...
Integration of Credential provider: Credentials provider
Note |
---|
In case of using retention or legal holds, the user configured to access the buckets must also be the owner of the buckets, otherwise the check if object lock is enabled will fail. From the S3 documentation: The account ID of the expected bucket owner. If the bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied). (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLockConfiguration.html ) |
Description of configuration parameters in repository.cfg
Info |
---|
There are two types for S3 content service: s3blobstore and s3managedbucketblobstore. First the common parameters for both of them are listed before the specific parameters for the managed S3 service. |
Content-Service
Service | Präfix | Servicetyp | Parameter | Optional | Unterstützte Werte | Default | Typ | Funktion | Verfübar ab |
---|---|---|---|---|---|---|---|---|---|
Content-Service | <repo>.contentservice |
| type | n | s3blobstore, s3managedbucketblobstore | noop | String | type definition of the content service | 1.0.1 |
s3blobstore, | 1.0.1, netapp from 3.2.0 on | ||||||||
Content-Service | <repo>.contentservice | s3blobstore |
connectionuser | n, wenn credentialsprovider auf “basic“ gestellt wird | <user> |
| String | User for S3 connection | 1.0.1 |
Content-Service | <repo>.contentservice | s3blobstore |
connectionpass | n, when credentialsprovider is“basic“ | <user> |
| String | Connection-password for S3 (may be an Alias for a password in keystore) | 1.0.1 |
Content-Service | <repo>.contentservice | s3blobstore |
s3managedbucketsblobstore
maxconnections | y | <user> | 50 (AWS default) | Num | Max Connection-Pool of client | 1.0.1 | |
Content-Service | <repo>.contentservice | s3blobstore |
endpoint | y | <user> |
| URI witout protocol, e.g.: 127.0.0.1:9000 | Endpoint for S3 access (without Schema). The Endpoint is usally defined using parameter “region”. If Enpoint is defined, the parameter “region” will be ignored. | 1.0.1 |
Content-Service | <repo>.contentservice | s3blobstore |
protocol | y | http,https | https | String | Client connection protocol | 1.0.1 |
Content-Service | <repo>.contentservice | s3blobstore |
s3managedbucketsblobstore
connecttimeout | y | <user> | 10000 | Num | Client connection-timeout (ms) | 1.0.1 | |
Content-Service | <repo>.contentservice | s3blobstore |
requesttimeout | y | <user> | 0 | Num | Client request timeout (ms) 0=Disabled | 1.0.1 |
Content-Service | <repo>.contentservice | s3blobstore |
s3managedbucketsblobstore
requestsigner | y | NoOpSignerType, QueryStringSignerType, AWS4SignerType, AWS4UnsignedPayloadSignerType, AWS3SignerType | String | Signer for signing of requests to AWS | 1.0.1
| ||||
Content-Service | <repo>.contentservice | s3blobstore |
region | y | <user> | String | S3 Region | 1.0.1 | |
Content-Service | <repo>.contentservice | s3blobstore |
allowcreatebuckets | y | true, false | true | Boolean | Enable creation of Buckets | 1.0.1 |
Content-Service | <repo>.contentservice | s3blobstore |
bucketname | n | <user> |
| String | S3 Bucket for content files | 1.0.1 |
Content-Service | <repo>.contentservice | s3blobstore |
s3managedbucketsblobstore
clientoptions | y | pathstyleaccess:true |
| String | S3 ClientOption | 1.0.1 | |
Content-Service | <repo>.contentservice | s3blobstore |
contrepinpath | y | true, false | false | Bool | Use Repository Name as Root Folder | 1.0.1 |
Content-Service | <repo>.contentservice | s3blobstore |
onbucketcreate | y | <user> | String | Script to execute when Bucket was created | 1.0.1 | |
Content-Service | <repo>.contentservice | s3blobstore |
s3managedbucketsblobstore
onbucketcreateworkingdir | y | <user> | Pfad | Needs to be defined when onbucketcreate is enabled | 1.0.1 | ||
Content-Service | <repo>.contentservice | s3blobstore |
s3managedbucketsblobstore
calculatestreamhash | y | true, false | true | Boolean | After encryption the hash values in ContentServices are calculated again | 1.0.2 | |
Content-Service | <repo>.contentservice | s3blobstore |
EnforceUTF8ForContentDisposition | y | true, false | false | Boolean | false: should be set, if a ContentDisposition filename needs to be encoded, otherwise the original format is delivered, true: always encode in UTF-8 | 1.4.1 |
Content-Service | <repo>.contentservice | s3blobstore |
s3managedbucketsblobstore
objectlockenabled | y | true, false | true | Boolean | Setting objectLockEnabled when creating a new Bucket | 1.9.0 | |
Content-Service | <repo>.contentservice | s3blobstore |
maxidle | y | <user> | 60000 | Num | Maximum time in ms after removing an unused connection from ConnectionPool | 1.9.0 |
Content-Service | <repo>.contentservice | s3blobstore |
validateafterinactivity | y | <user> | 5000 | Num | Polling time in ms for checking if connection in pool is still open. | 1.9.0 |
Content-Service | <repo>.contentservice | s3blobstore |
s3managedbucketsblobstore
cleanVersions | y | true,false | true | boolean | true: Delete all previous versions for update and delete operations when using buckets with enabled versioning. false: keep all versions | 1.9.0 | |
Content-Service | <repo>.contentservice | s3blobstore |
s3managedbucketsblobstore
credentialsprovider | y | basic, instanceprofile | basic | String | basic: Authentication whith username and password instanceprofile: can be used when both, tia Core and S3 bucket S3 Bucket are deployed in AWS - then no direct authentification is necessary, as this is handled by the internal permission group. | 2.0.3 | |||
s3managedbucketsblobstore, s3netappmanagedbucketsblobstore | 1.0.1, netapp from 3.2.0 on | ||||||||
Content-Service | <repo>.contentservice | s3blobstore | region | y | <user> | String | S3 Region | 1.0.1 | |
Content-Service | <repo>.contentservice | s3blobstore | AllowCreateBuckets | y | true, false | true | Boolean | Enable creation of Buckets | 1.0.1 |
Content-Service | <repo>.contentservice |
s3blobstore | bucketgroups | y | <user> | 1 | Num | Number of bucket groups to use for new storage files | 1.0.1 |
Content-Service | <repo>.contentservice |
s3blobstore | bucketspergroup | y | <user> | 5 | Num | Number of buckets in a group (Attention: don’t change after first use!!) | 1.0.1 |
Content-Service | <repo>.contentservice |
s3blobstore | bucketnameformat | y | <user>, z.B. %8.8s |
| String | Number of characters of generated bucket names. When e.g. set to 8 characters, the name is filled with leading zeros to be 8 characters long. | 1.0.1 |
Content-Service | <repo>.contentservice |
s3blobstore | bucketprefix | y | <user> |
| String | Name prefix of Buckets | 1.0.1 |
Example configuration for S3-Blobstore:
Code Block |
---|
<repoName>.contentservice.type = s3blobstore # alternativ: s3managedbucketsblobstore
<repoName>.contentservice.s3blobstore.connectionuser=kgsarchive
<repoName>.contentservice.s3blobstore.connectionpass=kgsarchivePassword
#<repoName>.contentservice.s3blobstore.maxconnections= #default: 50
<repoName>.contentservice.s3blobstore.endpoint=localhost:9000
<repoName>.contentservice.s3blobstore.protocol=http
#<repoName>.contentservice.s3blobstore.connecttimeout= #default: 10000
#<repoName>.contentservice.s3blobstore.requestsigner= #default:
#<repoName>.contentservice.s3blobstore.region= #default:
#<repoName>.contentservice.s3blobstore.EnforceUTF8ForContentDisposition= #default: false
#<repoName>.contentservice.s3blobstore.AllowCreateBuckets= #default: true
#<repoName>.contentservice.s3blobstore.MaxIdle= #default: 60000
#<repoName>.contentservice.s3blobstore.ValidateAfterInactivity= #default: 5000
#<repoName>.contentservice.s3blobstore.CleanVersions= #default: true
#<repoName>.contentservice.s3blobstore.ObjectLockEnabled= #default:
#<repoName>.contentservice.s3blobstore.clientoptions= #default:
<repoName>.contentservice.s3blobstore.bucketname=mass
#<repoName>.contentservice.s3blobstore.bucketgroups= #default: 1
#<repoName>.contentservice.s3blobstore.bucketspergroup= #default: 5
<repoName>.contentservice.s3blobstore.bucketnameformat=%.2s
#<repoName>.contentservice.s3blobstore.bucketprefix= #default:
#<repoName>.contentservice.s3blobstore.contrepinpath = #default: false |
Example configuration for S3-Managedbucketsblobstore:
Code Block |
---|
<repoName>.contentservice.type = s3managedbucketsblobstore
<repoName>.contentservice.s3blobstore.connectionuser=kgsarchive
<repoName>.contentservice.s3blobstore.connectionpass=kgsarchivePassword
#<repoName>.contentservice.s3blobstore.maxconnections= #default: 50
<repoName>.contentservice.s3blobstore.endpoint=localhost:9000
<repoName>.contentservice.s3blobstore.protocol=http
#<repoName>.contentservice.s3blobstore.connecttimeout= #default: 10000
#<repoName>.contentservice.s3blobstore.requesttimeout= #default: 0
#<repoName>.contentservice.s3blobstore.requestsigner= #default:
#<repoName>.contentservice.s3blobstore.region= #default:
#<repoName>.contentservice.s3blobstore.AllowCreateBuckets= #default: true
<repoName>.contentservice.s3blobstore.bucketname=mass
#<repoName>.contentservice.s3blobstore.clientoptions= #default:
#<repoName>.contentservice.s3blobstore.contrepinpath = #default: false
#<repoName>.contentservice.s3blobstore.onbucketcreate =
#<repoName>.contentservice.s3blobstore.onbucketcreateworkingdir =
#<repoName>.contentservice.s3blobstore.calculatestreamhash = #default: true
#<repoName>.contentservice.s3blobstore.EnforceUTF8ForContentDisposition= #default: false
#<repoName>.contentservice.s3blobstore.ObjectLockEnabled= #default: true
#<repoName>.contentservice.s3blobstore.MaxIdle= #default: 60000
#<repoName>.contentservice.s3blobstore.validateafterinactivity = #default: 5000
#<repoName>.contentservice.s3blobstore.CleanVersions= #default: true
#<repoName>.contentservice.s3blobstore.credentialsprovider = #default: basic
#<repoName>.contentservice.s3blobstore.bucketgroups = #default: 1
#<repoName>.contentservice.s3blobstore.bucketspergroup = #default: 5
#<repoName>.contentservice.s3blobstore.bucketnameformat = %.2s
#<repoName>.contentservice.s3blobstore.bucketprefix = #default: |