VALIDATE CLOUD (Validate cloud credentials)

Before you define a cloud-container storage pool, use this command to ensure that the credentials for the storage pool are valid and that the necessary permissions are granted to the user.

Privilege class

Any administrator can issue this command.

Syntax

Read syntax diagramSkip visual syntax diagram VALidate CLOud CONNection=connection_name1STGpool=pool_name2CLOUDType=S3CLOUDType= AZureGOOGleS3 CLOUDUrl = cloud_url IDentity = cloud_identity3 PAssword = password KEYLocation=key_location4BUCKETName=bucket_name5
Notes:
  • 1 If you specify the CONNECTION parameter, no other parameters are required. If additional parameters are used, those parameter values will override the corresponding values in the CONNECTION parameter.
  • 2 If you specify the STGPOOL parameter, no other parameters are required. If additional parameters are used, those parameter values will override the corresponding values in the STGPOOL parameter.
  • 3 If you specify CLOUDTYPE=AZURE or CLOUDTYPE=GOOGLE or a connection or storage pool of type AZURE or GOOGLE, do not specify the IDENTITY parameter.
  • 4 The KEYLOCATION parameter is valid only if you specify CLOUDTYPE=GOOGLE or a connection or storage pool of type GOOGLE.
  • 5 The BUCKETNAME parameter is valid only if you specify CLOUDTYPE=S3 or CLOUDTYPE=GOOGLE or a connection or storage pool of type S3 or GOOGLE.

Parameters

CONNection
Specifies the name of a connection that will be used to back up an IBM Spectrum® Protect database to a cloud provider. Enter the name that you specified with the DEFINE CONNECTION command. This parameter is optional. The maximum length of the name is 30 characters.

If you specify the parameter, no other parameters are required. Do not use the CONNECTION parameter with the CLOUDTYPE or STGPOOL parameter. If the CLOUDURL, IDENTITY, PASSWORD, KEYLOCATION, or BUCKETNAME parameters are specified, those parameter values will override the corresponding values in the CONNECTION parameter.

For example, if you issue the following command, the identity, password, and bucket name values are derived from the storage pool (s3conn). However, because the CLOUDURL value (newcloud.url.com) was also specified, that value will override the cloud URL that was specified when the storage pool was defined.
VALIDATE CLOUD CONNECTION=s3conn CLOUDURL=newcloud.url.com
STGpool
Specifies the name of a cloud-container storage pool that will be used to back up an IBM Spectrum Protect database to a cloud provider. This name was defined in the DEFINE STGPOOL. This parameter is optional. The maximum length of the name is 30 characters.

If you specify the STGPOOL parameter, no other parameters are required Do not use the STGPOOL parameter with the CLOUDTYPE or CONNECTION parameter. If the CLOUDURL, IDENTITY, PASSWORD, KEYLOCATION, or BUCKETNAME parameters are specified, those parameter values will override the corresponding values in the STGPOOL parameter.

For example, if you issue the following command, the identity, password, and bucket name values are derived from the storage pool (s3pool). However, because the CLOUDURL value (newtwocloud.url.com) was also specified, that value will override the cloud URL that was specified when the storage pool was defined.
VALIDATE CLOUD STGPOOL=s3pool CLOUDURL=newtwocloud.url.com
CLOUDType
Specifies the type of cloud environment where you configured the storage pool.
You can specify one of the following values:
AZure
Specifies that the storage pool uses a Microsoft Azure cloud computing system.
GOOGle
Specifies that the connection or storage pool uses a Google Cloud Storage cloud computing system.
S3
Specifies that the storage pool uses a cloud computing system with the Simple Storage Service (S3) protocol, such as IBM® Cloud Object Storage or Amazon Web Services (AWS) S3.
This parameter is optional. If you do not specify the parameter, the default value, S3, is used. Do not use either the STGPOOL or CONNECTION parameter with the CLOUDTYPE parameter.
CLOUDUrl
Specifies the URL of the cloud environment where you configure the storage pool. If neither the CONNECTION parameter nor the STGPOOL parameter is specified, the CLOUDURL parameter is required for all supported cloud computing systems except Google. If you specify CLOUDTYPE=GOOGLE, do not specify the CLOUDURL parameter. Based on your cloud provider, you can use a blob service endpoint, region endpoint URL, an Accesser® IP address, a public authentication endpoint, or a similar value for this parameter. Ensure that you include the protocol, such as https:// or http://, at the beginning of the URL. The maximum length of the web address is 870 characters. The CLOUDURL parameter is validated when the first backup operation begins.
Tip: If the CLOUDURL parameter is specified with either the CONNECTION or the STGPOOL parameter, the value in the CLOUDURL parameter is used.
IDentity
Specifies the user ID for the cloud. If neither the CONNECTION parameter nor the STGPOOL parameter is specified, the IDENTITY parameter is required for all supported cloud computing systems except Azure and Google. If you specify CLOUDTYPE=AZURE or CLOUDTYPE=GOOGLE, do not specify the IDENTITY parameter. Based on your cloud provider, you can use an access key ID, a user name, a tenant name and user name, or a similar value for this parameter. The maximum length of the user ID is 255 characters.
Tip: If the IDENTITY parameter is specified with either the CONNECTION or the STGPOOL parameter, the value in the IDENTITY parameter is used.
PAssword
Specifies the password for the cloud. If neither the CONNECTION parameter nor the STGPOOL parameter is specified, the PASSWORD parameter is required for all supported cloud computing systems except Google. If you specify CLOUDTYPE=GOOGLE, do not specify the PASSWORD parameter. Based on your cloud provider, you can use a shared access signature (SAS) token, secret access key, an API key, a password, or a similar value for this parameter. The maximum length of the password is 256 characters.
Tip: If the PASSWORD parameter is specified with either the CONNECTION or the STGPOOL parameter, the value in the PASSWORD parameter is used.
KEYLocation
Specifies the name of the file that contains the Google Cloud Storage service account key in JavaScript Object Notation (JSON) format. If neither the CONNECTION parameter nor the STGPOOL parameter is specified, and CLOUDTYPE=GOOGLE, the KEYLOCATION parameter is required.
Tip: If the KEYLOCATION parameter is specified with either the CONNECTION or the STGPOOL parameter, the value in the KEYLOCATION parameter is used.
BUCKETName
Specifies the name for an AWS S3 or Google Cloud Storage bucket or an IBM Cloud Object Storage vault to use with the storage pool, instead of using the default bucket name or vault name. This parameter is valid only if you specify CLOUDTYPE=S3 or CLOUDTYPE=GOOGLE. The parameter is required when you specify CLOUDTYPE=GOOGLE.
Tip: If the BUCKETNAME parameter is specified with either the CONNECTION or the STGPOOL parameter, the value in the BUCKETNAME parameter is used.
If a bucket or vault exists with the name that you specify, that bucket or vault is tested to ensure that the proper permissions are set.
If the bucket or vault does not exist, the parameter verifies only that a bucket or vault with that name does not exist. If the command output indicates that the bucket or vault does not exist, work with your cloud service provider to create a bucket or vault with an appropriate name and settings. Permissions are required for reading, writing, listing, and deleting objects. After the bucket or vault is created, run the VALIDATE CLOUD command again to validate the permissions.
Tip: If you specify CLOUDTYPE=S3, but do not specify the BUCKETNAME parameter, the Replication Globally Unique ID is used as the default bucket name. The default bucket name is:
ibmsp.guid
where guid is the REPLICATION GLOBALLY UNIQUE ID value, minus the periods, in the output of the QUERY REPLSERVER command. For example, if the Replication Globally Unique ID is 52.82.39.20.64.d0.11.e6.9d.77.0a.00.27.00.00.00, the default bucket name is ibmsp.5282392064d011e69d770a0027000000.

Example: Verify the credentials of an S3 cloud-container storage pool

Validate the credentials of a cloud-container storage pool.
validate cloud 
cloudtype=s3 cloudurl=http://123.234.123.234:5000/v2.0
password=protect8991 bucketname=ibmsp.5282392064d011e69d770a0027000000

Example: Verify the credentials by using a cloud connection

Validate a cloud connection that is named CONN1.
validate cloud connection=conn1

Example: Verify Google credentials by using a cloud storage pool with an updated key location

Validate a cloud-container storage pool that is named GOOGLEPOOL. 
Validate cloud stgpool=googlepool keylocation=googlekeylocation

Related commands

Table 1. Commands related to VALIDATE CLOUD
Command Description
DEFINE STGPOOL (cloud-container) Define a cloud-container storage pool.
QUERY REPLSERVER Displays information about replicating servers.
UPDATE STGPOOL (cloud-container) Update a cloud-container storage pool.