Configuring Object Container
QoreStor's Object container provides an object storage interface which enables customers to write Object data(S3 format) directly to QoreStor. This allows solutions that leverage an S3-based connection to send data directly to a QoreStor instance instead of Amazon S3 with the added benefits of deduplication, encryption, replication and network optimized data transfer.
Object storage is configured by adding a container with the Object (S3 Compatible) protocol.
Creating an Object Container
Adding an object container can be accomplished through the QoreStor UI or via the object_container command in the QoreStor CLI. Refer to the QoreStor Command Line Reference Guide for more information on the object_container command.
|
NOTE: QoreStor object container does not support object lifecycle management, which means transitioning storage classes or server side expiration of objects is not supported. User policies are limited to predefined readwrite, writeonly, and readonly. |
To create an object container
- In the navigation menu, click Containers.
- On the Containers pane, click Add Container. The Add Container dialog will be displayed.
- In the Protocol field, select Object (S3 Compatible).
- In the Storage Group drop-down, select the required storage group for this container.
- Click Next.
- Optionally, select Use HTTP instead of HTTPS. To use an HTTP connection, you must also follow the steps below:
-
On the QoreStor server, copy the aws.conf file to a new location:
|
NOTE: The QoreStor implementation of object storage uses a self-signed certificate. If your data management application requires third party certificates, you must use HTTP to connect to the object container. |
- Click Next.
- Review the summary and click Finish.
When the process is completed the object container is added to the QoreStor. For Object container created prior to QoreStor release 7.2.1 you will see the storage group ObjectContainer and the container ObjectStorageGroup added to the Storage Groups and Container pages, respectively. See the topics below for information on working with object storage.
Adding an object container through the command line
To add an object container, complete the following steps.
- Access the QoreStor CLI. Refer to Accessing the CLI commands for more information.
- Add a Object container:
object_container --add --name <container name> [--group <storage group name>]
Refer to the QoreStor Command LIne Reference Guide for more information.
- Get end-point details of it:
object_container --show --name <container name>
- Create user for this container. This user name is used as Access key and user’s password is used as Secret key while accessing Object container from the client systems (backup clients):
object_container --user-add --name <name> --user-name <user name>
|
IMPORTANT:The User’s name is used as Access Key and the user’s password is used as Secret Key while connecting to QoreStor from the S3 clients.
To see the S3 endpoint, use the command object_container --show --endpoint --name <name of container>
The endpoint is displayed in the format https://<QoreStor IP address>:<port>
Make sure the port is allowed for access through the firewall. |
- Set access policy for the user. Use <Policy name> as “readwrite” to allow the user to backup and restore data.
object_container --policy-set --name <name> --policy-name <Policy name> --user-name <user name>
- Create bucket for use in the backup application. Optionally add locking support:
object_container --bkt-add --name <name> --bkt-name <bucket name> [--enable-object-lock] [--enable-object-versioning]
- Configure the backup application with the endpoint, access key, secret key, and bucket name.
Creating a bucket
In S3 compatible storage, buckets are organizational containers that store objects. When creating a bucket, you have the option to enable or disable object locking, and select one of the available Object Locking modes. Object locking settings apply to all objects in the bucket.
- Governance mode - prevents users without the appropriate permissions from overwriting or deleting an object version or altering its lock settings. With governance mode, you protect objects against being deleted by most users, but you can still grant some users permission to alter the retention settings or delete the object if necessary. You can also use governance mode to test retention-period settings before creating a compliance-mode retention period.
- Compliance mode - prevents objects from being overwritten or deleted by any user during the specified lock period. When an object is locked in compliance mode, its retention mode can't be changed, and its retention period can't be shortened. Compliance mode ensures that an object version can't be overwritten or deleted for the duration of the retention period.
- None - no restrictions are applied.
|
NOTE: QoreStor supports a maximum of 1000 buckets. The bucket default-bucket is created automatically when the object container is created. |
To create a bucket
- In the navigation menu, click Containers.
- On the Containers pane, find the object storage container that you want to edit. Click the ellipses icon, and click Edit.
- Click Create bucket.
- Enter a Name for your bucket.
- Optionally, select Object Locking and configure
- Locking Mode - select between Compliance and Governance.
- Locking Duration - select the number and format (days or years) to specify the time that the object lock will be active.
|
IMPORTANT: The Object Locking status of a bucket cannot be changed once the bucket is created. To ensure flexibility in the future, you may set the object locking status to enabled, but the locking mode to None. If the locking mode is set to disabled, you will not be able to edit the bucket settings in the future |
- Click Save.
Editing bucket settings
The settings for existing buckets can be edited on the Object Storage page.When changing bucket settings using this procedure, the changes are applied to new objects. To change retention settings on existing objects, refer to Changing bucket retention.
To edit bucket settings
- On the Containers pane, find the object storage container that you want to edit. Click the ellipses icon, and click Edit.
- In the Buckets section, find the desired bucket. Right-click on the ellipsis icon and click Bucket Settings.
- In the Locking Mode section, select from one of the options below:
- Compliance - prevents objects from being overwritten or deleted by any user during the specified lock period. When an object is locked in compliance mode, its retention mode can't be changed, and its retention period can't be shortened. Compliance mode ensures that an object version can't be overwritten or deleted for the duration of the retention period.
- Governing - prevents users without the appropriate permissions from overwriting or deleting an object version or altering its lock settings. With governance mode, you protect objects against being deleted by most users, but you can still grant some users permission to alter the retention settings or delete the object if necessary. You can also use governance mode to test retention-period settings before creating a compliance-mode retention period.
- None - provides no object locking.
|
IMPORTANT: Changes in the locking mode are applied to files written to the container after the change was applied. Existing files are locked according to the locking method in place at the time they were added to the container. |
- In the Locking Duration field, select the number and format (days or years) to specify the time that the object lock will be active.
- Click Update.