Enabling log based bucket replication in Microsoft Azure

Before you begin

  • Refer to Microsoft Azure documentation and ensure that you have completed the following tasks in the Microsoft Azure portal:

    1. Ensure that have created a new application and noted down the name, application (client) ID, and directory (tenant) ID.

      For information, see Register an application.

    2. Ensure that a new client secret is created and the application secret is noted down.
    3. Ensure that a new Log Analytics workspace is created and its name and workspace ID is noted down.

      For information, see Create a Log Analytics workspace.

    4. Ensure that the Reader role is assigned under Access control and members are selected and the name of the application that you registered in the previous step is provided.

      For more information, see Assign Azure roles using the Azure portal.

    5. Ensure that a new storage account is created and the Access keys are noted down.
    6. In the Monitoring section of the storage account created, select a blob and in the Diagnostic settings screen, select only StorageWrite and StorageDelete, and in the destination details add the Log Analytics workspace that you created earlier. Ensure that a blob is selected in the Diagnostic settings screen of the Monitoring section of the storage account created. Also, ensure that only StorageWrite and StorageDelete is selected and in the destination details, the Log Analytics workspace that you created earlier is added.

      For more information, see Diagnostic settings in Azure Monitor.

    7. Ensure that two new containers for object source and object destination are created.
  • Administrator access to OpenShift Web Console.

Procedure

  1. Create a secret with credentials to be used by the namespacestores.
    apiVersion: v1
    kind: Secret
    metadata:
      name: <namespacestore-secret-name>
    type: Opaque
    data:
        TenantID: <AZURE TENANT ID ENCODED IN BASE64>
        ApplicationID: <AZURE APPLICATIOM ID ENCODED IN BASE64>
        ApplicationSecret: <AZURE APPLICATION SECRET ENCODED IN BASE64>
        LogsAnalyticsWorkspaceID: <AZURE LOG ANALYTICS WORKSPACE ID ENCODED IN BASE64>
        AccountName: <AZURE ACCOUNT NAME ENCODED IN BASE64>
        AccountKey: <AZURE ACCOUNT KEY ENCODED IN BASE64>
  2. Create a NamespaceStore backed by a container created in Azure.
  3. Create a new Namespace-Bucketclass and OBC that utilizes it.
  4. Check the object bucket name by looking in the YAML of target OBC, or by listing all S3 buckets, for example, - s3 ls.
  5. Use the following template to apply an Azure replication policy on your source OBC by adding the following in its YAML, under .spec:
    replicationPolicy:'{"rules":[ {"rule_id":"ID goes here", "sync_deletions": "<true or false>"", "destination_bucket":object bucket name"}
     ], "log_replication_info":{"endpoint_type":"AZURE"}}'
    sync_deletion
    Specify a boolean value, true or false.
    destination_bucket
    Make sure to use the name of the object bucket, and not the claim. The name can be retrieved using the s3 ls command, or by looking for the value in an OBC’s YAML.

What to do next

  • Verification steps:
    1. Write objects to the source bucket.
    2. Wait until MCG replicates them.
    3. Delete the objects from the source bucket.
    4. Verify the objects were removed from the target bucket.