...

The goal is to provide the S3 REST API calls in CloudStack. Specifically

1. Provide a REST API for CloudStack which provides the same services as Amazon AWS S3.
2. Allow the installation-specific one-time definition of a custom endpoint and storage nodes.
3. Provide operations with parameters, responses and errors which match or are very similar to the Amazon S3 API.

Allow the solution to be installable via a self contained virtual system server within a CloudStack management server.

...

Scope of this document is to provide a functional specification for the EC2 integration and fidelity work planned for the Bonita release of CloudStack.

References

• Solution must comply with Amazon Simple Storage Service API Reference (API Version 2006-03-01) at http://aws.amazon.com/documentation/s3/^{Image Removed}
• Specific part of specification used is REST API as described at http://docs.amazonwebservices.com/AmazonS3/latest/dev/Introduction.html#API^{Image Removed}.
• For driver tooling examples see http://aws.amazon.com/developertools/^{Image Removed}

Feature specifications

Requirements briefing

Ideally the following should be accomplished#Provide

1. Provide a list of supported operations which have been tested to provide correct behaviour.

...

1. Allow the data model to be held in the CLOUDBRIDGE database (shared with EC2 API) as part of the build of the CloudStack 3.0x release management server.

...

1. Ensure that the formats of requests, responses and errors match those documented as doc.s3.amazonaws.com/2006-03-01/ (being the current API Version).

...

1. Extend all supported operations to cover requests in hostname-relative style; subdomain style; and - if time permits - virtual hosting style.

...

1. Enforce lexical rules such as the bucket naming constraints of the API as given for cross-region (or “region-independent”) requests.

...

1. Test typical request-response behavior for compatibility with the REST capabilities of popular S3 toolsets. The currently used toolkits include: boto, s3cmd, jets3.

...

1. Document any exceptions to the above.

Deployment - Solution to be installable via a self contained virtual system server within a CloudStack management server.

...

Fidelity to the Amazon S3 API embraces:**

• Ability to process requests for the services listed above using the documented HTTP requests formats and undertake the CRUD actions implied by those requests

...

• Ability to process the correct controls, viz holding the public-private key pair of the user, preserving granter-grantee relationships for bucket or object resources, managing ACLs.

...

• Ability to provide responses, including XML response bodies where necessary, which are sufficiently accurate to follow the Amazon S3 spec.

...

• Provide a robust implementation for holding the operational metadata, together with an Object-Model mapping of this. Also allow the XML content of the web service request to include large binary stream content via optimised transmission (MTOM), supported by the Apache AXIOM library employing pull parsing. This list of critical capabilities has already been developed in 2011.

To allow the above to be configurable to the resources, especially simple storage resources, at a given cloud management installation.

...

The configuration environment is controlled by a file which needs to be accurately defined at the time of installation. Within the cloud bridge installation directory, the file is at conf/cloud-bridge.properties. Typical configuration information defined in this file is

host=http://myhost:8080/awsapi^{Image Removed}
storage.root=/mounts/mymountpoint
storage.multipartDir=_multipartuploads_
bucket.dns=false
serviceEndpoint=myhost:8080

So configured, the S3 API REST translation service will be running at http://myhost:8080/awsapi/rest/AmazonS3/^{Image Removed}.

The following step, with tomcat running, is to set up user keys using the script awsapi-setup/setup/cloudstack-aws-api-register. This needs setting up in accordance with the following example

./cloudstack-aws-api-register -u http://localhost:8080/awsapi/rest/AmazonS3^{Image Removed} -a MyAccessIDKey -s MySecretKey openssl_generated.mycert.pem

...

The capabilities of the S3 API are intended to satisfy the following use cases. For an overview of the expected capabilities, see docs.amazonwebservices.com/AmazonS3/latest/API/APIRest.htm. **

• List All Buckets,
  Example using the simplest GET request, http://myhost:8080/awsapi/rest/AmazonS3

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/RESTServiceGET.htm

...

• GET Bucket's Objects,
  Example using GET http://myhost:8080/awsapi/rest/AmazonS3/mybucket1

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGET.htm

...

• GET a Bucket
  Example using GET http://myhost:8080/awsapi/rest/AmazonS3/mybucket1?max-keys=10

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/RESTServiceGET.htm

...

• GET Bucket acl,
  Example using GET http://myhost:8080/awsapi/rest/AmazonS3/mybucket1/?acl

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETacl.html

...

• List a Bucket's versions,
  Example using HEAD http://myhost:8080/awsapi/rest/AmazonS3/mybucket3/?versions&max-keys=999

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETVersion.html

...

• GET Bucket versioning status,
  Example using GET http://myhost:8080/awsapi/rest/AmazonS3/mybucket1/?versioning

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETversioningStatus.html

...

• Retrieve a Bucket's metadata,
  Example using HEAD http://myhost:8080/awsapi/rest/AmazonS3/mybucket1/?keyname3

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketHEAD.html

...

• List Multipart Uploads,
  Example using GET http://myhost:8080/awsapi/rest/AmazonS3/mybucket1/my_upload_1?uploadId=6

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadListParts.html

...

• PUT Bucket,
  Example using PUT http://myhost:8080/awsapi/rest/AmazonS3/mybucket1

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUT.html

...

• PUT Bucket acl,
  Example using PUT http://myhost:8080/awsapi/rest/AmazonS3/mybucket1/?acl

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTacl.html

...

• PUT Bucket versioning status,
  Example using PUT http://myhost:8080/awsapi/rest/AmazonS3/mybucket2/?versioning

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html

...

• DELETE Bucket,
  Example using DELETE http://myhost:8080/awsapi/rest/AmazonS3/mybucket2

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketDELETE.html

...

• GET a Bucket's Objects,
  Example using GET http://myhost:8080/awsapi/rest/AmazonS3/mybucket1

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGET.htm

...

• GET an Object from a Bucket,
  Example using GET http:/myhost:8080/awsapi/rest/AmazonS3/mybucket2/keyname1
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectGET.html

...

• GET Object acl,
  Example using GET http://myhost:8080./awsapi/rest/AmazonS3/mybucket1/?acl

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETacl.html

...

• PUT an Object into a Bucket,
  Example using PUT http://myhost:8080/awsapi/rest/AmazonS3/mybucket2/keyname1

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectPUT.html

...

• POST a file Object into a Bucket,
  Example using example HTML forms to send, POST http://myhost:8080/awsapi/rest/AmazonS3

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectPOST.html

...

• PUT Object acl,
  Example using PUT http://myhost:8080/awsapi/rest/AmazonS3/mybucket4/thirdk4?acl

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectPUTacl.html

...

• Initiate Multipart Upload,
  Example using POST http://myhost:8080/awsapi/rest/AmazonS3/mybucket1/my_upload_1?uploads

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadInitiate.html

...

• Upload Part,
  Example using PUT http://myhost:8080/awsapi/rest/AmazonS3/mybucket1/my_upload_1?uploadId=6&partNumber=1

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadUploadPart.html

...

• Complete Multipart Upload,
  Example using POST http://myhost:8080/awsapi/rest/AmazonS3/mybucket1/my_upload_1?uploadId=6

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadComplete.html

...

• Abort Multipart Upload,
  Example using DELETE http://myhost:8080/awsapi/rest/AmazonS3/mybucket1/my_upload_1?uploadId=6

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadAbort.html

...

• List Parts for Upload,
  Example using GET http://myhost:8080/awsapi/rest/AmazonS3/mybucket1/my_upload_1?uploadId=6

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadListParts.html

...

• DELETE Object,
  Example using DELETE http://myhost:8080/awsapi/rest/AmazonS3/mybucket1/?key_name_01

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectDELETE.html

...

• Delete Multiple Objects in one command,
  Example using POST http://myhost:8080/awsapi/rest/AmazonS3/mybucket3/?delete

...

• 
  Specified at aws.amazon.com/releasenotes/Amazon-S3/7816383882128829

...

• Copy an Object between Buckets,
  Example using PUT http://myhost:8080/awsapi/rest/AmazonS3/mybucket2/key_k1b1

...

• 
  Specified at docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectCopy.html

Architecture and design description

...

The design imposes a service lifecycle in which##The

1. The incoming request is interpreted.

...

1. The authentication of the request is appended to it.

...

1. The service which processes the request provides a response.

...

1. The informational response is returned if successful or an error response provided otherwise, in accordance with http://docs.amazonwebservices.com/AmazonS3/latest/dev/UsingRESTError.html

...

1. .

To validate the request data structure (termed the canonical string) the following rules are enforced by the design:##List

1. List 4 properties of the request delimited by \n: HTTP verb, MD5 hash of uploaded data, content type of uploaded data, datetimestamp for request might be time request will expire. All except MD5 hash are mandatory. Datetimestamp has to be Rfc2616 compliant indicating the ISO 8601 format.

...

1. Add x-amz- headers to description in alpha order, converting to lowercase.

...

1. Add path component of URI without any parameters.

...

1. Include query parameters iff they are mandatory to identify the resource: specifically acl, torrent, logging and location.

In processing the URI, three formats can be distinguished:##uri

1. uri including default service hostname, with bucket name and object name (if any) in path

...

1. uri with bucket name prepended the service hostname, i.e. subdomain style

...

1. uri with virtual hostname matching bucket name, providing that the bucket name is a DNS entry providing a CNAME for the entry as if it were a subdomain.

In the current implementation of the solution we are concentrating on the first two of these.

...

A hibernate layer coordinates between the business logic executed in the rest servlet and the SQL definitions in the MySQL database. See also Appendix 2.

Appendix

Usage

...

1. Get CloudStack running on the latest 3.0.x series

...

1. Enable the S3 API by setting the flag enable.s3.api to 'true' in the configuration table. This can be done through the UI or directly in MySQL:
   update configuration set value='true' where name='enable.s3.api';

...

1. Choose a local filesystem path where the objects will be stored. We can mount an NFS store or use the local filesystem. E.g,:

...

1. • mkdir -p /mnt/s3

...

1. • Ensure that the 'cloud' user can write to this directory

...

1. Edit the file $TOMCAT_HOME/conf/cloud-bridge.properties:

...

1. • host=http://localhost:8080/awsapi

...

1. • 
     storage.multipartDir=_multipartuploads_
     bucket.dns=false
     storage.root=<mount point or filesystem path>
     serviceEndpoint=localhost:8080

...

1. Restart CloudStack.

...

1. Obtain API and secret keys for a user (available in the Admin ui under Accounts -> Users)

...

1. • CloudStack Api key = this is the same as the AWS access key id

...

1. • CloudStack Secret key = this is the same as the AWS secret access key

...

1. Generate a private key and a self-signed X.509 certificate. Substitute your own desired storage location for /path/to/… below.

...

1. • $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 <http://rsa:2048/

...

1. • > -keyout /path/to/private_key.pem -out /path/to/cert.pem

...

1. Register the mapping from the X.509 certificate to your accounts API keys with CloudStack.

...

1. • $ cloudstack-aws-api-register --apikey=<User’s Cloudstack API key> --secretkey=<User’s CloudStack Secret key> --cert=</path/to/cert.pem> --url=http://<cloudstack-server>:8080/awsapi/rest/AmazonS3

...

1. Configure the boto S3Connection object as follows:

calling_format= OrdinaryCallingFormat()

connection = S3Connection(aws_access_key_id=<your api key>,
aws_secret_access_key=<your secret key>
is_secure=False,
host='<cloudstack-server>',
port=7080,
calling_format=calling_format,
path="/awsapi/rest/AmazonS3")

...