Skip to content

Object Storage

Object Storage offers a scalable storage service which can be used by applications compatible with the Amazon S3 protocol.

The CERN Object Store is built upon Ceph and operated by the IT Storage Group.

The Ceph Service makes no additional backups and there is no provision within the service for disaster recovery. Users are therefore responsible for maintaining independent backups of their objects where they judge it important.

Quota

Access to the Object Storage service requires an explicit quota request for shared projects. Please use the "Request quota change" button on the Horizon web interface to request resources. Note that quota will not be granted for "Personal" OpenStack tenants.

Credentials

After quota has been granted, S3 credentials can be created via the openstack CLI.

First, configure the openstack environment using the appropriate openstack project:

unset OS_PROJECT_ID;
unset OS_TENANT_ID;
unset OS_TENANT_NAME;
export OS_PROJECT_NAME="PUT PROJECT HERE";

Next, create and view the keys:

S3_HOST=$(openstack catalog show s3 -f json -c endpoints | jq --raw-output '.endpoints[] | select(.interface | contains("public")) | .url' | cut -f3 -d/)
ACCESS_KEY=$(openstack ec2 credentials create -f value -c access)
SECRET_KEY=$(openstack ec2 credentials show $ACCESS_KEY -f value -c secret)

echo $S3_HOST
echo $ACCESS_KEY
echo $SECRET_KEY

Use the above host and keys in your S3-compatible application. Please note that, although the generation of the credentials is instantaneous, it can take up to 15mn before the key gets propagated - you will be denied access in the mean time.

Using Object Storage

Here are some examples using object storage from the command line:

Privacy Policy

Object Storage is provided by Ceph, whose Privacy Policy is available here.