Prepare the storage environment for the S3 Object Browser

Edit online

Configure your storage environment so that the S3 Object Browser can connect to and interact with your S3 endpoint.

Before you begin

Before you begin, make sure that you have the following prerequisites in place:

  • An operational IBM Storage Ceph cluster with a configured Ceph Object Gateway (RGW)
  • Access to an S3-compatible endpoint
  • Valid S3 credentials (access key and secret key)

About this task

Before you deploy or access the S3 Object Browser, you must configure the storage environment to allow browser-based access to the S3 endpoint.

This preparation ensures that the Object Browser can communicate with the Ceph Object Gateway and that required network and security settings are in place.

Procedure

  1. Ensure network connectivity to the Ceph Object Gateway endpoint.
    Verify that the system running the web browser can reach the S3 endpoint over the configured network.
    1. Configure network ports for S3 Object Browser access.
      Ensure that the required ports are open and accessible.
      Table 1. Required network ports for S3 Object Browser access
      Protocol Port Purpose
      HTTP 8080 CLI deployment
      HTTP 8095 Dashboard deployment.
      Note: 8095 is the default deployment port. Another port can be provided.
      HTTPS 9443 Secure access
  2. Configure TLS certificates if using HTTPS.
    Provide valid TLS certificates for secure communication. Self-signed certificates can be used for testing, but production deployments should use trusted certificates.
  3. Verify and configure Cross-Origin Resource Sharing (CORS) settings.
    The Object Browser requires CORS to be enabled on the Ceph Object Gateway to allow browser-based requests to the S3 endpoint.
    Ensure that the CORS configuration includes the required origins, HTTP methods, and headers.
    • Allowed origins
    • Allowed HTTP methods (for example, GET, PUT, POST)
    • Allowed headers
    1. Verify CORS configuration.
      Go to Administration > Configuration and search for gcors.

      Ensure the following options exist:

      • rgw_gcors_allow_headers
      • rgw_gcors_allow_methods
      • rgw_gcors_allow_origins
      • rgw_gcors_expose_headers
    2. Configure CORS settings from the command line.
      Note: If multiple Ceph Object Gateway daemons are deployed, you must configure CORS settings for each daemon.
      • ceph config set client.rgw.DAEMON rgw_gcors_allow_origins "ALLOWED_ORIGIN"
        Note: The allowed origin must match the Object Browser URL used to access the Object Browser, including the protocol and port.
      • ceph config set client.rgw.DAEMON rgw_gcors_allow_methods "GET,PUT,POST,DELETE,OPTIONS,HEAD"
      • ceph config set client.rgw.DAEMON rgw_gcors_allow_headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,Amz-Sdk-Invocation-Id,Amz-Sdk-Request,X-Amz-Date,X-Amz-Content-Sha256,X-Amz-Security-Token,X-Amz-Target,x-amz-user-agent,x-amz-sdk-checksum-algorithm,x-amz-checksum-crc32,x-amz-bucket-object-lock-enabled,x-amz-tagging"
      • ceph config set client.rgw.DAEMON rgw_gcors_expose_headers "Content-Length,Content-Range,ETag,Amz-Request-Id,Amz-Id-2,X-Amz-Request-Id,X-Amz-Id-2,x-amz-version-id"

      The DAEMON is in the format HOSTNAME.UNIQUE_ID. For example, ceph-node-01.qmfff.

      For example, 
      [ceph: root@host01 /]# ceph config set client.rgw.ceph-node-01.qmfff rgw_gcors_allow_origins "https://192.168.100.100:8080"

[ceph: root@host01 /]# ceph config set client.rgw.ceph-node-01.qmfff rgw_gcors_allow_methods "GET,PUT,POST,DELETE,OPTIONS,HEAD"

[ceph: root@host01 /]# ceph config set client.rgw.ceph-node-01.qmfff rgw_gcors_allow_headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,Amz-Sdk-Invocation-Id,Amz-Sdk-Request,X-Amz-Date,X-Amz-Content-Sha256,X-Amz-Security-Token,X-Amz-Target,x-amz-user-agent,x-amz-sdk-checksum-algorithm,x-amz-checksum-crc32,x-amz-bucket-object-lock-enabled,x-amz-tagging"

[ceph: root@host01 /]# ceph config set client.rgw.ceph-node-01.qmfff rgw_gcors_expose_headers "Content-Length,Content-Range,ETag,Amz-Request-Id,Amz-Id-2,X-Amz-Request-Id,X-Amz-Id-2,x-amz-version-id"

Results

The storage environment is configured to allow the S3 Object Browser to connect to the S3 endpoint and perform object storage operations.