Generally an S3 enabled storage system is supported as content service.
Following S3 functions will be used: Required S3 functions
List of officially support S3 Systems: Supported S3 storage products
Using S3 managed buckets: Using S3 managed content service
Integration of Credential provider: Credentials provider
Description of configuration parameters in repository.cfg
There are two types for S3 content service: s3blobstore and s3managedbucketblobstore. There are common parameters which are identically for both of them.
Content-Service
Service | Präfix | Servicetyp | Parameter | Optional | Unterstützte Werte | Default | Typ | Funktion | Verfübar ab |
|---|---|---|---|---|---|---|---|---|---|
Content-Service | <repo>.contentservice |
| type | n | s3blobstore, s3managedbucketblobstore | noop | String | type definition of the content service | 1.0.1 |
s3blobstore | 1.0.1 | ||||||||
Content-Service | <repo>.contentservice | s3blobstore | connectionuser | n, wenn credentialsprovider auf “basic“ gestellt wird | <user> |
| String | User for S3 connection | 1.0.1 |
Content-Service | <repo>.contentservice | s3blobstore | connectionpass | n, when credentialsprovider is“basic“ | <user> |
| String | Connection-password for S3 (may be an Alias for a password in keystore) | 1.0.1 |
Content-Service | <repo>.contentservice | s3blobstore | maxconnections | y | <user> | 50 (AWS default) | Num | Max Connection-Pool of client | 1.0.1 |
Content-Service | <repo>.contentservice | s3blobstore | endpoint | y | <user> |
| URI witout protocol, e.g.: 127.0.0.1:9000 | Endpoint for S3 access (without Schema). The Endpoint is usally defined using parameter “region”. If Enpoint is defined, the parameter “region” will be ignored. | 1.0.1 |
Content-Service | <repo>.contentservice | s3blobstore | protocol | y | http,https | https | String | Client connection protocol | 1.0.1 |
Content-Service | <repo>.contentservice | s3blobstore | connecttimeout | y | <user> | 10000 | Num | Client connection-timeout (ms) | 1.0.1 |
Content-Service | <repo>.contentservice | s3blobstore | requesttimeout | y | <user> | 0 | Num | Client request timeout (ms) 0=Disabled | 1.0.1 |
Content-Service | <repo>.contentservice | s3blobstore | requestsigner | y | NoOpSignerType, QueryStringSignerType, AWS4SignerType, AWS4UnsignedPayloadSignerType, AWS3SignerType | String | Signer for signing of requests to AWS | 1.0.1 Signer “AWS4UnsignedPayloadSignerType“ may lead to problems when using certain special characters | |
Content-Service | <repo>.contentservice | s3blobstore | region | y | <user> | String | S3 Region | 1.0.1 | |
Content-Service | <repo>.contentservice | s3blobstore | allowcreatebuckets | y | true, false | true | Boolean | Enable creation of Buckets | 1.0.1 |
Content-Service | <repo>.contentservice | s3blobstore | bucketname | n | <user> |
| String | S3 Bucket for content files | 1.0.1 |
Content-Service | <repo>.contentservice | s3blobstore | clientoptions | y | pathstyleaccess:true |
| String | S3 ClientOption | 1.0.1 |
Content-Service | <repo>.contentservice | s3blobstore | contrepinpath | y | true, false | false | Bool | Use Repository Name as Root Folder | 1.0.1 |
Content-Service | <repo>.contentservice | s3blobstore | onbucketcreate | y | <user> | String | Script to execute when Bucket was created | 1.0.1 | |
Content-Service | <repo>.contentservice | s3blobstore | onbucketcreateworkingdir | y | <user> | Pfad | Needs to be defined when onbucketcreate is enabled | 1.0.1 | |
Content-Service | <repo>.contentservice | s3blobstore | calculatestreamhash | y | true, false | true | Boolean | After encryption the hash values in ContentServices are calculated again | 1.0.2 |
Content-Service | <repo>.contentservice | s3blobstore | EnforceUTF8ForContentDisposition | y | true, false | false | Boolean | false: should be set, if a ContentDisposition filename needs to be encoded, otherwise the original format is delivered, true: always encode in UTF-8 | 1.4.1 |
Content-Service | <repo>.contentservice | s3blobstore | objectlockenabled | y | true, false | true | Boolean | Setting objectLockEnabled when creating a new Bucket | 1.9.0 |
Content-Service | <repo>.contentservice | s3blobstore | maxidle | y | <user> | 60000 | Num | Maximum time in ms after removing an unused connection from ConnectionPool | 1.9.0 |
Content-Service | <repo>.contentservice | s3blobstore | validateafterinactivity | y | <user> | 5000 | Num | Polling time in ms for checking if connection in pool is still open. | 1.9.0 |
Content-Service | <repo>.contentservice | s3blobstore | cleanVersions | y | true,false | true | boolean | true: Delete all previous versions for update and delete operations when using buckets with enabled versioning. false: keep all versions | 1.9.0 |
Content-Service | <repo>.contentservice | s3blobstore | credentialsprovider | y | basic, instanceprofile | basic | String | basic: Authentication whith username and password instanceprofile: can be used when both, tia Core and S3 bucket S3 Bucket are deployed in AWS - then no direct authentification is necessary, as this is handled by the internal permission group. | 2.0.3 |
s3managedbucketsblobstore | 1.0.1 | ||||||||
Content-Service | <repo>.contentservice | s3managedbucketsblobstore | connectionuser | n, wenn credentialsprovider auf “basic“ gestellt wird | <user> |
| String | User for S3 connection | 1.0.1 |
Content-Service | <repo>.contentservice | s3managedbucketsblobstore | connectionpass | n, wenn credentialsprovider auf “basic“ gestellt wird | <user> |
| String | Connection password for S3 (may be an Alias for a password in keystore) | 1.0.1 |
Content-Service | <repo>.contentservice | s3managedbucketsblobstore | maxconnections | y | <user> | 50 (AWS default) | Num | Max client connection pool | 1.0.1 |
Content-Service | <repo>.contentservice | s3managedbucketsblobstore | endpoint | y | <user> |
| URI ohne Protokoll z.B 127.0.0.1:9000 | Endpoint for S3 access (without Schema). The Endpoint is usally defined using parameter “region”. If Enpoint is defined, the parameter “region” will be ignored. | 1.0.1 |
Content-Service | <repo>.contentservice | s3managedbucketsblobstore | protocol | y | http,https | https | String | Client connection protocol | 1.0.1 |
Content-Service | <repo>.contentservice | s3managedbucketsblobstore | connecttimeout | y | <user> | 10000 | Num | Client connection timeout (ms) | 1.0.1 |
Content-Service | <repo>.contentservice | s3managedbucketsblobstore | requesttimeout | y | <user> | 0 | Num | Client request timeout (ms) 0=Disabled | 1.0.1 |
Content-Service | <repo>.contentservice | s3managedbucketsblobstore | requestsigner | y | NoOpSignerType, QueryStringSignerType, AWS4SignerType, AWS4UnsignedPayloadSignerType, AWS3SignerType | String | Signer for signing of requests to AWS | 1.0.1 Signer “AWS4UnsignedPayloadSignerType“ may lead to problem when using certain special characters. | |
Content-Service | <repo>.contentservice | s3blobstore | region | y | <user> | String | S3 Region | 1.0.1 | |
Content-Service | <repo>.contentservice | s3blobstore | AllowCreateBuckets | y | true, false | true | Boolean | Enable creation of Buckets | 1.0.1 |
Content-Service | <repo>.contentservice | s3managedbucketsblobstore | contrepinpath | y | true, false | false | Bool | Use Repository Name as Root Folder | 1.0.1 |
Content-Service | <repo>.contentservice | s3managedbucketsblobstore | bucketgroups | y | <user> | 1 | Num | Number of bucket groups to use for new storage files | 1.0.1 |
Content-Service | <repo>.contentservice | s3managedbucketsblobstore | bucketspergroup | y | <user> | 5 | Num | Number of buckets in a group (Attention: don’t change after first use!!) | 1.0.1 |
Content-Service | <repo>.contentservice | s3managedbucketsblobstore | bucketnameformat | y | <user>, z.B. %8.8s |
| String | Number of characters of generated bucket names. When e.g. set to 8 characters, the name is filled with leading zeros to be 8 characters long. | 1.0.1 |
Content-Service | <repo>.contentservice | s3managedbucketsblobstore | bucketprefix | y | <user> |
| String | Name prefix of Buckets | 1.0.1 |
Content-Service | <repo>.contentservice | s3managedbucketsblobstore | calculatestreamhash | y | true, false | true | Boolean | After encryption the hash values in ContentServices are calculated again | 1.0.2 |
Content-Service | <repo>.contentservice | s3blobstore | credentialsprovider | y | basic, instanceprofile | basic | String | basic: Authentication whith username and password instanceprofile: can be used when both, tia Core and S3 bucket S3 Bucket are deployed in AWS - then no direct authentification is necessary, as this is handled by the internal permission group. | 2.0.3 |
<repoName>.contentservice.type = s3blobstore # alternativ: s3managedbucketsblobstore <repoName>.contentservice.s3blobstore.connectionuser=kgsarchive <repoName>.contentservice.s3blobstore.connectionpass=kgsarchivePassword #<repoName>.contentservice.s3blobstore.maxconnections= #default: 50 <repoName>.contentservice.s3blobstore.endpoint=localhost:9000 <repoName>.contentservice.s3blobstore.protocol=http #<repoName>.contentservice.s3blobstore.connecttimeout= #default: 10000 #<repoName>.contentservice.s3blobstore.requestsigner= #default: #<repoName>.contentservice.s3blobstore.region= #default: #<repoName>.contentservice.s3blobstore.EnforceUTF8ForContentDisposition= #default: false #<repoName>.contentservice.s3blobstore.AllowCreateBuckets= #default: true #<repoName>.contentservice.s3blobstore.MaxIdle= #default: 60000 #<repoName>.contentservice.s3blobstore.ValidateAfterInactivity= #default: 5000 #<repoName>.contentservice.s3blobstore.CleanVersions= #default: true #<repoName>.contentservice.s3blobstore.ObjectLockEnabled= #default: #<repoName>.contentservice.s3blobstore.clientoptions= #default: <repoName>.contentservice.s3blobstore.bucketname=mass #<repoName>.contentservice.s3blobstore.bucketgroups= #default: 1 #<repoName>.contentservice.s3blobstore.bucketspergroup= #default: 5 <repoName>.contentservice.s3blobstore.bucketnameformat=%.2s #<repoName>.contentservice.s3blobstore.bucketprefix= #default: #<repoName>.contentservice.s3blobstore.contrepinpath = #default: false