| Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
userdoc:tt_s3_object_storage_client [2024/07/03 10:52]
abelbeck [Custom Firmware Repository] |
userdoc:tt_s3_object_storage_client [2024/07/06 08:41] (current)
abelbeck [Custom Firmware Repository] |
| S3FS_OPTIONS="nomultipart" | S3FS_OPTIONS="nomultipart" |
| |
| | !!Tip ->!! Cloudflare R2 (as of 2024/07), the ''nomixupload'' option is needed to write large files. |
| |
| \\ | \\ |
| ===== Custom Firmware Repository ===== | ===== Custom Firmware Repository ===== |
| |
| One interesting use case for ''s3fs'' is to provide a Read/Only mount to a S3 bucket containing a custom AstLinux firmware repository. | One interesting use case for ''s3fs'' is to provide a Read/Only mount to an S3 bucket containing a custom AstLinux firmware repository. |
| |
| Most S3 object storage providers offer files to be made "public" and accessed read-only via HTTPS (CORS). The problem is the "world" has access to the firmware. Firewall-ing is difficult, or not possible due to scattered devices. | Most S3 object storage providers allow files to be made "public" and accessed read-only via HTTPS (CORS). The problem is the "world" has access to the firmware. Restricting with a firewall is difficult, or not possible due to scattered devices. |
| |
| Alternatively, in the same way use S3 object storage, but keep the S3 files "private" and access the firmware directly via ''s3fs'' using an access key with read-only privileges to a particular bucket. | Alternatively, in the same way using S3 object storage, but keep the S3 files "private" and access the firmware directly via ''s3fs'' using an access key with read-only privileges to a particular bucket. |
| |
| For this example, build a custom AstLinux run image and use ''s3cmd'' on the build VM to upload to a S3 bucket in AstLinux repository format, starting with ''custom-firmware-1.x'' | For this example, build a custom AstLinux run image and use ''s3cmd'' on the build system to upload to a S3 bucket in [[https://doc.astlinux-project.org/devdoc:devdoc_create_repository|AstLinux Private Repository]] format starting with the path ''custom-firmware-1.x'' |
| |
| Prefs tab -> System & Staff Tab Options -> Repository URL: | The ''s3fs'' configuration in the ''user.conf'' file would be similar to: |
| | |
| | S3FS_START="yes" |
| | S3FS_URL="https://us-east-1.linodeobjects.com" |
| | S3FS_BUCKET="unique-bucket-name" |
| | S3FS_PASSWD="linode-ro" |
| | S3FS_READONLY="yes" |
| | |
| | At Linode, create a Read/Only "Access Key" limited to the "unique-bucket-name" bucket. Place the ''ACCESS_KEY_ID:SECRET_ACCESS_KEY'' credentials in the file: ''/mnt/kd/s3fs/passwd/linode-ro'' |
| | |
| | In the AstLinux web interface Prefs Tab, define the "Repository URL:" as: |
| |
| file:///var/s3fs/mnt/custom-firmware-1.x | file:///var/s3fs/mnt/custom-firmware-1.x |
| |
| \\ | \\ |