Provisioning your Object Storage¶
You create, delete, and manage the resources composing your VPSA Object Storage via Zadara’s Provisioning Portal.
This section describes the available operations in the Provisioning Portal (https://manage.zadarastorage.com).
Adding Drives to an Existing Storage Policy (VPSA Object Storage Admin)¶
To add Drives to your VPSA Object Storage, go to the Zadara Provisioning Portal, select the VPSA Object Storage, and then press the Add Storage link.
Select the Storage Policy for which you add the drives
Select the number of Drives of the relevant type you wish to add to your VPSA Object Storage, and press Add. The number of drives added to the “Storage Policy” should match its characteristics, as described in the Getting Started section of this guide.
This operation requires the approval of a Zadara Storage Cloud Admin. Once approved, you’ll see the number of Drives in the Provisioning portal updated according to the request. The new drives will be automatically assigned to the selected Storage policy.
Note
Drives can’t be added more frequently than every 8 hours to let the Storage Policy to re-balance.
Adding Storage Policy (VPSA Object Storage Admin)¶
- To add Storage policy to your VPSA Object Storage, go to the Zadara Provisioning Portal,
select the VPSA Object Storage, and then press the Add Storage Policy link.
Give the new Policy a name and description.
Note
Objects names can be up to 128 chars long and can contain letters and digits, dashes “-” and underscores “_”
Select the protection level for this Storage Policy.
Select the number of Drives of the relevant type you wish to assign to this Storage Policy, and press Add. The number of drives added to the “Storage Policy” should match its characteristics, as described in the Getting Started section of this guide.
This operation requires the approval of a Zadara Storage Cloud Admin. Once approved, you’ll see the new Policy created in the VPSA Object Storage web management interface.
Assigning Public IPs (VPSA Object Storage Admin)¶
For security and privacy reasons, by default you cannot access the VPSA Object Storage from the public Internet. The Front-End IP address, used for management (via GUI and REST API) and for data IO workload (S3/Swift API), is allocated on the Zadara Storage Cloud “Front-End” network 10/40 GbE which is routable only from the Cloud Servers network. As this is an internal IP address, servers outside of your cloud network will not be able to reach this IP address. This means you cannot access your VPSA Object Storage from the Internet or any network with no routing to the Front-End network.
To assign a Public IP address to your VPSA Object Storage, for Internet inbound connectivity, open the Provisioning Portal, select the VPSA Object Storage, and click the Assign Public IP link. This operation requires Zadara Storage Cloud Admin approval. Once approved, the IP address will be added to the VPSA Object Storage characteristics. And In the VPSA Object Storage web management interface, under Settings > General > Public IP. To remove it, simply click the Remove Public IP link in the Zadara Provisioning Portal.
VPSA Object Storage In an Isolated Environment¶
VPSA Object Storage can be created in an isolated environment where no Internet access is available.
VPSA Object Storage includes SSL object web server in addition to the web management interface SSL server, therefore it is created with a default SSL certificate issued to zadarazios.com domain name.
In an isolated environment, there is no automatic DNS registration of the zadarazios.com domain name in DNSimple, hence the certificate will not match the FQDN of the VPSA Object Storage. In this case, you may encounter with the following behavior:
Object operations, including backup from VPSA Storage Array to VPSA Object Storage, may fail (as the VPSA Object Storage certificate cannot be verified).
VPSA Object Storage Console will not be available.
Accounts will be created without permissions
There are two approaches to adjust the VPSA Object Storage within an isolated environment:
Option 1 - Domain name for the FE interface (Recommended)
1.a Use the default zadarazios.com domain name
1.b Use a custom domain name
Option 2 - IP address for the FE interface
Option 1.a: Default VPSA Object Storage Domain Name¶
Once VPSA Object Storage is created, proceed as following:
Browse to the Management Interface IP address (as displayed in the provisioning portal), and approve the “insecure” certificate which does not match the URL IP:
Login to the web management interface with initial credentials and follow the prompt to replace the initial password.
Go to Settings page and copy the VPSA Object Storage API Hostname, which is the default domain name.
Manually register the default domain name with VPSA Object Storage FE IP in your internal DNS server.
Now, GUI connection and object operations should be done against the VPSA Object Storage default domain name which matches the name in the SSL certificate the VPSA is holding.
Option 1.b: Custom VPSA Object Storage Domain Name¶
Once VPSA Object Storage is created, proceed as following:
Browse to VPSA Object Storage GUI IP (as appears in the provisioning portal), and approve the “insecure” certificate which is not matching the URL IP:
Login to the GUI with initial credentials and change password
Go to Settings page and edit the VPSA Object Storage API Hostname, remove the default domain name and set a custom domain name as required:
The GUI will be reloaded and you will need to re-login, once logged in you will see in the Settings page that the API and Auth Endpoints were changed to the custom domain name instead of the default one:
Note
Starting that point, all mails sent to users by VPSA Object Storage will include URL with the custom domain name.
At this point VPSA Object Storage is still using “insecure” SSL certificate which was issued to zadarazios domain name. Although objects operations will now be possible, objects clients such as Cloudberry / S3browser will warn about an insecure connection to VPSA Object Storage. VPSA Storage Array backup to Object Storage will fail as it cannot handle insecure connections.
In order to complete the procedure and work in “secure” mode, you will need to:
Manually register the custom domain name with the VPSA Object Storage FE IP in your internal DNS server.
Generate SSL certificate issued to the custom domain name.
Upload it to the VPSA Object Storage as a PEM file. Use the Settings page to upload the certificate:
Once the new PEM is uploaded, the web management interface will reload. Now, GUI connection and object operations should be done against VPSA Object Storage custom domain name which is matching the name in the SSL certificate VPSA Object Storage is holding.
Option 2: IP Address¶
Once VPSA Object Storage is created, proceed as following:
Browse to GUI IP (as appears in the provisioning portal), and approve the “insecure” certificate which is not matching the URL IP:
Login to VPSA Object Storage GUI with initial credentials and change password
Go to Settings page and edit the VPSA Object Storage API Hostname
Clear the value and save
The GUI will be reloaded and you will need to re-login, once logged in you will see the API and Auth Endpoints were changed to include IP instead of domain name:
Note
Starting that point, all mails sent to users by the VPSA Object Storage will include the IP-based URL instead of the domain name.
At this point the web server is still using the “insecure” SSL certificate which was issued to zadarazios.com domain name. Although objects operations will now be possible to VPSA Object Storage, objects clients such as Cloudberry \ S3browser will warn about an insecure connection to the VPSA Object Storage. VPSA Storage Array backup to VPSA Object Storage will fail as it cannot handle insecure connections.
In order to work in “secure” mode, you will need to:
Generate SSL certificate issued to the VPSA Object Storage FE IP (it can be self-signed certificate).
Upload it to the VPSA Object Storage as a PEM file . Use the Settings page to upload the certificate:
Once the PEM is uploaded, GUI will reload. Now, GUI connection and object operations should be done against VPSA Object Storage FE IP which is matching the name in the SSL certificate VPSA Object Storage is holding.
Setting Custom Domain for VPSA Object Storage¶
VPSA Object Storage is created by default with zadarazios.com domain and registered with this domain name in DNSimple DNS service.
VPSA Object Storage includes SSL object server in addition to the GUI SSL server, therefore it is created with a default SSL certificate issued to zadarazios.com .
VPSA Object Storage domain name and certificate are not only used for management but also for Authentication and Object Operations.
Follow the procedure below to set a custom domain instead of the default:
Global custom domain for all Object Storage VPSA’s in the cloud¶
Similar to VPSA Storage Array, it is possible to customize the cloud via Command Center in order to make sure every VPSA Object Storage which is created on the cloud will own a custom domain name and a matching SSL certificate.
Login to Command Center and open customization page:
Under the General tab set a custom domain name, and upload a matching SSL certificate:
From that point on, every VPSA Object Storage to be created in this cloud will have the custom domain name and matching certificate
Manually register the custom domain of each VPSA in a public DNS server.
Explicit custom domain per VPSA Object Storage¶
Once VPSA Object Storage is created proceed as following:
Browse to the management URL (zadarazios domain name) as appears in the provisioning portal
Login to the GUI with initial credentials and change password
Go to the Settings page and edit the VPSA Object Storage API Hostname, remove the default domain name and set a custom domain name as required:
The GUI will be reloaded and you will need to re-login, once logged in you will see in the Settings page that the API and Auth Endpoints were changed to the custom domain name instead of the default one:
Note
Starting that point, all mails sent to users will include URL with the custom domain name.
At this point VPSA Object Storage is still using the default SSL certificate which was issued to zadarazios domain name. Although objects operations will now be possible, objects clients such as Cloudberry / S3browser will complain about an insecure connection to VPSA Object Storage as the certificate is not matching the custom domain name. In addition VPSA backup to VPSA Object Storage will fail as it cannot handle insecure connections.
In order to work in “secure” mode, you will need to:
Manually register the custom domain name with VPSA Object Storage FE IP in any public DNS server. If a Public IP is required, assign a public IP to the VPSA Object Storage and register the custom domain name with the public IP in the DNS.
Generate SSL certificate issued to the custom domain name
Upload it to the VPSA Object Storage as a PEM file . Use the Settings page to upload the certificate:
Once PEM is uploaded, GUI will reload. Now, GUI connection and object operations should be done against VPSA Object Storage custom domain name which is matching the name in the SSL certificate VPSA Object Storage is holding.
Note
The management URL will still appear in the provisioning portal with the default zadarazios domain name, however management, authentication and objects operations will be done against the custom domain as seen in VPSA Object Storage settings page and which will also appear in mails.
Adding Proxy Virtual Controllers (VPSA Object Storage Admin)¶
The public VPSA Object Storage REST API is exposed through the Proxy. For each request, it will look up the location of the account, container, or object and route the request accordingly. Failures are also handled in the Proxy. For example, if an object server is unavailable for an object PUT request, it will find an alternate route there instead.
In VPSA Object Storage every VC automatically assigned to the system has both Storage and Proxy roles. However, in order to improve performance, you have the option to add additional Proxy only VC’s.
To assign additional Proxy VC’s, go to the Zadara Provisioning Portal, select the VPSA Object Storage system, and press the Add Proxy Virtual Controllers button. This operation requires the approval of a Zadara Storage Cloud Admin.