Managing AFM to cloud object storage keys

Use the mmafmcoskeys command for the keys management in the AFM to cloud object storage. Each object has data, metadata, and keys. The object key (or key name) uniquely identifies the object in a bucket.

An access key and a secret key are needed to access a bucket on a cloud object server. By using the mmafmcoskeys command, the keys administration becomes simple. You can set these keys for specific buckets on specific servers. The keys can either be specified by using the command line or can be provided as an input key file. In this input key file, on each line an access key and a secret key are separated with a colon.

After the access key and storage key are set, AFM to cloud object storage reads the key when you set up the relationship and connect to the cloud object storage for the first time. In case if cloud object storage expires the keys, then AFM is unable to access the data from the server. You can also set the expiration timeout value that force AFM to refresh or reload the keys into the memory and use the key for communication with cloud object storage server. You must update the keys after expiration and before you start the next communication with server. To set the object key expiration timeout in seconds, issue the following command:
# mmchconfig afmObjKeyExpiration=1800 -i

You can also get a report of all access keys or secret keys that are stored for a bucket by using the mmafmcoskeys command. This report has a list of all keys across the cluster.

The following example shows how you can manage access and secret keys by using the mmafmcoskeys command. For more information, see the mmafmcoskeys command.

  1. Obtain access and secret keys for a bucket from a cloud object provider, for example, Amazon S3Start of change, Microsoft Azure Blob,End of change and IBM Cloud® Object Storage.
    In this example, the following keys are used:
    AccessKey = key1234567890
    SecretKey = key1234567890
  2. Set the keys that are obtained from the cloud object provider by issuing the following command: 
    # mmafmcoskeys newbucket:192.0.2.* set key1234567890 key1234567890
    where,
    newbucket
    Specifies a bucket name.
    192.0.2.*
    IP of a server.
    Note: If you do not set the keys for a bucket before the AFM to cloud object storage relation is set, the mmafmcosconfig command fails.
  3. Establish the AFM to cloud object storage relation by issuing the following command: 
    # mmafmcosconfig fs1 newbucket --endpoint http://192.0.2.*
--uid 0 --gid 0 --new-bucket newbucket --mode sw --cleanup  --object-fs
  4. Display specific keys by issuing the following command: 
    # mmafmcoskeys newbucket:192.0.2.* get 
key1234567890:key1234567890
  5. Get the report of all keys that are stored on the AFM to cloud object storage by issuing the following command: 
    # mmafmcoskeys all get --report
    A sample output is as follows:
    bucket2:lb1.ait.examplelabs.com=COS:BCGSt6BBCDqLowpVF2zd:lcxHFFYWB8XG1noeQDJPlGoHC2khBY8grlRQ05Cv
bucket3.1:lb1.ait.examplelabs.com=COS:BCGSt6BBCDqLowpVF2zd:lcxHFFYWB8XG1noeQDJPlGoHC2khBY8grlRQ05Cv
my.name=COS:key1234567890:key1234567890
newbucket:192.0.2.*=COS:key1234567890:key1234567890
  6. If a bucket is removed or updated by using the delete option, delete access and secret keys by issuing the following command: 
    # mmafmcoskeys newbucket:192.0.2.* delete