15599: Look up IAM role name from metadata if not configured.

[arvados.git] / doc / install / configure-s3-object-storage.html.textile.liquid

---
layout: default
navsection: installguide
title: Configure S3 object storage
...
{% comment %}
Copyright (C) The Arvados Authors. All rights reserved.

SPDX-License-Identifier: CC-BY-SA-3.0
{% endcomment %}

Keepstore can store data in object storage compatible with the S3 API, such as Amazon S3, Google Cloud Storage, or Ceph RADOS.

Volumes are configured in the @Volumes@ section of the cluster configuration file.

{% include 'assign_volume_uuid' %}

<notextile><pre><code>Clusters:
  <span class="userinput">uuid_prefix</span>:
    Volumes:
      <span class="userinput">uuid_prefix</span>-nyw5e-<span class="userinput">000000000000000</span>:
        AccessViaHosts:
          # This section determines which keepstore servers access the
          # volume. In this example, keep0 has read/write access, and
          # keep1 has read-only access.
          #
          # If the AccessViaHosts section is empty or omitted, all
          # keepstore servers will have read/write access to the
          # volume.
          "http://<span class="userinput">keep0.uuid_prefix.example.com</span>:25107/": {}
          "http://<span class="userinput">keep1.uuid_prefix.example.com</span>:25107/": {ReadOnly: true}

        Driver: S3
        DriverParameters:
          # IAM role name to use when retrieving credentials from
          # instance metadata. This is optional (if omitted, the role
          # name itself is retrieved from instance metadata) but it
          # may protect you from using the wrong credentials in the
          # event of an installation/configuration error.
          IAMRole: s3access

          # The credentials to use to access the bucket. Omit or leave
          # blank to use the credentials provided by the instance's
          # IAM role.
          AccessKey: aaaaa
          SecretKey: aaaaa

          # Storage provider endpoint. For Amazon S3, use "" or
          # omit. For Google Cloud Storage, use
          # "https://storage.googleapis.com".
          Endpoint: ""

          # Storage provider region. For Google Cloud Storage, use ""
          # or omit.
          Region: us-east-1a

          # Change to true if the region requires a LocationConstraint
          # declaration.
          LocationConstraint: false

          # Bucket name.
          Bucket: example-bucket-name

          # Requested page size for "list bucket contents" requests.
          IndexPageSize: 1000

          # Maximum time to wait while making the initial connection
          # to the backend before failing the request.
          ConnectTimeout: 1m

          # Maximum time to wait for a complete response from the
          # backend before failing the request.
          ReadTimeout: 2m

          # Maximum eventual consistency latency
          RaceWindow: 24h

          # Enable deletion (garbage collection) even when the
          # configured BlobTrashLifetime is zero.  WARNING: eventual
          # consistency may result in race conditions that can cause
          # data loss.  Do not enable this unless you understand and
          # accept the risk.
          UnsafeDelete: false

        # How much replication is provided by the underlying bucket.
        # This is used to inform replication decisions at the Keep
        # layer.
        Replication: 2

        # If true, do not accept write or trash operations, even if
        # AccessViaHosts.*.ReadOnly is false.
        #
        # If false or omitted, enable write access (subject to
        # AccessViaHosts.*.ReadOnly, where applicable).
        ReadOnly: false

        # Storage classes to associate with this volume.  See "Storage
        # classes" in the "Admin" section of doc.arvados.org.
        StorageClasses: null
</code></pre></notextile>