Example I/O - Creating user account and uploading object to the bucket

The following example describes an end to end flow of creating a user account and uploading objects into a bucket .

1. On the IBM Storage Scale DAS cluster, create a user with required uid, gid, and the newBucketsPath by using the following command:

   mmdas account create s3use8502@fvt.com --uid 8502 --gid 8888 --newBucketsPath "/mnt/remote-sample/s3user-u8502-dir"       
   Account is created successfully. The secret and access keys are as follows.
    Access Key             Secret Key
    ----------             -----------
    dM5fTvmbpOsRtbRO7CY9   oo1o23wrd6HbJoo0pSM41k+jaDcaZRwS2Sh7QKnZ

   Note: At the time of user creation, there is no check by the DAS component on the mentioned newBucketsPath.
2. On the storage cluster, create the respective directory with appropriate uid and gid that was created on the IBM Storage Scale DAS cluster.
   1. Create a directory in the IBM Storage Scale file system that is remotely mounted onto a containerized IBM Storage Scale DAS cluster by using the following command:

      mkdir /mnt/fs1/s3user-u8502-dir
      

   2. If you have enabled SELinux on the storage cluster, then list the directory with the -Z option:

      ls -laZd /mnt/fs1/s3user-u8502-dir
      drwxr-xr-x. 2 root root unconfined_u:object_r:container_file_t:s0:c123,c456 4096 Nov 17 02:15 /mnt/fs1/s3user-u8502-dir

   3. If you have enabled SELinux on the storage cluster, then change the SELinux user/role/type/level to appropriate values as mentioned:

      chcon system_u:object_r:container_file_t:s0:c123,c456 /mnt/fs1/s3user-u8502-dir
      

   4. Change the owner and group to the IBM Storage Scale DAS user created by using the following command:

      chown 8502:8888 /mnt/fs1/s3user-u8502-dir/
      

   5. Change the permission to the directory by using the following command:

      chmod 770 /mnt/fs1/s3user-u8502-dir/

   6. List the directory by using the following command (use the -Z option if SELinux was enabled on storage cluster):

      ls -laZd /mnt/fs1/s3user-u8502-dir/
      drwxrwx---. 2 8502 8888 system_u:object_r:container_file_t:s0:c123,c456 4096 Nov 17 02:15 /mnt/fs1/s3user-u8502-dir/
      

      Note: In this example, MCS labels are set as c123,c456 across the Storage Cluster and Openshift-storage namespace
3. Login to the application node or infrastructure node, wherever the S3 CLI is installed and create an alias for the user.
   1. Create an alias for the user by using the following command:

      alias s3u8502='AWS_ACCESS_KEY_ID=4cq56JcdnIIVyAY3QcIa AWS_SECRET_ACCESS_KEY=KaSC57jyAxgDBHJ/p4i9dp/2v0/a/4FaI64Mo/63 aws --endpoint https://10.17.54.11 --no-verify-ssl s3'

      Note: The IP is referred to as one of the MetalLB IP addresses that was provided at S3 Service creation time.
   2. Create a bucket by using s3 mb command:

      s3u8502 mb s3://newbucket-u8502
      urllib3/connectionpool.py:1045: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.17.54.11'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
      make_bucket: newbucket-u8502

      Note: Red Hat OpenShift Data Foundation (ODF) 4.13 introduced changes in bucket policies that affects buckets shared among S3 users belonging to the same group id (gid).
   3. List the content of the bucket by using the following command:

      s3u8502 ls s3://newbucket-u8502
      urllib3/connectionpool.py:1045: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.17.54.11'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings

      As no objects are uploaded, it shows empty.
   4. Upload an object to the newly created bucket:

      echo "this is new object created" > /tmp/new-obj-for-u8502
      
      s3u8502 cp /tmp/new-obj-for-u8502 s3://newbucket-u8502
      urllib3/connectionpool.py:1045: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.17.54.11'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
      upload: ../tmp/new-obj-for-u8502 to s3://newbucket-u8502/new-obj-for-u8502

   5. List the content of the bucket by using the following command:

      s3u8502 ls s3://newbucket-u8502
      urllib3/connectionpool.py:1045: InsecureRequestWarning: Unverified HTTPS request is being made to host '10.17.54.11'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
      2022-11-17 02:31:07         27 new-obj-for-u8502
      

   In this example, once the user is created, it is evident that buckets can be created and data can be uploaded.