old containers to different projects. It will be possible to create new containers in different projects.
If you already have a cloud platform project, you can move containers to it or create a new one.
- В существующий проект
- В новый проект
- In Control Panel, go to Object Storage. The first time you navigate to the section after 9/29/2023, a page will open to transfer containers.
- Specify Use an existing project.
- Select the project to which you want to migrate the containers and click Move.
- In Control Panel, go to Object Storage. The first time you navigate to the section after 9/29/2023, a page will open to transfer containers.
- Specify Create a new project.
- Enter a name for the project and click Move.
Customize object storage
- Configure storage access for users.
- Configure container access policy.
- If you are using API or FTP, update access keys and URL.
- If you are using a CDN, change CDN-resource.
- Check that you have replaced the domains with new ones.
- Delete old storage users.
1. Configure storage access for users
Object storage now supports role model:
- access to the repository via the dashboard will be for dashboard users whose role allows access to the entire account or project to which the containers have been migrated;
- API is accessed through service users instead of storage users (created in Object Storage → Users). Old users will continue to work and will be disconnected at a later date. You can no longer create new users of this type.
Add new users can be added under User Management.
For users with the Object Store User role, access is determined solely by the access policy — if it is not configured, the user will not have access to the container. See the Manage access in object storage instructions for more information on how different roles work in storage.
2. Configure the container access policy
Create a container access policy can be created through the control panel. To create an access policy through the API, use AWS S3 documentation.
Consider role-model accesses when configuring the policy, see the Manage Object Storage Access instructions for details.
See Access Policy for details on how access policies work.
3. Update access keys and URL
- S3 API
- Swift API
- FTP
See S3 API documentation for more information on authorization.
-
Issue S3-key to the service user. You can also issue a key via the IAM API.
-
In the requests, replace the URL and use the key to authenticate with the new scheme:
See Swift API documentation for more information about authorization.
-
Use the service user login and password for authorization.
-
In the queries, replace the URL and the data:
-
OS_USERNAME— service user login. You can view the login in Control Panel: open the menu in the upper right corner → Profile and Settings → User Management → Service Users tab; -
OS_PASSWORD— service user password. If you forget your password, create a new one; -
OS_AUTH_URL—https://cloud.api.selcloud.ru/identity/v3; -
OS_TENANT_ID— ID of project, can be viewed in control panel: under Object Storage open the projects menu (name of the current project) → in the line of the desired project click ; -
URL—swift.ru-1.storage.selectel.org/v1/<project_id>, where:
-
- Issue S3-key to the service user. You can also issue a key via the IAM API.
- Replace the URL with
ftp.ru-1.storage.selcloud.ru, whereru-1is the pool where the object storage resides.
4. Modify CDN resource
If you are using object storage as a CDN content source, change the CDN resource. For more information about connecting storage to CDN, see the Connect CDN to object storage instructions.
- In Control Panel, go to CDN → CDN Resources.
- Open the CDN resource page → General tab.
- Click Edit Source.
- Replace the domain with container public domain of the form
<uuid>.selstorage.ru. - In the Host Header Override field, specify the public domain of the container.
5. Check domains
Make sure you use the new domains everywhere. The old domains will continue to work for a while and will be disabled later. We will notify you in advance of the outage.
More information about domains in the Domains instructions.
6. Delete old users of the repository
- In Control Panel, go to Object Storage → Users.
- In the user card, click → Delete.