diff options
Diffstat (limited to 'doc/administration/object_storage.md')
| -rw-r--r-- | doc/administration/object_storage.md | 55 |
1 files changed, 39 insertions, 16 deletions
diff --git a/doc/administration/object_storage.md b/doc/administration/object_storage.md index 9a9b2811cf0..0862921f0d7 100644 --- a/doc/administration/object_storage.md +++ b/doc/administration/object_storage.md @@ -345,7 +345,7 @@ gitlab_rails['object_store']['connection'] = { If you use ADC, be sure that: - The service account that you use has the -[`iam.serviceAccounts.signBlob` permission](https://cloud.google.com/iam/docs/reference/credentials/rest/v1/projects.serviceAccounts/signBlob). + [`iam.serviceAccounts.signBlob` permission](https://cloud.google.com/iam/docs/reference/credentials/rest/v1/projects.serviceAccounts/signBlob). Typically this is done by granting the `Service Account Token Creator` role to the service account. - Your virtual machines have the [correct access scopes to access Google Cloud APIs](https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#changeserviceaccountandscopes). If the machines do not have the right scope, the error logs may show: @@ -431,6 +431,29 @@ gitlab_rails['object_store']['connection'] = { The signature version must be `2`. Using v4 results in a HTTP 411 Length Required error. For more information, see [issue #4419](https://gitlab.com/gitlab-org/gitlab/-/issues/4419). +### Hitachi Vantara HCP + +NOTE: +Connections to HCP may return an error stating `SigntureDoesNotMatch - The request signature we calculated does not match the signature you provided. Check your HCP Secret Access key and signing method.` In these cases, set the `endpoint` to the URL of the tenant instead of the namespace, and ensure bucket paths are configured as `<namespace_name>/<bucket_name>`. + +[HCP](https://knowledge.hitachivantara.com/Documents/Storage/HCP_for_Cloud_Scale/1.0.0/Adminstering_HCP_for_cloud_scale/Getting_started/02_Support_for_Amazon_S3_API) provides an S3-compatible API. Use the following configuration example: + +```ruby +gitlab_rails['object_store']['connection'] = { + 'provider' => 'AWS', + 'endpoint' => 'https://<tenant_endpoint>', + 'path_style' => true, + 'region' => 'eu1', + 'aws_access_key_id' => 'ACCESS_KEY', + 'aws_secret_access_key' => 'SECRET_KEY', + 'aws_signature_version' => 4, + 'enable_signature_v4_streaming' => false +} + +# Example of <namespace_name/bucket_name> formatting +gitlab_rails['object_store']['objects']['artifacts']['bucket'] = '<namespace_name>/<bucket_name>' +``` + ## Full example using the consolidated form and Amazon S3 The following example uses AWS S3 to enable object storage for all supported services: @@ -874,28 +897,28 @@ When not proxying files, GitLab returns an This can result in some of the following problems: - If GitLab is using non-secure HTTP to access the object storage, clients may generate -`https->http` downgrade errors and refuse to process the redirect. The solution to this -is for GitLab to use HTTPS. LFS, for example, generates this error: + `https->http` downgrade errors and refuse to process the redirect. The solution to this + is for GitLab to use HTTPS. LFS, for example, generates this error: - ```plaintext - LFS: lfsapi/client: refusing insecure redirect, https->http - ``` + ```plaintext + LFS: lfsapi/client: refusing insecure redirect, https->http + ``` - Clients need to trust the certificate authority that issued the object storage -certificate, or may return common TLS errors such as: + certificate, or may return common TLS errors such as: - ```plaintext - x509: certificate signed by unknown authority - ``` + ```plaintext + x509: certificate signed by unknown authority + ``` - Clients need network access to the object storage. -Network firewalls could block access. -Errors that might result -if this access is not in place include: + Network firewalls could block access. + Errors that might result + if this access is not in place include: - ```plaintext - Received status code 403 from server: Forbidden - ``` + ```plaintext + Received status code 403 from server: Forbidden + ``` - Object storage buckets need to allow Cross-Origin Resource Sharing (CORS) access from the URL of the GitLab instance. Attempting to load |