Browse to https://s3tools.org/s3cmd for system requirements and download.
Make sure the s3cmd is installed on your client machine. For example, on CentOS/Redhat Linux systems:
sudo yum install s3cmd -y
Once s3cmd is installed, you need to configure it to connect to your VAST Cluster S3 account.
Configurations, including user account credentials, are specified in a configuration file. The default configuration file is located under your home directory ($HOME/.s3cfg). This file contains all of the S3cmd settings. All s3cmd commands default to the default configuration file.
You can create an additional configuration file for your VAST-specific settings, or add them to the default configuration file. When using an additional configuration file, specify the file in your S3cmd commands.
Your configuration file should minimally include the following content. Save it to your home directory as <filename>.s3cfg, where <filename> is a name of your choice. In our examples. we will use vast.s3cfg.
[default] access_key = <ACCESS-KEY> secret_key = <SECRET-KEY> host_base = <CLUSTER VIRTUAL IP> host_bucket = <CLUSTER VIRTUAL IP> use_https = false|true
In which:
-
<ACCESS-KEY>and<SECRET-KEY>are your S3 key pair. -
<CLUSTER VIRTUAL IP>can be any of the cluster's Virtual IPs.Note
To retrieve the cluster's virtual lPs:
-
In the VAST Web UI, open the menu (click
), select Configuration and then select the Virtual IPs tab. The Virtual IPs list shows you which virtual IPs are configured on each CNode. -
In the VAST CLI, run the
vip listcommand.
Caution
Do not specify a port number. The port is not configurable. Specifying the default port can cause an error with signature version 4.
-
-
To connect over HTTPS, set
use_https= true. When this is set, the service will listen on port 443, the secure port. HTTPS connection will only work if an SSL certificate for S3 is installed on the VMS. See Enabling FIPS 140-2 Validated Compliant HTTPS Connection. -
To connect over HTTP, set
use_https= false.
For more configuration options, see s3cmd documentation. Configuration options can be passed in individual commands or in the configuration file.
For HTTPS Connections
If you are configuring S3cmd to connect to S3 over HTTPS, you need to make sure that the connection doesn't fail due to failed certificate verification. An SSL certificate must be installed on the VMS for the S3 service. The S3 service provides the installed certificate to S3cmd as part of the SSL handshake when establishing an HTTPS connection to the service. By default, S3cmd verifies the certificate using the default local certificate trust store. The local path to the default certificate store is OS dependent. If the default trust store doesn't recognize the CA that signed the certificate, such as with a self signed certificate, the connection will fail with the default configuration.
The following are commands you might include in the configuration file to handle SSL certificate verification:
-
To disable certificate verification:
no-check-certificate
-
Alternatively, to set a non-default path to the certificate trust store and point it to your certificate:
ca-certs = <CA_CERTS_FILE>
-
Often there is a mismatch between the hostname embedded in the certificate and the service endpoint URL, which causes failure when the hostname is verified. To disable checking the hostname:
no-check-hostname
Signature Versions
VAST Cluster supports both signature version 4 (default and recommended) and signature version 2. To enforce signature version 2 specify the following in the configuration file:
signature_v2=true
Comments
0 comments
Article is closed for comments.