Requirements

Any operation or management request must be authenticated with a signed request via Signature Version 2 or 4 of the Amazon S3 protocol of the corresponding S3 system user. To authenticate API requests, you need to create a system user. First, obtain the volume ID with the ostor-ctl get-config command. For example:

# ostor-ctl get-config -n 10.94.97.195
VOL_ID             TYPE     STATE
0100000000000002   OBJ      READY
...

Then, create a system user on any storage node in the cluster with the ostor-s3-admin create-user -S -e <email> command. For example:

# ostor-s3-admin create-user -S -e user@example.com -V 0100000000000002
UserEmail:user@example.com
UserId:a14040e0b2ef8b28
KeyPair[0]:S3AccessKeyId:a14040e0b2ef8b28FZZ8
KeyPair[0]:S3SecretAccessKey:dbwTnQTW602aAAdq8DQVFzB6yrTCFTNiGB8C8RFA
Flags:system

With this user, you can now authenticate further API requests for managing the S3 cluster. You can create multiple system accounts for different types of management operations.