Configuring OpenStack EC2 credentials
The credentials that are used on the Amazon S3 and Elastic Compute Cloud (EC2) APIs are different from the credentials that are used by the OpenStack API. As a result, you must generate these special credentials to use them when accessing the IBM Spectrum Scale™ OpenStack services.
- Source openrc with the admin credentials.
- Create EC2 credential by running this command:
openstack credential create –-type ec2 –-project <project> <user> '{“access”: <aws_access_key>, “secret”: <aws_secret_key>}'Note: Ensure to use Keystone UUIDs rather than names if duplicate user/project names exist across domains. Additionally, the admin users should be able to list and delete access/secrets for a specific user/project. - View all EC2 credentials by running this command:
openstack credential list openstack credential show <credential-id> - You can change your Access Key ID and Secret Access Key if necessary.
It is recommended to have regular rotation of these keys and switching applications to use the new pair.
Change the EC2 credentials by running this command:openstack credential set –type ec2 –data '{“access”: <access>, “secret”: <secret>}' --project <project> <credential-id> - Delete the EC2 credentials by running this
command:
openstack credential delete <credential_id>The following example shows the creation of EC2 credentials using the admin project and the admin user IDs:
Where openrc contains:
export OS_AUTH_URL="http://127.0.0.1:35357/v3"
export OS_IDENTITY_API_VERSION=3
export OS_AUTH_VERSION=3 export
OS_USERNAME="admin"
export OS_PASSWORD="Passw0rd"
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_PROJECT_DOMAIN_NAME=Default
source openrc
You are now ready to connect to the IBM Spectrum Scale Object store using the Amazon S3 API. You can connect with any S3-enabled client.openstack credential create --type ec2 --project admin admin '{"access": "022AB06E7MXBSH9DHM02", "secret": "pWculUX4JEDGM/LtmEENI/aVmYvHNif5zB+d9+ct"}'