mms3 command

Manages Simple Storage Service (S3) configuration, accounts, and buckets.

Synopsis

mms3 config list [-Y] [--debug]

or

mms3 config change Option=Value[:Option=Value1,Value2:Option=Value...] [--force] [--debug] [--help]

or

mms3 config backup backup_directory [--debug] [--help]

or

mms3 config restore backup_tar_file [--debug][--force] [--help]

or

mms3 account create [AccountName | --anonymous] [ --gid GroupID --uid UserID |
              --userName User ] [ --newBucketsPath BucketsPath] [--accessKey AccessKey]
              [--secretKey SecretKey] [--debug] [--help]

or

mms3 account delete [AccountName | --anonymous] [--debug] [--help]

or

mms3 account list [name | --anonymous | uid:gid] [flags]

or

mms3 account update AccountName [--newBucketsPath BucketsPath] [--resetKey] 
              [--accessKey AccessKey] [--secretKey SecretKey] [--debug] [--force] [--help]

or

mms3 bucket create BucketName --accountName AccountName --filesystemPath FilesystemPath 
              [--debug][--help]

or

mms3 bucket delete BucketName [--debug] [--force] [--help]

or

mms3 bucket list BucketName [-Y] [--debug] [--help]

or

mms3 bucket update BucketName [--filesystemPath fileSystempath][--force] [--debug] [--help]

or

mms3 notificationConnection add  [--connectionFile connectionFilePath] [--debug] [--help]

or

mms3 notificationConnection delete name [--debug] [--help]

or

mms3 notificationConnection list [name] [-Y] [--debug] [--help]

or

mms3 notificationConnection update name [--connectionKey ConnectionKeytoupdate] 
                       [--connectionRemoveKey] [--connectionValue ConnectionValuetoupdate] 
                       [--debug] [--help]

or

mms3 upgrade start [--upgrade_version][--debug]

Availability

Available on all IBM Storage Scale editions.

Description

Use the mms3 config commands to list, change, backup and restore the S3 configuration.

Use the mms3 account commands to create, delete, update and list S3 accounts.

Use the mms3 bucket commands to create, delete, update and list S3 buckets.

Use the mms3 notificationConnection to manage S3 notification connections.

Use the mms3 upgrade commands to upgrade the S3 service.

Note: It is recommended to run the mms3 commands on CES nodes where S3 services are running.

Parameters

config
Manages S3 configuration for a CES cluster:
list
Displays the S3 configuration parameters and their values. The output can be formatted to be human readable or machine readable.
-Y
Displays the command output in a parseable format with a colon (:) as a field delimiter. Each column is described by a header.
--debug
Displays the debug logging information.
change

Modifies the S3 configuration parameters. S3 service must be restarted on all the nodes where the S3 service is running, when this command is issued. Only some configuration options can be modified with this command.

The configuration options that can be modified and option values are as follows:
Configuration option Description
ALLOW_HTTP(bool) Allows HTTP or HTTPS connection between S3 client and S3 service on a CES node. The default value is false, which means HTTP connection is not allowed. Allowed value is true or false.
DEBUGLEVEL (string) Allows all, warn, and default values. The default value is default.
ENABLEMD5 (bool) Enables md5sum calculation for S3 objects at the S3 service level. The default value is false, which means md5sum calculation is disabled. Allowed value is true or false.
ENDPOINT_FORKS (uint32) Specifies the number of NooBaa endpoints forks per CES node. The default value is 2. Allowed values are between 2 and 64.
ENDPOINT_PORT (uint32) Specifies an S3 endpoint that is listening to the HTTP port. The default value is 6001.
ENDPOINT_SSL_IAM_PORT Specifies a network port that used for secure (SSL) communication with the IAM endpoint. The default value is 7005.
ENDPOINT_SSL_PORT (uint32) Specifies an S3 endpoint that is listening to the HTTPS port. Default value is 6443.
host_customization Specifies a directory path that contains a JSON file with hostname information and RDMA server IP addresses. By default, this option is empty.
Example:
/some/dir/host_customization.json
{
  "hostname-1": {
    "S3_RDMA_SERVER_IPS": [
      "x.x.x.x"
    ]
  },
  "hostname-2": {
    "S3_RDMA_SERVER_IPS": [
      "x.x.x.x"
    ]
  }
}
LOG_TO_STDERR_ENABLED Allows logs that need to be pushed to stderr. The default value is false.
LOG_TO_SYSLOG_ENABLED Enables syslog logging for an application. The default value is true.
NC_DISABLE_ACCESS_CHECK
Disables read accessibility validations,this parameter is set to true during the following processes:
  • Bucket creation/update: NooBaa validates that the bucket owner has read permissions to the bucket path.
  • Account creation/update: NooBaa validates that the account owner has read permissions to the account new_buckets_path.
  • Health buckets and accounts accessibility check.
    Warning: If you set this configuration to true, you might see an unexpected behavior.
NC_DISABLE_POSIX_MODE_ACCESS_CHECK
Enables read/write mode bits and accessibility validations when this parameter is set to false during the following processes:
  • Bucket creation/update: NooBaa validates that the bucket owner has read/write permissions to the bucket path.
  • Account creation/update: NooBaa validates that the account owner has read/write permissions to the account new_buckets_path.
  • Health buckets and accounts accessibility check.
    Warning: This configuration is disabled by default because it does not support ACLs. If you set this configuration to false, the ACLs are not checked, and only on mode bits are checked.
NC_GPFS_BIN_DIR Defines the directory path for GPFS binaries.

By default, this parameter is set to /usr/lpp/mmfs/bin/.
NC_LIFECYCLE_GPFS_ALLOW_SCAN_ON_REMOTE Set this parameter, to enable GPFS ILM on remote file systems. By default, the parameter is set to true.
NC_LIFECYCLE_GPFS_ILM_ENABLED Determines whether the lifecycle worker should use IBM Storage Scale ILM policies or not. The default value true indicates that ILM policies will be used. For remotely mounted clusters, set this value set to false.
NC_LIFECYCLE_LOGS_DIR Specifies the location of the logs directory. The default path is /var/log/noobaa/lifecycle/.
NC_LIFECYCLE_RUN_DELAY_LIMIT_MINS Specifies the delay tolerance in minutes. The default value is 10 minutes.
NC_LIFECYCLE_RUN_TIME Specifies the runtime for the lifecycle worker. The value must be in HH:MM format. The default is 00:00.
NC_LIFECYCLE_TIMEOUT_MS Specifies the lifecycle worker timeout duration. The default is 8 hours.
NC_LIFECYCLE_TZ Specifies the timezone for lifecycle worker time configurations. The default timezone is LOCAL.
NC_MASTER_KEYS_GET_EXECUTABLE Gets the path of the executable script that will be used for reading the master encryption key file that is used by the S3 service.
NC_MASTER_KEYS_PUT_EXECUTABLE Sets the path of the executable script that will be used for updating the master encryption key file that is used by the S3 service.
NC_MASTER_KEYS_STORE_TYPE Specifies the type of the master encryption key file. Allowed values are file or executable. You must set the file or executable value. Default value is executable.
NOTIFICATION_FREQUENCY_IN_MINUTES Adjusts the interval at which bucket notifications are be sent to the configured webhook.
NOTIFICATION_LOG_DIR Specifies a path to store the bucket notification events.
NSFS_DIR_CACHE_MAX_DIR_SIZE Specifies the maximum directory size of the directory cache. The default value is 512 MB.
NSFS_DIR_CACHE_MAX_TOTAL_SIZE Specifies the maximum size of the directory cache. The default value is 1024 MB.
S3_RDMA_ENABLED Enables RDMA support on the CES S3. The default value is false.
S3_RDMA_LOG_LEVEL Displays RDMA subsystem log level, such as ERROR, INFO, or DEBUG. The default value is INFO.
S3_RDMA_USE_TELEMETRY Enables telemetry or metrics collection for RDMA transfers. The default value is true.
UVTHREADPOOLSIZE (uint32) Specifies Number of UV_THREADPOOL. The default value is 16. Allows values between 4 and 1024.
--force
Allows the config change action to go through without confirmation from the user.
--debug
Displays the debug logging information.
backup
Backs up the IBM Storage Scale S3 configuration. The backup directory information is required. The s3ConfigBackup.yyyymmdd-hhmmss.tar.bz2 backup file is stored in the backup directory.
restore
Restores the IBM Storage Scale S3 configuration. The path of the tar.bz2 backup file is required.
--force
Allows the config restore action to go through without confirmation from the user.
--debug
Displays the debug logging information.
account
Manages S3 accounts for the CES cluster.
create
Creates an S3 account with the specified account name.
AccountName
Specifies the name of the S3 user account that you want to create.
--anonymous
Creates an anonymous account to access one or more public buckets. The anonymous account is mutually exclusive with an account name.
--accessKey AccessKey
(Optional) Specifies the values of an access key, which is a 20-characters string.
--secretKey SecretKey
(Optional) Specifies the values of a secret key, which is a 40-characters string.
--gid GroupID
Specifies a group ID that is associated with the S3 account.
--uid UserID
Specifies a user ID that is associated with the S3 account.
--newBucketsPath BucketsPath
Specifies an absolute path of the file system, which acts as a base path for S3 buckets that you create by using S3 API.
--userName
Specifies a user name that is associated with the S3 account. This parameter is not needed, if a user ID and a group ID are provided.
Note: Ensure that ID mapping for the specified username can be successfully performed on all CES nodes.
--debug
Displays the debug logging information.
delete
Deletes the specified S3 account.
AccountName
Specifies an account name of the S3 user account that you want to delete.
--anonymous
Deletes an anonymous account.
--debug
Displays the debug logging information.
list
Displays the S3 user account information for a specified account name or a group ID and a user ID or all user accounts.
name | --anonymous | uid:gid
Specifies an account name or a user ID and a group ID of an S3 user account whose information you want to display.
--anonymous
Lists an anonymous account.
-Y
Displays the command output in a parseable format with a colon (:) as a field delimiter. Each column is described by a header.
--debug
Displays the debug logging information.
update
Updates the S3 user account information for a specified account name.
AccountName
Specifies the name of the S3 user account that you want to update.
--accessKey AccessKey
(Optional) Specifies the values of an access key, which is a 20-characters string.
--secretKey SecretKey
(Optional) Specifies the values of a secret key, which is a 40-characters string.
--newBucketsPath BucketsPath
(Optional) Specifies an absolute path of the file system. This path acts as a base path for S3 buckets that you create by using S3 API.
--userName
(Optional) Specifies a user name that is associated with the S3 account. This parameter is not needed, if a user ID and a group ID are provided.
--resetKeys
(Optional) Allows to reset an access key and a secret key.
--force
Allows the account update action to go through without confirmation from the user.
--debug
Displays the debug logging information.
bucket
Manages S3 buckets.
create
Creates an S3 bucket with the specified parameters.
BucketName
Specifies a name of the S3 bucket that you want to create. Ensure that the name meets the following naming conventions:
  • Has lowercase alphanumeric characters, - (dash), or . (period).
  • Begins and ends with an alphanumeric character.
  • Has minimum three characters and maximum 63 or less than 63 characters.
--accountName AccountName
Specifies a name of an account that owns the bucket.
--filesystemPath FileSystemPath
Specifies the absolute path that is to be used for the bucket.
--debug
Displays the debug logging information.
delete
Deletes the S3 bucket with the specified bucket name.
BucketName
Specifies a name of the S3 bucket that you want to delete.
--debug
Displays the debug logging information.
--force
Allows the bucket delete action to go through without confirmation from the user.
list
Displays the information for the specified bucket or lists all S3 buckets.
BucketName
(Optional) Specifies the name of the S3 bucket whose information you want to display.
-Y
Displays the command output in a parseable format with a colon (:) as a field delimiter. Each column is described by a header.
--debug
Displays the debug logging information.
update
Updates S3 bucket configuration for the specified S3 bucket name.
BucketName

Specifies a name of the S3 bucket that you want to update. Ensure that the name meets the following naming conventions:

  • Has lowercase alphanumeric characters, - (dash), or . (period).
  • Begins and ends with an alphanumeric character.
  • Has minimum three characters and maximum 63 or less than 63 characters.
--filesystemPath FileSystemPath
Specifies an absolute path that is used for the bucket.
--debug
Displays the debug logging information.
notificationConnection
Manages the configuration for S3 bucket notification connections.
Add
Adds new connection configuration information. The information will be stored along with other S3 configuration information.
--connectionFile
Adds a new connection by using the connection file.
--debug
Displays the debug logging information.
--help
Help for adding connection information.
delete
Deletes information about the bucket notification connection.
ConnectionName
Specifies the name of the connection that you want to delete.
--debug
Displays the debug logging information.
--help
Help for deleting connection information.
list
Lists information about the bucket notification.
ConnectionName
(Optional) Specifies the name of the S3 connection whose information you want to display.
-Y
Displays the command output in a parseable format with a colon (:) as a field delimiter. Each column is described by a header.
--debug
Displays the debug logging information.
--help
Help for listing connection information.
update
Updates the configuration of the S3 bucket notification connection.
--connectionKey
Specifies a connection key.
--connectionRemoveKey
Removes the provided key from the connection configuration.
--connectionValue
Specifies a connection key value.
--debug
Displays the debug logging information.
--help
Help for updating connection information.
upgrade start
Starts the upgrades of the S3 service on all CES nodes in an IBM Storage Scale cluster.
--upgrade_version
(Optional) Specifies the Noobaa S3 stack version for upgrade.
-debug
Displays the verbose logging information.

Exit status

0
Successful completion.
nonzero
A failure has occurred.

Security

You must have root authority to run the mms3 command.

The node on which the command is issued must be able to run remote shell commands on any other CES node in the cluster without the use of a password and without producing any extraneous messages. For more information, see Requirements for administering a GPFS file system.

Examples

  1. To list the S3 configuration, issue the following command:
    #  mms3 config list
    A sample output is as follows:
    S3 Configuration:
 =======================

 ALLOW_HTTP : false
 DEBUGLEVEL : default
 ENABLEMD5 : false
 ENDPOINT_FORKS : 2
 ENDPOINT_PORT : 6001              
 ENDPOINT_SSL_IAM_PORT : 7005
 ENDPOINT_SSL_PORT : 6443       
 GPFSDLPATH : /usr/lpp/mmfs/lib/libgpfs.so          
 LOG_TO_STDERR_ENABLED : false
 LOG_TO_SYSLOG_ENABLED : true 
 NC_DISABLE_ACCESS_CHECK : false 
 NC_DISABLE_POSIX_MODE_ACCESS_CHECK : true               
 NC_LIFECYCLE_GPFS_ILM_ENABLED : true          
 NC_LIFECYCLE_LOGS_DIR : /var/log/noobaa/lifecycle             
 NC_LIFECYCLE_RUN_DELAY_LIMIT_MINS : 10    
 NC_LIFECYCLE_RUN_TIME : 00:00 
 NC_LIFECYCLE_TIMEOUT_MS : 28800000           
 NC_LIFECYCLE_TZ : LOCAL           
 NC_MASTER_KEYS_GET_EXECUTABLE : /usr/lpp/mmfs/bin/cess3_key_get                
 NC_MASTER_KEYS_PUT_EXECUTABLE : /usr/lpp/mmfs/bin/cess3_key_put                
 NC_MASTER_KEYS_STORE_TYPE : executable      
 NSFS_DIR_CACHE_MAX_DIR_SIZE : 536870912  
 NSFS_DIR_CACHE_MAX_TOTAL_SIZE : 1073741824              
 NSFS_NC_CONFIG_DIR_BACKEND : GPFS            
 NSFS_NC_STORAGE_BACKEND : GPFS
 S3_RDMA_ENABLED : true
 S3_RDMA_LOG_LEVEL : INFO
 S3_RDMA_USE_TELEMETRY : true    
 UVTHREADPOOLSIZE : 16 
 host_customization : {
  "fscc-sr665-20": {
    "S3_RDMA_SERVER_IPS": [
      "10.200.42.120"
    ]
  },
  "fscc-sr665-21": {
    "S3_RDMA_SERVER_IPS": [
      "10.200.42.121"
    ]
  }

=======================
  2. To list the S3 configuration with the -Y option, issue the following command:
    # mms3 config list -Y
    A sample output is as follows:
    mms3lscfg:config:HEADER:version:reserved:reserved:section:configParameter:value: 
mms3lscfg:config:0:1:::s3config:ALLOW_HTTP:true:
mms3lscfg:config:0:1:::s3config:DEBUGLEVEL:default:
mms3lscfg:config:0:1:::s3config:ENABLEMD5:false:
mms3lscfg:config:0:1:::s3config:ENDPOINT_FORKS:10:
mms3lscfg:config:0:1:::s3config:ENDPOINT_FORK_PORT_BASE:6002:
mms3lscfg:config:0:1:::s3config:ENDPOINT_PORT:6001:
mms3lscfg:config:0:1:::s3config:ENDPOINT_SSL_IAM_PORT:7005:
mms3lscfg:config:0:1:::s3config:ENDPOINT_SSL_PORT:6443:
mms3lscfg:config:0:1:::s3config:GPFSDLPATH:/usr/lpp/mmfs/lib/libgpfs.so:
mms3lscfg:config:0:1:::s3config:LOG_TO_STDERR_ENABLED:false:
mms3lscfg:config:0:1:::s3config:LOG_TO_SYSLOG_ENABLED:true:
mms3lscfg:config:0:1:::s3config:NC_DISABLE_ACCESS_CHECK:false:
mms3lscfg:config:0:1:::s3config:NC_DISABLE_POSIX_MODE_ACCESS_CHECK:true:
mms3lscfg:config:0:1:::s3config:NC_GPFS_BIN_DIR:/usr/lpp/mmfs/bin:
mms3lscfg:config:0:1:::s3config:NC_LIFECYCLE_GPFS_ALLOW_SCAN_ON_REMOTE:true:
mms3lscfg:config:0:1:::s3config:NC_LIFECYCLE_GPFS_ILM_ENABLED:true:
mms3lscfg:config:0:1:::s3config:NC_LIFECYCLE_LOGS_DIR:/var/log/noobaa/lifecycle:
mms3lscfg:config:0:1:::s3config:NC_LIFECYCLE_RUN_DELAY_LIMIT_MINS:10:
mms3lscfg:config:0:1:::s3config:NC_LIFECYCLE_RUN_TIME:00:00:
mms3lscfg:config:0:1:::s3config:NC_LIFECYCLE_TIMEOUT_MS:28800000:
mms3lscfg:config:0:1:::s3config:NC_LIFECYCLE_TZ:LOCAL:
mms3lscfg:config:0:1:::s3config:NC_MASTER_KEYS_GET_EXECUTABLE:/usr/lpp/mmfs/bin/cess3_key_get:
mms3lscfg:config:0:1:::s3config:NC_MASTER_KEYS_PUT_EXECUTABLE:/usr/lpp/mmfs/bin/cess3_key_put:
mms3lscfg:config:0:1:::s3config:NC_MASTER_KEYS_STORE_TYPE:executable:
mms3lscfg:config:0:1:::s3config:NSFS_DIR_CACHE_MAX_DIR_SIZE:536870912:
mms3lscfg:config:0:1:::s3config:NSFS_DIR_CACHE_MAX_TOTAL_SIZE:2147483647:
mms3lscfg:config:0:1:::s3config:NSFS_NC_CONFIG_DIR_BACKEND:GPFS:
mms3lscfg:config:0:1:::s3config:NSFS_NC_STORAGE_BACKEND:GPFS:
mms3lscfg:config:0:1:::s3config:S3_RDMA_ENABLED:true:
mms3lscfg:config:0:1:::s3config:S3_RDMA_LOG_LEVEL:INFO:
mms3lscfg:config:0:1:::s3config:S3_RDMA_USE_TELEMETRY:true:
mms3lscfg:config:0:1:::s3config:UVTHREADPOOLSIZE:16:
mms3lscfg:config:0:1:::s3config:host_customization:{
  "fscc-sr665-20": {
    "S3_RDMA_SERVER_IPS": [
      "10.200.42.120"
    ]
  },
  "fscc-sr665-21": {
    "S3_RDMA_SERVER_IPS": [
      "10.200.42.121"
    ]
  }
}:
  3. To list the S3 configuration with the --debug option, issue the following command:
    # mms3 config list -Y --debug
    A sample output is as follows:
    Running Command /usr/lpp/mmfs/bin/mmlsconfig cesSharedRoot

CallerPath of File utils/utils.go

Noobaa configuration path: /mnt/cesSharedRoot/ces/s3-config/config.json

mms3lscfg:config:HEADER:version:reserved:reserved:section:configParameter:value:

mms3lscfg:config:0:1:::s3config:ALLOW_HTTP:false:

mms3lscfg:config:0:1:::s3config:DEBUGLEVEL:default:

mms3lscfg:config:0:1:::s3config:ENABLEMD5:false:

mms3lscfg:config:0:1:::s3config:ENDPOINT_FORKS:2:

mms3lscfg:config:0:1:::s3config:ENDPOINT_PORT:6001:

mms3lscfg:config:0:1:::s3config:ENDPOINT_SSL_PORT:6443:

mms3lscfg:config:0:1:::s3config:GPFSDLPATH:/usr/lpp/mmfs/lib/libgpfs.so:

mms3lscfg:config:0:1:::s3config:LOG_TO_STDERR_ENABLED:false:

mms3lscfg:config:0:1:::s3config:LOG_TO_SYSLOG_ENABLED:true:

mms3lscfg:config:0:1:::s3config:NC_DISABLE_ACCESS_CHECK:false:

mms3lscfg:config:0:1:::s3config:NC_DISABLE_POSIX_MODE_ACCESS_CHECK:true:

mms3lscfg:config:0:1:::s3config:NC_LIFECYCLE_GPFS_ILM_ENABLED:true:

mms3lscfg:config:0:1:::s3config:NC_LIFECYCLE_LOGS_DIR:/var/log/noobaa/lifecycle:

mms3lscfg:config:0:1:::s3config:NC_LIFECYCLE_RUN_DELAY_LIMIT_MINS:10:

mms3lscfg:config:0:1:::s3config:NC_LIFECYCLE_RUN_TIME:00:00:

mms3lscfg:config:0:1:::s3config:NC_LIFECYCLE_TIMEOUT_MS:28800000:

mms3lscfg:config:0:1:::s3config:NC_LIFECYCLE_TZ:LOCAL:

mms3lscfg:config:0:1:::s3config:NC_MASTER_KEYS_GET_EXECUTABLE:/usr/lpp/mmfs/bin/cess3_key_get:

mms3lscfg:config:0:1:::s3config:NC_MASTER_KEYS_PUT_EXECUTABLE:/usr/lpp/mmfs/bin/cess3_key_put:

mms3lscfg:config:0:1:::s3config:NC_MASTER_KEYS_STORE_TYPE:executable:

mms3lscfg:config:0:1:::s3config:NSFS_DIR_CACHE_MAX_DIR_SIZE:536870912:

mms3lscfg:config:0:1:::s3config:NSFS_DIR_CACHE_MAX_TOTAL_SIZE:1073741824:

mms3lscfg:config:0:1:::s3config:NSFS_NC_CONFIG_DIR_BACKEND:GPFS:

mms3lscfg:config:0:1:::s3config:NSFS_NC_STORAGE_BACKEND:GPFS:

mms3lscfg:config:0:1:::s3config:UVTHREADPOOLSIZE:16:

#
  4. To change and verify S3 parameters, complete the following steps:
    1. To update the HTTP endpoint port of the S3 service, issue the following command:
      # mms3 config change ENDPOINT_PORT=6002
      A sample output is as follows:
      S3 service will get restarted on all CES nodes where S3 service is running. Do you want to continue with the configuration change? [y|n]: y
mms3 config change command result:
 node-1:  S3: service successfully restarted.
node-1:  Redirecting to /bin/systemctl stop noobaa.service
node-1:  The S3 service configuration file already exists.
node-1:  The file /etc/noobaa.conf.d/config_dir_redirect was found.
node-1:  For the S3 service the Noobaa config.json file already exists.
node-1:  The file /mnt/cesSharedRoot/ces/s3-config/config.json already exists.
node-1:  Redirecting to /bin/systemctl start noobaa.service
S3 Configuration successfully changed. S3 service restarted on the CES node: node-1. 

mms3 config change command result:
 node-2:  S3: service successfully restarted.
node-2:  Redirecting to /bin/systemctl stop noobaa.service
node-2:  The S3 service configuration file already exists.
node-2:  The file /etc/noobaa.conf.d/config_dir_redirect was found.
node-2:  For the S3 service the Noobaa config.json file already exists.
node-2:  The file /mnt/cesSharedRoot/ces/s3-config/config.json already exists.
node-2:  Redirecting to /bin/systemctl start noobaa.service
S3 Configuration successfully changed. S3 service restarted on the CES node: node-2.
    2. To verify the node-specific S3 configuration file has a valid JSON structure, issue the following command:
      cat /root/host_customization.json |jq
      A sample output is as follows:
      {
  "hostname-1": {
    "S3_RDMA_SERVER_IPS": [
      "x.x.x.x"
    ]
  },
  "hostname-2": {
    "S3_RDMA_SERVER_IPS": [
      "x.x.x.x"
    ]
  }
}
    3. To apply node-specific S3 configuration, issue the following command:
      # mms3 config change host_customization=/root/host_customization.json
      A sample output is as follows:
      S3 service will get restarted on all CES nodes where S3 service is running. Do you want to continue with the configuration change? [y|n]: y
mms3 config change command result:
 node-1:  S3: service successfully restarted.
node-1:  Redirecting to /bin/systemctl stop noobaa.service
node-1:  The S3 service configuration file already exists.
node-1:  The file /etc/noobaa.conf.d/config_dir_redirect was found.
node-1:  For the S3 service the Noobaa config.json file already exists.
node-1:  The file /mnt/cesSharedRoot/ces/s3-config/config.json already exists.
node-1:  Redirecting to /bin/systemctl start noobaa.service
S3 Configuration successfully changed. S3 service restarted on the CES node: node-1. 

mms3 config change command result:
 node-2:  S3: service successfully restarted.
node-2:  Redirecting to /bin/systemctl stop noobaa.service
node-2:  The S3 service configuration file already exists.
node-2:  The file /etc/noobaa.conf.d/config_dir_redirect was found.
node-2:  For the S3 service the Noobaa config.json file already exists.
node-2:  The file /mnt/cesSharedRoot/ces/s3-config/config.json already exists.
node-2:  Redirecting to /bin/systemctl start noobaa.service
S3 Configuration successfully changed. S3 service restarted on the CES node: node-2.
    4. To verify whether the S3 configuration modification is successful, issue the following commands:
      # mms3 config list -Y --debug

      A sample output is as follows:

      Running Command /usr/lpp/mmfs/bin/mmlsconfig cesSharedRoot

CallerPath of File utils/utils.go

Noobaa configuration path: /mnt/cesSharedRoot/ces/s3-config/config.json

mms3lscfg:config:HEADER:version:reserved:reserved:section:configParameter:value:

mms3lscfg:config:0:1:::s3config:ALLOW_HTTP:false:

mms3lscfg:config:0:1:::s3config:DEBUGLEVEL:default:

mms3lscfg:config:0:1:::s3config:ENABLEMD5:false:

mms3lscfg:config:0:1:::s3config:ENDPOINT_FORKS:2:

mms3lscfg:config:0:1:::s3config:ENDPOINT_PORT:6002:

mms3lscfg:config:0:1:::s3config:ENDPOINT_SSL_PORT:6443:

mms3lscfg:config:0:1:::s3config:GPFSDLPATH:/usr/lpp/mmfs/lib/libgpfs.so:

mms3lscfg:config:0:1:::s3config:LOG_TO_STDERR_ENABLED:false:

mms3lscfg:config:0:1:::s3config:LOG_TO_SYSLOG_ENABLED:true:

mms3lscfg:config:0:1:::s3config:NC_DISABLE_ACCESS_CHECK:false:

mms3lscfg:config:0:1:::s3config:NC_DISABLE_POSIX_MODE_ACCESS_CHECK:true:

mms3lscfg:config:0:1:::s3config:NC_LIFECYCLE_GPFS_ILM_ENABLED:true:

mms3lscfg:config:0:1:::s3config:NC_LIFECYCLE_LOGS_DIR:/var/log/noobaa/lifecycle:

mms3lscfg:config:0:1:::s3config:NC_LIFECYCLE_RUN_DELAY_LIMIT_MINS:10:

mms3lscfg:config:0:1:::s3config:NC_LIFECYCLE_RUN_TIME:00:00:

mms3lscfg:config:0:1:::s3config:NC_LIFECYCLE_TIMEOUT_MS:28800000:

mms3lscfg:config:0:1:::s3config:NC_LIFECYCLE_TZ:LOCAL:

mms3lscfg:config:0:1:::s3config:NC_MASTER_KEYS_GET_EXECUTABLE:/usr/lpp/mmfs/bin/cess3_key_get:

mms3lscfg:config:0:1:::s3config:NC_MASTER_KEYS_PUT_EXECUTABLE:/usr/lpp/mmfs/bin/cess3_key_put:

mms3lscfg:config:0:1:::s3config:NC_MASTER_KEYS_STORE_TYPE:executable:

mms3lscfg:config:0:1:::s3config:NSFS_DIR_CACHE_MAX_DIR_SIZE:536870912:

mms3lscfg:config:0:1:::s3config:NSFS_DIR_CACHE_MAX_TOTAL_SIZE:1073741824:

mms3lscfg:config:0:1:::s3config:NSFS_NC_CONFIG_DIR_BACKEND:GPFS:

mms3lscfg:config:0:1:::s3config:NSFS_NC_STORAGE_BACKEND:GPFS:

mms3lscfg:config:0:1:::s3config:UVTHREADPOOLSIZE:16:
  5. To back up the S3 configuration, issue the following command:
    # mms3 config backup /tmp
    A sample output is as follows:
    Backup of IBM Storage Scale S3 configuration is successful.
    To verify whether the backup the tar.bz2 file is created, issue the following command:
    # ls -ltr /tmp/s3Config*
    A sample output is as follows:
    -rw-r--r--. 1 root root 40960 Feb 29 20:44 /tmp/s3ConfigBackup.20240229-204430.tar.bz2
  6. To restore the S3 service configuration from the backup tar.bz2 file, issue the following command:
    # mms3 config restore /tmp/s3ConfigBackup.20240229-204430.tar.bz2
    A sample output is as follows:
    The S3 configuration directory at path /mnt/cesSharedRoot/ces/s3-config is not empty. Restore operation will overwrite the existing S3 configuration except system.json and config.json and restart the S3 service on all CES nodes. Do you want to proceed ? [y|n]:y

Started Restoring s3-config configuration data

Restore of IBM Storage Scale S3 configuration is successfully done.

Note: system.json and config.json from backuped tar file is restored as system.json.old and config-old.json.old
  7. To create an S3 account by using a user ID and a group ID, issue the following command:
    # mms3 account create s3user --newBucketsPath /mnt/gpfs0/s3user-path --gid 6666 --uid 6666
    A sample output is as follows:
    Account is created successfully. The secret and access keys are as follows.
 Access Key             Secret Key
 ---------              ----------
Eb5PXYPKJ31bf8lp48s7    RH20/UFucdLvm/Vwj/TO8GCGvmEs7ITT8vpDeBYS
    To create an S3 account by using a username, issue the following commands:
    1. Use a valid user.
      # id user2001
      A sample output is as follows:
      uid=2001(user2001) gid=2000(group2000) groups=2000(group2000)
    2. Create an account by using the username.
      # mms3 account create account2001 --userName user2001 --newBucketsPath /mnt/gpfs0/account2001/
      A sample output is as follows:
      Account account2001 created successfully

Access Key            Secret Key

Y21BSccPm4HB072s8IQ8  K7Z6jn1VJqetXGd8HUx6x0uJ8Aw7N9Gstt8AYBSe
      Note:

      Ensure that ID mapping for the specified username can successfully be performed on all CES nodes.

      If the username ID mapping is not consistent on all nodes, account operations might fail due to permission or ownership mismatches.

  8. To list an S3 account with an account name, issue the following command:
    # mms3 account list s3user
    A sample output is as follows:
    Name   New Buckets Path        Uid     Gid     Access Key              Secret Key
-----   -----------------       ---     ---     -----------             -----------
s3user  /mnt/gpfs0/s3user-path       6666    6666    Eb5PXYPKJ31bf8lp48s7    RH20/UFucdLvm/Vwj/TO8GCGvmEs7ITT8vpDeBYS
  9. To reset access and secret key for an S3 account, issue the following command:
    # mms3 account update s3user --resetKey
    A sample output is as follows:
    The secret and access keys are as follows.
Account s3user updated successfully
 Access Key 		Secret Key
 ----------		----------					
hGbu9C6RyjPFKeD60xea	2MzuIzqzevJVov6YTf+gcgD2w9YJM5gB5yMQhqrA
  10. To update the access and a secret key, issue the following command:
    # mms3 account update s3user --accessKey hGbu9C6RyjPFKeD60xeb --secretKey 3MzuIzqzevJVov6YTf+gcgD2w9YJM5gB5yMQhqrA
    The output is as follows:
    Account s3user updated successfully
  11. To update the path for creating new buckets for an S3 account, issue the following command:
    # mms3 account update s3user --newBucketsPath /mnt/gpfs0/s3user-path1
    A sample output is as follows:
    Updating the path for creating new S3 buckets, will cause the current path to become inaccessible for the S3 user account. Do you want to continue with updating the path for S3 user account? [y|n]: y
Account s3user updated successfully
  12. To delete a valid S3 account, issue the following command:
    # mms3 account delete s3user
    The output is as follows:
    Account s3user deleted successfully
  13. To create an anonymous account, complete the following steps:
    1. To create an anonymous account with a user ID and a group ID, issue the following command:
      # mms3 account create --anonymous --uid 1002 --gid 4000
      The output is as follows:
      Anonymous account is created successfully.
    2. To create account with a username, issue the following command:
      # mms3 account create --anonymous --userName username
      The output is as follows:
      Anonymous account is created successfully.
  14. To list information an anonymous account, issue the following command:
    # mms3 account list --anonymous
    A sample is as follows:
    
Name       New Buckets Path  Uid  Gid  Access Key  Secret Key
-----      ----------------- ---  ---  ----------- ----------- 
anonymous  -                 1002 4000 -           -
  15. To delete an anonymous account, issue the following command:
    # mms3 account delete --anonymous
    A sample output is as follows:
    Account deleted successfully.
  16. To create an S3 bucket, issue the following command:
    # mms3 bucket create s3user-bucket --accountName s3user --filesystemPath /mnt/gpfs0/s3user-bucket
    A sample output is as follows:
    Starting to create bucket with name s3user-bucket
Bucket s3user-bucket created successfully

  17. To list an S3 bucket with a bucket name, issue the following command:

    # mms3 bucket list s3user-bucket
    A sample output is as follows:
     Name           Filesystem Path         Bucket Owner
------          ---------------         -------------
s3user-bucket   /mnt/gpfs0/s3user-bucket       s3user
  18. To list all the S3 buckets, issue the following command:
    # mms3 bucket list
    A sample output is as follows:
    
Name Filesystem   Path Bucket                Owner

------------      ---------------            -------------

bucket-1       /mnt/gpfs0/RW_test10         RW_test10

hsgds          /mnt/gpfs0/acc55/hsgds       acc55

demo-bkt22     /mnt/gpfs0/acc55/demo-bkt22  acc55

pr-bkt5        /mnt/gpfs0/acc55/pr-bkt5     acc55

demo-bkt11     /mnt/gpfs0/acc22/demo-bkt11  acc22
  19. To list all the S3 buckets with the -Y option, issue the following command:
    # mms3 bucket list -Y
    A sample output is as follows:
    mms3lsbucket:bucket:HEADER:version:reserved:reserved:bucketName:filesystemPath:bucketOwner:

mms3lsbucket:bucket:0:1:::bucket-1:/mnt/gpfs0/RW_test10:RW_test10:

mms3lsbucket:bucket:0:1:::hsgds:/mnt/gpfs0/acc55/hsgds:acc55:

mms3lsbucket:bucket:0:1:::demo-bkt22:/mnt/gpfs0/acc55/demo-bkt22:acc55:

mms3lsbucket:bucket:0:1:::pr-bkt5:/mnt/gpfs0/acc55/pr-bkt5:acc55:

mms3lsbucket:bucket:0:1:::demo-bkt11:/mnt/gpfs0/acc22/demo-bkt11:acc22:

mms3lsbucket:bucket:0:1:::pr-bkt7:/mnt/gpfs0/acc22/pr-bkt7:acc22:
  20. To update the file system path for an S3 bucket, issue the following command:
    # mms3 bucket update s3user-bucket --filesystemPath /mnt/gpfs0/s3user-path/bucket2
    A sample output is as follows:
    Updating the bucket path may cause the current bucket path to become inaccessible for the S3 user account. Do you want to continue with updating the bucket path ? [y|n]:y

Bucket s3user-bucket updated successfully.
  21. To delete an S3 bucket, issue the following command:
    # mms3 bucket delete s3user-bucket
    A sample output is as follows:
    Starting to delete bucket s3user-bucket
Bucket s3user-bucket deleted successfully
  22. To add a new connection configuration for S3 bucket notifications, issue the following command:
    # mms3 notificationConnection add --connectionFile /root/connection.json
    A sample output is as follows:
    Connection created successfully.
    Check the updated connection.
  23. To list the connection information for the S3 bucket notification, issue the following command:
    # mms3 notificationConnection list http_notif
    A sample output is as follows:
    
Name           Port     Timeout
-----------   -------  -----------	
http_notif    8080      100
  24. To update the connection information for S3 bucket notifications, issue the following command:
    # mms3 notificationConnection update http_notif --connectionRemoveKey --connectionKey notification_protocol
    The output is displayed as follows:
    Connection http_notif updated successfully.
    Check the updated connection.
    # mms3 notificationConnection list http_notif
    A sample output is as follows:
    
Name        Notification Protocol   Host       Port     Timeout
----------- --------------------    ---------- -------  -----------	
http_notif  <nil>                   localhost  8080      100
  25. To delete the connection information for S3 bucket notification, issue the following command:
    # mms3 notificationConnection delete http_notif
    The output is displayed as follows:
    Connection http_notif deleted successfully.

Backing up the S3 configuration data

  • Automatic backup of the S3 configuration data
    CES S3 supports automatic or periodic backup of the S3 configuration from the CES share root directory to CCR. Backups are scheduled every 10 minutes on CES nodes where S3 is enabled. It is ensured that only one CES node takes backup at a time.

    1. To list the S3 configuration backup tar.bz2 file at CCR, issue the following command:

      # mmccr flist | grep _s3
37  _s3-config-backup.tar.bz2
    2. To get a local copy of the backup tar.bz2 file from the CCR, issue the following command:
      # mmccr fget _s3-config-backup.tar.bz2 /tmp/s3-config.tar.bz2
fget:37
# ls -ltr /tmp/s3-config.tar.bz2
-rw-------. 1 root root 537 Mar 18 20:34 /tmp/s3-config.tar.bz2
  • Manual backup of the S3 configuration data

    CES S3 backs up and restores the S3 configuration data manually.

    The backup of S3 configuration can be taken by using the mms3 config backup command. The mms3 config backup command archives all the files and directories of the {cesSharedRoot_dir}/ces/s3-config directory into a single tar.bz2 file and saves to the specified backup_directory path.

    Syntax of the mms3 config backup command:

    # mms3 config backup --help
Backup the IBM Storage Scale S3 configuration.

Usage:
  mms3 config backup <backup_directory> [flags]

Flags:
  -h, --help   help for backup

Global Flags:
  -d, --debug   debug logging
    Note: Make sure that the backup directory exists before running the mms3 config backup command.

    Example: To take manual backup, issue the following command:

    # mms3 config backup /tmp
    A sample output is as follows:
    Backup of IBM Storage Scale S3 configuration /tmp/s3ConfigBackup.20240722-125858.tar.bz2 is successful.

    After successful backup, a file with a name such as s3ConfigBackup.date-time.tar.bz2 is created in the specified backup_directory.

Restoring the S3 configuration data

CES S3 restores the S3 configuration data by using the mms3 config restore command. The mms3 config restore command extracts the specified backup tar.bz2 file, it overwrites the existing content of {cesSharedRoot_dir}/ces/s3-config directory, and restarts the S3 service on all the CES nodes.

Syntax of mms3 config restore command:

#  mms3 config restore -h
Restore the IBM Storage Scale S3 configuration.

Usage:
  mms3 config restore <backup_tar_file> [flags]

Flags:
      --force   Allows the config restore action to go through without confirmation from user.
  -h, --help    help for restore

Global Flags:
  -d, --debug   debug logging
  • Restoring S3 configuration from the manual or automatically backed up tar.bz2 file.
    The S3 configuration data can be restored to the CES shared root in two ways:
    • Restore the S3 configuration data by using the S3 configuration backup tar.bz2 file, which was automatically backed up in the CCR.

      To list the S3 configuration backup tar.bz2 files in CCR, issue the following command:

      # mmccr flist
  version  name
---------  --------------------
        1  ccr.nodes           
        1  ccr.disks           
        1  mmLockFileDB        
        1  genKeyData          
        2  genKeyDataNew       
       35  mmsdrfs             
        1  mmsysmon.json       
        4  _callhomeconfig     
        2  _perfmon.keys       
        1  measurements.json   
        1  zmrules.json        
        3  collectors          
        6  _gui.settings       
       15  _gui.user.repo      
       14  _gui.keystore_settings
       31  cesiplist           
        3  gpfs.ganesha.main.conf
        1  gpfs.ganesha.nfsd.conf
        1  gpfs.ganesha.log.conf
        2  gpfs.ganesha.exports.conf
        1  gpfs.ganesha.statdargs.conf
        1  idmapd.conf         
      808  _s3-config-backup.tar.bz2
        1  _ces_s3.master_keys 
        1  authccr

      To get a local copy of the backup tar.bz2 file from the CCR, issue the following command:

      #  mmccr fget _s3-config-backup.tar.bz2 /tmp/_s3-config-backup.tar.bz2
fget:808
# tar -xvf /tmp/_s3-config-backup.tar.bz2 -C /tmp/backup/

././config.json./accounts/./accounts/demo-account.json./buckets/./buckets/demo-bucket.json./system.json./access_keys/./access_keys/Pei0Og7tlMD4mFfq5qi5.symlink

./ces/mms3-config.json

      Ensure that the extracted directory contains system.json and config.json.

      # tree /tmp/backup/
              ├── access_keys
              ├── accounts_by_name
              ├── buckets
              ├── config.json
              ├── connections
              ├── identities
              ├── mms3-config.json
              └── system.json

      To restore the S3 configuration, issue the following command:

      # mms3 config restore /tmp/_s3-config-backup.tar.bz2
      A sample output is as follows:
      The S3 configuration directory at path /mnt/cesSharedRoot/ces/s3-config is not empty. Restore operation will overwrite the existing S3 configuration and restart the S3 service on all CES nodes. Do you want to proceed ? [y|n]:y
Started restoring S3 configuration data.
S3 service restarted on the CES node: node-1.vmlocal
S3 service restarted on the CES node: node-2.vmlocal
Restore of IBM Storage Scale S3 configuration is successfully done.
    • Restore the S3 configuration data by using the S3 configuration backup tar.bz2 file, which the administrator backed up by using the mms3 config backup command.

      To restore the S3 configuration, issue the following command:

      # mms3 config restore /tmp/s3ConfigBackup.<date>-<time>.tar.bz2
      A sample output is as follows:
      The S3 configuration directory at path /mnt/cesSharedRoot/ces/s3-config is not empty. Restore operation will overwrite the existing S3 configuration and restart the S3 service on all CES nodes. Do you want to proceed ? [y|n]:y
Started restoring S3 configuration data.
S3 service restarted on the CES node: node-1.vmlocal
S3 service restarted on the CES node: node-2.vmlocal
Restore of IBM Storage Scale S3 configuration is successfully done.

See also

Location

/usr/lpp/mmfs/bin