cc_staff
74
edits
Arbutus object storage: Difference between revisions
Marked this version for translation
No edit summary |
(Marked this version for translation) |
||
| Line 57: | Line 57: | ||
In addition, we can perform certain management tasks for our object storage using the [https://arbutus.cloud.computecanada.ca/project/containers Containers] section under the '''Object Store''' tab in the [https://arbutus.cloud.computecanada.ca Arbutus OpenStack Dashboard]. | In addition, we can perform certain management tasks for our object storage using the [https://arbutus.cloud.computecanada.ca/project/containers Containers] section under the '''Object Store''' tab in the [https://arbutus.cloud.computecanada.ca Arbutus OpenStack Dashboard]. | ||
<!--T:37--> | |||
This interface refers to "data containers", which are also known as "buckets" in other object storage systems. | This interface refers to "data containers", which are also known as "buckets" in other object storage systems. | ||
<!--T:38--> | |||
Using the dashboard, we can create new data containers, upload files, and create directories. Alternatively, we can also create data containers using [[Arbutus object storage clients|S3-compatible clients]]. | Using the dashboard, we can create new data containers, upload files, and create directories. Alternatively, we can also create data containers using [[Arbutus object storage clients|S3-compatible clients]]. | ||
<!--T:39--> | |||
{{quote|Please note that data containers are owned by the user who creates them and cannot be manipulated by others.<br/>Therefore, you are responsible for managing your data containers and their contents within your cloud project.}} | {{quote|Please note that data containers are owned by the user who creates them and cannot be manipulated by others.<br/>Therefore, you are responsible for managing your data containers and their contents within your cloud project.}} | ||
<!--T:40--> | |||
If you create a new container as '''Public''', anyone on the Internet can read its contents by simply navigating to | If you create a new container as '''Public''', anyone on the Internet can read its contents by simply navigating to | ||
<!--T:41--> | |||
<code> | <code> | ||
<nowiki>https://object-arbutus.cloud.computecanada.ca/<YOUR CONTAINER NAME HERE>/<YOUR OBJECT NAME HERE></nowiki> | <nowiki>https://object-arbutus.cloud.computecanada.ca/<YOUR CONTAINER NAME HERE>/<YOUR OBJECT NAME HERE></nowiki> | ||
</code> | </code> | ||
<!--T:42--> | |||
with your container and object names inserted in place. | with your container and object names inserted in place. | ||
<!--T:43--> | |||
{{quote|It's important to keep in mind that each data container on the '''Arbutus Object Store''' must have a '''unique name across all users'''. To ensure uniqueness, we may want to prefix our data container names with our project name to avoid conflicts with other users. One useful rule of thumb is to refrain from using generic names like <code>test</code> for data containers. Instead, consider using more specific and unique names like <code>def-myname-test</code>.}} | {{quote|It's important to keep in mind that each data container on the '''Arbutus Object Store''' must have a '''unique name across all users'''. To ensure uniqueness, we may want to prefix our data container names with our project name to avoid conflicts with other users. One useful rule of thumb is to refrain from using generic names like <code>test</code> for data containers. Instead, consider using more specific and unique names like <code>def-myname-test</code>.}} | ||
<!--T:44--> | |||
To make a data container accessible to the public, we can change its policy to allow public access. This can come in handy if we need to share files to a wider audience. We can manage container policies using JSON files, allowing us to specify various access controls for our containers and objects. | To make a data container accessible to the public, we can change its policy to allow public access. This can come in handy if we need to share files to a wider audience. We can manage container policies using JSON files, allowing us to specify various access controls for our containers and objects. | ||
| Line 82: | Line 90: | ||
Currently, Arbutus Object Storage only implements a subset of Amazon's specification for [https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-iam-policies.html data container polices]. The following example shows how to create, apply, and view a policy. The first step is create a policy json file: | Currently, Arbutus Object Storage only implements a subset of Amazon's specification for [https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-iam-policies.html data container polices]. The following example shows how to create, apply, and view a policy. The first step is create a policy json file: | ||
<!--T:45--> | |||
<syntaxhighlight lang="json"> | <syntaxhighlight lang="json"> | ||
{ | { | ||
| Line 107: | Line 116: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
<!--T:46--> | |||
This example denies access except from the specified source IP address ranges in Classless Inter-Domain Routing (CIDR) notation. In this example the s3://testbucket is limited to the public IP address range (206.12.0.0/16) used by the Arbutus cloud and the public IP address range (142.104.0.0/16) used by the University of Victoria. | This example denies access except from the specified source IP address ranges in Classless Inter-Domain Routing (CIDR) notation. In this example the s3://testbucket is limited to the public IP address range (206.12.0.0/16) used by the Arbutus cloud and the public IP address range (142.104.0.0/16) used by the University of Victoria. | ||