SPDX-License-Identifier: CC-BY-SA-3.0
{% endcomment %}
-Keepstore can store data in object storage compatible with the S3 API, such as Amazon S3, Google Cloud Storage, or Ceph RADOS.
+Keepstore can store data in object storage compatible with the S3 API, such as Amazon S3, Google Cloud Storage, Ceph RADOS, NetApp StorageGRID, and others.
Volumes are configured in the @Volumes@ section of the cluster configuration file.
+# "Configuration example":#example
+# "IAM Policy":#IAM
+
+h2(#example). Configuration example
+
{% include 'assign_volume_uuid' %}
<notextile><pre><code> Volumes:
# If you are not using an IAM role for authentication,
# specify access credentials here instead.
- AccessKey: <span class="userinput">""</span>
- SecretKey: <span class="userinput">""</span>
+ AccessKeyID: <span class="userinput">""</span>
+ SecretAccessKey: <span class="userinput">""</span>
- # Storage provider region. For Google Cloud Storage, use ""
- # or omit.
- Region: <span class="userinput">us-east-1a</span>
+ # Storage provider region. If Endpoint is specified, the
+ # region determines the request signing method, and defaults
+ # to "us-east-1".
+ Region: <span class="userinput">us-east-1</span>
# Storage provider endpoint. For Amazon S3, use "" or
# omit. For Google Cloud Storage, use
# might be needed for other S3-compatible services.
V2Signature: false
- # Use the AWS S3 Go driver instead of the goamz driver.
- AlternateDriver: false
+ # By default keepstore stores data using the MD5 checksum
+ # (32 hexadecimal characters) as the object name, e.g.,
+ # "0123456abc...". Setting PrefixLength to 3 changes this
+ # naming scheme to "012/0123456abc...". This can improve
+ # performance, depending on the S3 service being used. For
+ # example, PrefixLength 3 is recommended to avoid AWS
+ # limitations on the number of read/write operations per
+ # second per prefix (see
+ # https://aws.amazon.com/premiumsupport/knowledge-center/s3-request-limit-avoid-throttling/).
+ #
+ # Note that changing PrefixLength on an existing volume is
+ # not currently supported. Once you have started using a
+ # bucket as an Arvados volume, you should not change its
+ # configured PrefixLength, or configure another volume using
+ # the same bucket and a different PrefixLength.
+ PrefixLength: 0
# Requested page size for "list bucket contents" requests.
IndexPageSize: 1000
StorageClasses: null
</code></pre></notextile>
-Two S3 drivers are available. Historically, Arvados has used the @goamz@ driver to talk to S3-compatible services. More recently, support for the @aws-sdk-go-v2@ driver was added. This driver can be activated by setting the @AlternateDriver@ flag to @true@.
-
-The @aws-sdk-go-v2@ does not support the old S3 v2 signing algorithm. This will not affect interacting with AWS S3, but it might be an issue when Keep is backed by a very old version of a third party S3-compatible service.
-
-The @aws-sdk-go-v2@ driver has faster _single thread_ read and write performance than the @goamz@ driver. Here are some benchmark numbers against AWS S3, as measured in July 2020. They were generated with the @keep-exercise@ tool in an Arvados installation with one dedicated Keepstore node (c5n.2xlarge) and one dedicated node for running @keep-exercise@ (c5n.2xlarge). The Keepstore node was backed by one S3 bucket, in a VPC with an S3 endpoint installed. Versioning, Server Access logging, Static website hosting, Object-level logging and Default encryption were disabled. Object lock, Transfer acceleration and Requester pays were also disabled. There were no Active notifications. Each test consisted of 4 one minute runs, which were averaged into one number. The tests were repeated 3 times, and of those 3 runs, the highest average speed was selected and included in the table below.
-
-table(table table-bordered table-condensed).
-||_. goamz |_. aws-sdk-go-v2 |_. command line|
-|single thread read performance (average)|32.53 MiB/s|79.48 MiB/s|keep-exercise -repeat 4 -run-time 60s -vary-request -use-index -rthreads 1 -wthreads 1|
-|single thread write performance (average)|39.75 MiB/s|49.58 MiB/s|keep-exercise -repeat 4 -run-time 60s -vary-request -use-index -rthreads 1 -wthreads 1|
-
-Because both S3 and Keep are optimized for _aggregate_ througput, the single thread performance is not as important as it may seem at first glance. When using 20 concurrent read or write threads, the numbers from both drivers are more closely aligned:
-
-table(table table-bordered table-condensed).
-||_. goamz |_. aws-sdk-go-v2 |_. command line|
-|20 thread read performance (average)|585.60 MiB/s|898.93 MiB/s|keep-exercise -repeat 4 -run-time 60s -vary-request -use-index -rthreads 20 -wthreads 0|
-|20 thread write performance (average)|610.40 MiB/s|542.40 MiB/s|keep-exercise -repeat 4 -run-time 60s -vary-request -use-index -rthreads 0 -wthreads 20|
+h2(#IAM). IAM Policy
+
+On Amazon, VMs which will access the S3 bucket (these include keepstore and compute nodes) will need an IAM policy with "permission that can read, write, list and delete objects in the bucket":https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create.html . Here is an example policy:
+
+<notextile>
+<pre>
+{
+ "Id": "arvados-keepstore policy",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Action": [
+ "s3:*"
+ ],
+ "Resource": "arn:aws:s3:::xarv1-nyw5e-000000000000000-volume"
+ "Resource": "arn:aws:s3:::xarv1-nyw5e-000000000000000-volume/*"
+ }
+ ]
+}
+</pre>
+</notextile>
projects / arvados.git / blobdiff