pvsadm with a private cos endpoint #117

mkumatag · 2021-02-02T04:56:48Z

There is requirement of using the private cos endpoint instead for the secure private n/w use case, currently I see an option --bucket-region to supply the region, this option is used internally to build the cos URI, this task is to supply the private. prefix with this flag and make sure things are working fine(upload and import)

e.g:
Public EP: s3.us-south.cloud-object-storage.appdomain.cloud
Private EP: s3.private.us-south.cloud-object-storage.appdomain.cloud

/cc @bpradipt
/assign @bkhadars

The text was updated successfully, but these errors were encountered:

bkhadars · 2021-02-16T03:42:00Z

/cc @mkumatag
Tested using the private endpoints, not able to perform any s3 operation like createBucket or ListBuckets using private endpoints from both powervs and vpc environment.

Below are the observations:

PowerVS Environment:

[root@pvsadm-node src]# nslookup s3.private.us-south.cloud-object-storage.appdomain.cloud
Server:		9.9.9.9
Address:	9.9.9.9#53

Non-authoritative answer:
Name:	s3.private.us-south.cloud-object-storage.appdomain.cloud
Address: 10.1.129.97

[root@pvsadm-node src]# ping s3.private.us-south.cloud-object-storage.appdomain.cloud
PING s3.private.us-south.cloud-object-storage.appdomain.cloud (10.1.129.97) 56(84) bytes of data.
^C
--- s3.private.us-south.cloud-object-storage.appdomain.cloud ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 197ms

[root@pvsadm-node src]#

VPC Environment:

root@test-cos-private:~# nslookup s3.private.us-south.cloud-object-storage.appdomain.cloud
Server:		127.0.0.53
Address:	127.0.0.53#53

Non-authoritative answer:
Name:	s3.private.us-south.cloud-object-storage.appdomain.cloud
Address: 10.1.129.97

root@test-cos-private:~# ping s3.private.us-south.cloud-object-storage.appdomain.cloud
PING s3.private.us-south.cloud-object-storage.appdomain.cloud (10.1.129.97) 56(84) bytes of data.
^C
--- s3.private.us-south.cloud-object-storage.appdomain.cloud ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6144ms

root@test-cos-private:~#

Test Snnipet code used for performing the s3 operations:

package main
import (
    //"bytes"
    "fmt"
    "github.com/IBM/ibm-cos-sdk-go/aws/credentials/ibmiam"
    "github.com/IBM/ibm-cos-sdk-go/aws"
    "github.com/IBM/ibm-cos-sdk-go/aws/session"
    "github.com/IBM/ibm-cos-sdk-go/service/s3"
    )

// Constants for IBM COS values
const (
    apiKey            = "XXXXXXXXXX" // example: xxxd12V2QHXbjaM99G9tWyYDgF_0gYdlQ8aWALIQxXx4
    serviceInstanceID = "XXXXXXXXXX" // example: crn:v1:bluemix:public:cloud-object-storage:global:a/xx999cd94a0dda86fd8eff3191349999:9999b05b-x999-4917-xxxx-9d5b326a1111::
    authEndpoint      = "https://iam.cloud.ibm.com/identity/token"
    serviceEndpoint   = "https://s3.private.us-south.cloud-object-storage.appdomain.cloud" // example: https://s3.us-south.cloud-object-storage.appdomain.cloud
)

func main() {
    newBucket := "new-bucketee"
    newColdBucket := "new-cold-bucketee"

    //Setting up a new configuration
    conf := aws.NewConfig().
    WithEndpoint(serviceEndpoint).
    WithCredentials(ibmiam.NewStaticCredentials(aws.NewConfig(), authEndpoint, apiKey, serviceInstanceID)).
    WithS3ForcePathStyle(true)
    sess := session.Must(session.NewSession())
    client := s3.New(sess, conf)
    fmt.Println("client", client)

    input := &s3.CreateBucketInput{
	    Bucket: aws.String(newBucket),
    }
    client.CreateBucket(input)

    input2 := &s3.CreateBucketInput{
	    Bucket: aws.String(newColdBucket),
	    CreateBucketConfiguration: &s3.CreateBucketConfiguration{
		    LocationConstraint: aws.String("us-cold"),
	    },
    }
    client.CreateBucket(input2)

    d, _ := client.ListBuckets(&s3.ListBucketsInput{})
    fmt.Println("buckets", d)
}

Output:

[root@pvsadm-node src]# ./s3_plugin
client &{0xc000200380}
buckets {

}

mkumatag · 2021-02-16T05:28:10Z

@bpradipt we aren't able to talk to the private endpoint from either VPC or PowerVS machines, let us know if any additional n/w configuration required to talk to the private endpoint?

bkhadars · 2021-02-18T01:49:04Z

@mkumatag @bpradipt with classic infra setup, using COS api's I am able to list the buckets from the COS instance, but the bucket creation operation doesn't succeed.

[root@vserver-fra02 pvsadm]# go run s3_plugin.go
client &{0xc000188380}
buckets {
  Buckets: [{
      CreationDate: 2021-02-18 01:04:49.818 +0000 UTC,
      Name: "basheer-bucket2022"
    }],
  Owner: {
    DisplayName: "05d8e593-111e-4bc0-bd0e-aa1e83915a03",
    ID: "05d8e593-111e-4bc0-bd0e-aa1e83915a03"
  }
}

mkumatag · 2021-03-16T14:24:47Z

moving to 21.03 milestone

ltccci assigned bkhadars Feb 2, 2021

mkumatag added this to the 21.02 milestone Feb 2, 2021

mkumatag modified the milestones: 21.02, 21.03 Mar 16, 2021

mkumatag removed this from the 21.03 milestone Jul 15, 2021

mkumatag added kind/feature Categorizes issue or PR as related to a new feature. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. labels Jul 15, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

pvsadm with a private cos endpoint #117

pvsadm with a private cos endpoint #117

mkumatag commented Feb 2, 2021

bkhadars commented Feb 16, 2021

mkumatag commented Feb 16, 2021

bkhadars commented Feb 18, 2021

mkumatag commented Mar 16, 2021

pvsadm with a private cos endpoint #117

pvsadm with a private cos endpoint #117

Comments

mkumatag commented Feb 2, 2021

bkhadars commented Feb 16, 2021

Below are the observations:

PowerVS Environment:

VPC Environment:

mkumatag commented Feb 16, 2021

bkhadars commented Feb 18, 2021

mkumatag commented Mar 16, 2021