Solved: Re: ONTAP S3 Access

ChaitanUni · ‎2020-05-20

Hello All,

Did any one had chance to explore ONTAP S3 Preview ?

We got a trial license for our ONTAP 9.7 and followed TR-4814, but struggling to access the bucket either using S3Brower or s3fs-fuse, did anyone had any luck ? or is too early.

Thanks

Chaitan

scottgelb · ‎2020-06-02

I have it working with the S3 Browser...the key things to change after selecting S3 compatible storage

1) uncheck "Use secure transfer (SSL/TLS)" since that is not supported on the ONTAP S3 first release

2) change the signature version to "Signature V4" (instead of V2) and the browser enumerated my two buckets

See attached..it's a VSIM so not concerned showing the autogenerated keys.

View solution in original post

ttran · ‎2020-05-20

Hi Chaitan,

Were there any errors when the bucket was created or are you having issues actually creating the bucket? What specific issue are you having with the bucket? What step(s) in TR-4814 are you having an issue with?

NetApp TR-4814: S3 Public Preview ONTAP 9.7

Regards,

Team NetApp

ChaitanUni · ‎2020-05-21

Hello Team,

We have manged to get bucket created, it's the accessing of that is the issue.

Bucket details:

NetApp01::> vserver object-store-server bucket show
Vserver Bucket Volume Size Encryption
----------- --------------- ----------------- ---------- ----------
vserver01 bucket01 fg_oss_1589881626 10GB false

***should there be any firewall policy for LIF to access s3 interface ?

service-policy for S3 LIF :
s3 data-core: 0.0.0.0/0
data-s3-server: 0.0.0.0/0

Assigning S3 policy to S3-data LIF:

vserver lif service-policy
-------- ------- --------------
vserver01 s3-data s3

Mapping the bucket on a RHEL host using s3fs:

HOST01 s3test # sudo s3fs bucket01 /mnt/s3test -o passwd_file=~/.passwd-s3fs -o url=http://VSERVER_S3_LIF/ -o use_path_request_style -o dbglevel=info

Logs on the hosts:

May 20 11:09:01 HOST01 s3fs[8675]: URL is http://VSERVER_S3_LIF/bucket01/
May 20 11:09:01 HOST01 s3fs[8675]: URL changed is http://VSERVER_S3_LIF/bucket01/
May 20 11:09:01 HOST01 s3fs[8675]: computing signature [GET] [/] [] []
May 20 11:09:01 HOST01 s3fs[8675]: url is http://VSERVER_S3_LIF
May 20 11:09:01 HOST01 s3fs[8675]: curl.cpp:RequestPerform(2436): HTTP response code 403, returning EPERM. Body Text: <?xml version="1.0" encoding="UTF-8"?><Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided.</Message></Error>
May 20 11:09:01 HOST01 s3fs[8675]: curl.cpp:CheckBucket(3439): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?><Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided.</Message></Error>
May 20 11:09:01 HOST01 s3fs[8675]: s3fs.cpp:s3fs_check_service(3883): Failed to connect by sigv4, so retry to connect by signature version 2.
May 20 11:09:01 HOST01 s3fs[8675]: Pool full: destroy the oldest handler
May 20 11:09:01 HOST01 s3fs[8675]: check a bucket.
May 20 11:09:01 HOST01 s3fs[8675]: URL is http://VSERVER_S3_LIF/bucket01/
May 20 11:09:01 HOST01 s3fs[8675]: URL changed is http://VSERVER_S3_LIF/bucket01/
May 20 11:09:01 HOST01 s3fs[8675]: curl.cpp:RequestPerform(2431): HTTP response code 400, returning EIO. Body Text: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AuthorizationHeaderMalformed</Code><Message>The authorization header you provided is invalid.</Message></Error>
May 20 11:09:01 HOST01 s3fs[8675]: curl.cpp:CheckBucket(3439): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AuthorizationHeaderMalformed</Code><Message>The authorization header you provided is invalid.</Message></Error>
May 20 11:09:01 HOST01 s3fs[8675]: s3fs.cpp:s3fs_check_service(3895): Bad Request(host=http://VSERVER_S3_LIF) - result of checking service.
May 20 11:09:01 HOST01 s3fs[8675]: s3fs.cpp:s3fs_exit_fuseloop(3483): Exiting FUSE event loop due to errors
May 20 11:09:01 HOST01 s3fs[8675]: destroy

Thanks

Chaitan

scottgelb · ‎2020-06-02

I have it working with the S3 Browser...the key things to change after selecting S3 compatible storage

1) uncheck "Use secure transfer (SSL/TLS)" since that is not supported on the ONTAP S3 first release

2) change the signature version to "Signature V4" (instead of V2) and the browser enumerated my two buckets

See attached..it's a VSIM so not concerned showing the autogenerated keys.

christsai · ‎2020-06-02

Hi @scottgelb

It works, Thanks 🙂

ChaitanUni · ‎2020-06-03

Hello Sir,

Thanks scottgelb

Perfect, it works 🙂

Did you mange to get it working for linux ?

Thanks

Chaitan

UgurD · ‎2020-09-29

Hi ,

Can ı access with signature v2 is this supported or not ?

Tnx

scottgelb · ‎2020-09-30

Not in my testing so far...will see what the next version brings though

ddiaz · ‎2023-02-24

Please, selecting S3 compatible Storage, which ip do you set in REST endpoint field? How i could set the user to access to the bucket?

regards

christsai · ‎2020-05-20

We have same issue on ONTAP S3 POC, we followed TR-4814 to create bucket and user, when we using S3 Browser to connect S3 data LIF, it will timeout and without error log

ONTAP S3 Access

Get ready to power on