BlueXP Services

ONTAP S3 Access

ChaitanUni
19,726 Views

Hello All, 

Did any one had chance to explore ONTAP S3 Preview ? 

 

We got a trial license for our ONTAP 9.7 and followed TR-4814, but struggling to access the bucket either using S3Brower or s3fs-fuse, did anyone had any luck ? or is too early.

 

Thanks

Chaitan

1 ACCEPTED SOLUTION

scottgelb
19,239 Views

I have it working with the S3 Browser...the key things to change  after selecting S3 compatible storage

 

1) uncheck "Use secure transfer (SSL/TLS)" since that is not supported on the ONTAP S3 first release

2) change the signature version to "Signature V4" (instead of V2) and the browser enumerated my two buckets

 

See attached..it's a VSIM so not concerned showing the autogenerated keys.

View solution in original post

9 REPLIES 9

ttran
19,500 Views

Hi Chaitan,

 

Were there any errors when the bucket was created or are you having issues actually creating the bucket? What specific issue are you having with the bucket? What step(s) in TR-4814 are you having an issue with?

 

NetApp TR-4814: S3 Public Preview ONTAP 9.7

 

 

Regards, 

 

Team NetApp

Team NetApp

ChaitanUni
19,458 Views

Hello Team,

 

We have manged to get bucket created, it's the accessing of that is the issue.

 

Bucket details:

NetApp01::> vserver object-store-server bucket show
Vserver Bucket Volume Size Encryption
----------- --------------- ----------------- ---------- ----------
vserver01 bucket01 fg_oss_1589881626 10GB false

 

***should there be any firewall policy for LIF to access s3 interface ?

service-policy  for S3 LIF :
s3 data-core: 0.0.0.0/0
data-s3-server: 0.0.0.0/0

 

Assigning  S3 policy to S3-data LIF:

vserver lif service-policy
-------- ------- --------------
vserver01 s3-data s3

 

Mapping the bucket on a RHEL host using s3fs:

HOST01 s3test # sudo s3fs bucket01 /mnt/s3test -o passwd_file=~/.passwd-s3fs -o url=http://VSERVER_S3_LIF/ -o use_path_request_style -o dbglevel=info

 

Logs on the hosts:

May 20 11:09:01 HOST01 s3fs[8675]: URL is http://VSERVER_S3_LIF/bucket01/
May 20 11:09:01 HOST01 s3fs[8675]: URL changed is http://VSERVER_S3_LIF/bucket01/
May 20 11:09:01 HOST01 s3fs[8675]: computing signature [GET] [/] [] []
May 20 11:09:01 HOST01 s3fs[8675]: url is http://VSERVER_S3_LIF
May 20 11:09:01 HOST01 s3fs[8675]: curl.cpp:RequestPerform(2436): HTTP response code 403, returning EPERM. Body Text: <?xml version="1.0" encoding="UTF-8"?><Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided.</Message></Error>
May 20 11:09:01 HOST01 s3fs[8675]: curl.cpp:CheckBucket(3439): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?><Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided.</Message></Error>
May 20 11:09:01 HOST01 s3fs[8675]: s3fs.cpp:s3fs_check_service(3883): Failed to connect by sigv4, so retry to connect by signature version 2.
May 20 11:09:01 HOST01 s3fs[8675]: Pool full: destroy the oldest handler
May 20 11:09:01 HOST01 s3fs[8675]: check a bucket.
May 20 11:09:01 HOST01 s3fs[8675]: URL is http://VSERVER_S3_LIF/bucket01/
May 20 11:09:01 HOST01 s3fs[8675]: URL changed is http://VSERVER_S3_LIF/bucket01/
May 20 11:09:01 HOST01 s3fs[8675]: curl.cpp:RequestPerform(2431): HTTP response code 400, returning EIO. Body Text: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AuthorizationHeaderMalformed</Code><Message>The authorization header you provided is invalid.</Message></Error>
May 20 11:09:01 HOST01 s3fs[8675]: curl.cpp:CheckBucket(3439): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AuthorizationHeaderMalformed</Code><Message>The authorization header you provided is invalid.</Message></Error>
May 20 11:09:01 HOST01 s3fs[8675]: s3fs.cpp:s3fs_check_service(3895): Bad Request(host=http://VSERVER_S3_LIF) - result of checking service.
May 20 11:09:01 HOST01 s3fs[8675]: s3fs.cpp:s3fs_exit_fuseloop(3483): Exiting FUSE event loop due to errors
May 20 11:09:01 HOST01 s3fs[8675]: destroy

 

Thanks

Chaitan

scottgelb
19,240 Views

I have it working with the S3 Browser...the key things to change  after selecting S3 compatible storage

 

1) uncheck "Use secure transfer (SSL/TLS)" since that is not supported on the ONTAP S3 first release

2) change the signature version to "Signature V4" (instead of V2) and the browser enumerated my two buckets

 

See attached..it's a VSIM so not concerned showing the autogenerated keys.

christsai
19,221 Views

Hi @scottgelb 

 

It works, Thanks 🙂

ChaitanUni
19,199 Views

Hello Sir,

 

Thanks  

 

Perfect, it works 🙂 

 

Did you mange to get it working for linux ?

 

Thanks

Chaitan

UgurD
17,483 Views

Hi , 

Can ı access with signature v2 is this supported or not ? 

Tnx

scottgelb
17,452 Views

Not in my testing so far...will see what the next version brings though

ddiaz
9,970 Views

Please, selecting S3 compatible Storage, which ip do you set in REST endpoint field? How i could set the user to access to the bucket?

regards

christsai
19,483 Views

We have same issue on ONTAP S3 POC, we followed TR-4814 to create bucket and user, when we using S3 Browser to connect S3 data LIF, it will timeout and without error log

Public