Deploying an S3 data source with custom SSL certificate

Procedure (IBM Storage Scale 6.0.0.x only)

1. For Filesystem with IBM Storage Scale version 6.0.0.x, create a data source for an S3 bucket, which has a custom Secure Sockets Layer (SSL) certificate by adding bucket name, end-point, secret key, and access key details as mentioned in Creating a data source.

   The data source status is updated to Authentication Failure as the SSL cannot be processed.

2. Log in to the IBM Storage Scale 6.0.0.x cluster.
3. Get the AFM cache fileset name by listing the configuration details on the filesystem with the following command, and identify the one for the S3 bucket you just tried to add:

   mmafmcoskeys all get --report

4. Retrieve the fileset-name from the export map, which is in the following format:

   <bucket-name>:<fileset-name>-exportmap=<keys>

5. Copy the TLS certificate on a path, for example at /var/cas/tls-cert/sample-cert.pem.
6. Run the following command to re-create the fileset and make it Active:

   mmafmcosconfig <fs> <fileset-name> --endpoint 'https://<fileset-name>-exportmap:443' --object-fs --bucket <bucket-name> --tmpdir '.cachevolumetmp' --gid <gid> --mode 'iw' --ssl-cert-verify --ssl-cert-path <cert-with-full-path> --async-prefetch-interval 60 --makeactive

   The fileset must be deployed with the following output:

   Partition <fileset-name> is created and policy broadcasted to all nodes.

7. Check the status of the fileset:

   /usr/lpp/mmfs/bin/mmafmctl <fs> getstate -j <fileset-name>

   Remember: The fileset must be in the Active state and the contents of S3 bucket must be readable in the fileset.
8. Delete the previously failed data source and redeploy it with the same bucket information.

Results

The data source gets Connected as it can be able to use the manually created fileset.