Veritas Help Center

Configuring the Object Store server

Veritas Access Administrator's Guide

To configure the Object Store server

Log on to Veritas Access using the CLISH.

Create a default storage pool (at least one) on the cluster.

CLISH> storage pool create pool1 disk1,disk2,disk3,disk4

Use the storage pool that was created in Step 2 as the default object access pool.

You need to set the default pool, as it is required for enabling the Object Store server.
```
CLISH> objectaccess set pools pool1
                  
```
Based on your storage requirements, you can configure different types of storage pools by using the Object Store group commands.

Verify the configured storage pool.

CLISH> objectaccess show

Enable and start the Object Store server.

CLISH> objectaccess server enable

CLISH> objectaccess server status

Configure the cluster using any authentication server (AD, LDAP, or NIS).

See the following manual pages for more information on configuring AD, LDAP, or NIS:
- CLISH> network man ldap
- CLISH> man cifs
- CLISH> man nis
Create the access and secret keys for the authorized user, or any user in the authentication server.

You have two options for creating the access and the secret keys, either using the Veritas Access RESTful APIs or by using the Veritas Access helper script.

Create the access and secret keys using the Veritas Access RESTful APIs:
- Before using the Veritas Access RESTful APIs, set the host name resolution for the host as shown in the objectaccess> show output against ADMIN_URL.
- See the Veritas Access RESTful API Guide on the SORT site for accessing the Object Store server (S3) user management APIs.
- After creating your access and secret key, you can create a bucket using the S3 API.
Create the access and the secret keys using the Veritas Access helper script:
- Add the ADMIN_URL name in your /etc/hosts file.
  
  where the ADMIN_URL is admin.<cluster_name> and the port is 8144. This url should point to the Veritas Access management console IP address.
- Location of the helper script: /opt/VRTSnas/scripts/utils/objectaccess/objectaccess_client.py
- The Veritas Access helper script can be used from any client system that has Python installed.
- To run the script, your S3 client needs to have the argparse and requests Python modules.
  
  If these modules are missing, install both these modules using pip or easy_install.
- Create the access and the secret key using the Veritas Access helper script by providing the user name, password, and ADMIN_URL (check the online Help of the Veritas Access helper script for all of the provided operations like list key and delete key).
  
  Create a secret key:
```
clus_01:~ # ./objectaccess_client.py --create_key 
--server admin.clus:8144 --username localuser1 --password root123 
--insecure
UserName                : localuser1
AccessKeyId             : Y2FkODU2NTU2MjVhYzV
Status                  : Active
SecretAccessKey         : ODk0YzQxMDhkMmRjM2M5OTUzNjI5OWIzMDgyNzY
```
  The <localuser1> is the local user created on both the Veritas Access cluster nodes with same unique ID.
  
  List a secret key for the specified user:
```
clus_01:~ # ./objectaccess_client.py --list_key --server 
admin.clus:8144 --username localuser2 --password root123 --insecure
                        
```
  Delete a secret key for the specified user:
```
clus_01:~ # ./objectaccess_client.py --delete_key 
ZTkyNDdjZTViM2EyMWZ --server admin.clus:8144 --username localuser2 
--password root123 --insecure
                        
```
- If the Object Store server is enabled without the SSL option, you need to add the --insecure option.
```
clus_01 ~# ./objectaccess_client.py --server 
admin.clus:8144 --username <uname> --create_key --insecure
                        
```
Use the following objectaccess command to see all the existing access and secret keys in the Veritas Access cluster:
```
CLISH> objectaccess account user show
                  
```

Changing the Object Store server options

It is possible to change an already set parameter or set new parameters by specifying different options. For example, you can change the other Object Store server defaults, such as fs_type, fs_size, and other options.

After setting the defaults, you can verify whether the proper value is assigned or not.

vmdellr> objectaccess set fs_type
ecoded largefs mirrored mirrored-stripe simple striped striped-mirror

vmdellr> objectaccess set fs_type simple
ACCESS ObjectAccess INFO V-288-0 Set fs_type successful.

vmdellr> objectaccess set fs_size 2G
ACCESS ObjectAccess INFO V-288-0 Set operation successful.

vmdellr> objectaccess show
Name           Value
=============  =========================

Server Status  Enabled
Admin_URL      http://admin.vmdellr:8144
S3_URL         http://s3.vmdellr:8143
admin_port     8144
s3_port        8143
ssl            no
poollist       ['pool1']
fs_size        2G
fs_blksize     8192
fs_pdirenable  no
fs_encrypt     off
fs_type        simple

Using the group option for bucket creation

If you have multiple users, and you want to set different default values for different sets of users, you can use the group option.

You can also use the group option to use the existing file systems for bucket creation instead of creating a new file system for every bucket. If you set the group fs_sharing option to yes, and if any request for bucket creation comes from a user who is part of that group, then the S3 server searches for any existing file system created by the specific group user. If an existing file system is found, it uses the existing file system. Otherwise, it creates a new file system for the bucket.

To use the group option

Create a group in the authentication server (AD/LDAP/NIS) and add the required users to that group.
Set the group specific configuration for the group created in the authentication server.

Set or unset the defaults per your requirements.

vmdellr> objectaccess group set fs_type simple VRTS-grp
ACCESS ObjectAccess INFO V-288-0 Group set fs-type successful.

vmdellr> objectaccess group set pool VRTS-grp pool1
ACCESS ObjectAccess INFO V-288-0 Success.

vmdellr> objectaccess group show
Group Name   Fs Sharing   Fs Size   Fs Type   Pool(s)
===========  ===========  ========  ========  ========
VRTS-grp     -            -         simple    pool1

vmdellr> objectaccess group show
Group Name   Fs Sharing   Fs Size   Fs Type   Pool(s)
===========  ===========  ========  ========  ========
VRTS-grp     -            -         -         pool1