UK Object Storage (Beta)

Our object storage service is based on Ceph, which supports a RESTful API that is compatible with the basic data access model of the Amazon S3 API.

The following ternonology is commonly used when working with object storage solutions:

  • Tenant : Multi-tenancy allows to use buckets and users of the same name simultaneously by segregating them under so-called tenants. 1
  • Access Key : Simular to a login, the access key is used for account identification.
  • Secret Key : Simular to a password, the secret key is used for account authenication.
  • Zone : A zone is logical grouping of one or more Ceph Object Gateway instances. There will be one Zone that should be designated as the master zone in a zonegroup, which will handle all bucket and user creation. 2
  • Zonegroup : A zonegroup consists of multiple zones, this approximately corresponds to what used to be called as a region in pre Jewel releases for federated deployments. There should be a master zonegroup that will handle changes to the system configuration. Zonegroup map: A zonegroup map is a configuration structure that holds the map of the entire system, ie. which zonegroup is the master, relationships between different zonegroups and certain configurables like storage policies.
  • Realm: A realm is a container for zonegroups, this allows for separation of zonegroups themselves between clusters. It is possible to create multiple realms, making it easier to run completely different configurations in the same cluster.
  • Endpoint : The endpoint is the server name (DNS name) of your object gateway.

Service Configuration Details

Account Creation

Accounts are managed through the Research Computing Accounts site


Central Campus

  • Description : Primary object storage configuration.
  • Endpoint : https://objects-pks2.rc.uky.edu
  • Zonegroup : uky
  • Zone : uky-campus-1

Backend Performance


S3 Compatable Clients

You account information can be used to interface with the object storage system using a number of S3 compatible clients including:

Rclone .rclone.conf

[objects] type = s3
env_auth = false
access_key_id = [your access key] secret_access_key = [your secret] region = other-v2-signature
endpoint = https://objects-pks2.rc.uky.edu
location_constraint =
acl =
server_side_encryption =


Cyberduck

Amazon SDK for Java

*Full example here

*S3 Client Constructor

    access_key_id = [your access key]
    secret_access_key = [your secret]

    String accessKey = "your access key";
    String secretKey = "your secret";
    String endpoint = "https://objects-pks2.rc.uky.edu"

    // Building Credentials
    AWSCredentials credentials = new BasicAWSCredentials(accessKey, secretKey);

    ClientConfiguration clientConfig = new ClientConfiguration();
    clientConfig.setProtocol(Protocol.HTTPS);
    clientConfig.setSignerOverride("S3SignerType");

    // Connecting to S3 Service
    conn = new AmazonS3Client(credentials, clientConfig);
    conn.setS3ClientOptions(new S3ClientOptions().withPathStyleAccess(true));
    conn.setEndpoint(endpoint);

  1. RGW Multi-Site: http://docs.ceph.com/docs/jewel/radosgw/multisite/ 

  2. RGW Multi-Tenancy: http://docs.ceph.com/docs/jewel/radosgw/multitenancy/