forked from TrueCloudLab/rclone
docs: fix hugo warning: found no layout file for "html" for kind "section"
Hugo has been making this warning for a while WARN found no layout file for "html" for kind "section": You should create a template file which matches Hugo Layouts Lookup Rules for this combination. It turned out to be - the arrangement of the oracle object storage docs and sub page - the fact that a section template was missing
This commit is contained in:
parent
fd182af866
commit
c1c9e209f3
4 changed files with 849 additions and 847 deletions
|
@ -1,845 +0,0 @@
|
|||
---
|
||||
title: "Oracle Object Storage"
|
||||
description: "Rclone docs for Oracle Object Storage"
|
||||
type: page
|
||||
versionIntroduced: "v1.60"
|
||||
---
|
||||
|
||||
# {{< icon "fa fa-cloud" >}} Oracle Object Storage
|
||||
- [Oracle Object Storage Overview](https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/objectstorageoverview.htm)
|
||||
- [Oracle Object Storage FAQ](https://www.oracle.com/cloud/storage/object-storage/faq/)
|
||||
- [Oracle Object Storage Limits](https://docs.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/oci-object-storage-best-practices.pdf)
|
||||
|
||||
Paths are specified as `remote:bucket` (or `remote:` for the `lsd` command.) You may put subdirectories in
|
||||
too, e.g. `remote:bucket/path/to/dir`.
|
||||
|
||||
Sample command to transfer local artifacts to remote:bucket in oracle object storage:
|
||||
|
||||
`rclone -vvv --progress --stats-one-line --max-stats-groups 10 --log-format date,time,UTC,longfile --fast-list --buffer-size 256Mi --oos-no-check-bucket --oos-upload-cutoff 10Mi --multi-thread-cutoff 16Mi --multi-thread-streams 3000 --transfers 3000 --checkers 64 --retries 2 --oos-chunk-size 10Mi --oos-upload-concurrency 10000 --oos-attempt-resume-upload --oos-leave-parts-on-error sync ./artifacts remote:bucket -vv`
|
||||
|
||||
## Configuration
|
||||
|
||||
Here is an example of making an oracle object storage configuration. `rclone config` walks you
|
||||
through it.
|
||||
|
||||
Here is an example of how to make a remote called `remote`. First run:
|
||||
|
||||
rclone config
|
||||
|
||||
This will guide you through an interactive setup process:
|
||||
|
||||
|
||||
```
|
||||
n) New remote
|
||||
d) Delete remote
|
||||
r) Rename remote
|
||||
c) Copy remote
|
||||
s) Set configuration password
|
||||
q) Quit config
|
||||
e/n/d/r/c/s/q> n
|
||||
|
||||
Enter name for new remote.
|
||||
name> remote
|
||||
|
||||
Option Storage.
|
||||
Type of storage to configure.
|
||||
Choose a number from below, or type in your own value.
|
||||
[snip]
|
||||
XX / Oracle Cloud Infrastructure Object Storage
|
||||
\ (oracleobjectstorage)
|
||||
Storage> oracleobjectstorage
|
||||
|
||||
Option provider.
|
||||
Choose your Auth Provider
|
||||
Choose a number from below, or type in your own string value.
|
||||
Press Enter for the default (env_auth).
|
||||
1 / automatically pickup the credentials from runtime(env), first one to provide auth wins
|
||||
\ (env_auth)
|
||||
/ use an OCI user and an API key for authentication.
|
||||
2 | you’ll need to put in a config file your tenancy OCID, user OCID, region, the path, fingerprint to an API key.
|
||||
| https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdkconfig.htm
|
||||
\ (user_principal_auth)
|
||||
/ use instance principals to authorize an instance to make API calls.
|
||||
3 | each instance has its own identity, and authenticates using the certificates that are read from instance metadata.
|
||||
| https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm
|
||||
\ (instance_principal_auth)
|
||||
/ use workload identity to grant Kubernetes pods policy-driven access to Oracle Cloud
|
||||
4 | Infrastructure (OCI) resources using OCI Identity and Access Management (IAM).
|
||||
| https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contenggrantingworkloadaccesstoresources.htm
|
||||
\ (workload_identity_auth)
|
||||
5 / use resource principals to make API calls
|
||||
\ (resource_principal_auth)
|
||||
6 / no credentials needed, this is typically for reading public buckets
|
||||
\ (no_auth)
|
||||
provider> 2
|
||||
|
||||
Option namespace.
|
||||
Object storage namespace
|
||||
Enter a value.
|
||||
namespace> idbamagbg734
|
||||
|
||||
Option compartment.
|
||||
Object storage compartment OCID
|
||||
Enter a value.
|
||||
compartment> ocid1.compartment.oc1..aaaaaaaapufkxc7ame3sthry5i7ujrwfc7ejnthhu6bhanm5oqfjpyasjkba
|
||||
|
||||
Option region.
|
||||
Object storage Region
|
||||
Enter a value.
|
||||
region> us-ashburn-1
|
||||
|
||||
Option endpoint.
|
||||
Endpoint for Object storage API.
|
||||
Leave blank to use the default endpoint for the region.
|
||||
Enter a value. Press Enter to leave empty.
|
||||
endpoint>
|
||||
|
||||
Option config_file.
|
||||
Full Path to OCI config file
|
||||
Choose a number from below, or type in your own string value.
|
||||
Press Enter for the default (~/.oci/config).
|
||||
1 / oci configuration file location
|
||||
\ (~/.oci/config)
|
||||
config_file> /etc/oci/dev.conf
|
||||
|
||||
Option config_profile.
|
||||
Profile name inside OCI config file
|
||||
Choose a number from below, or type in your own string value.
|
||||
Press Enter for the default (Default).
|
||||
1 / Use the default profile
|
||||
\ (Default)
|
||||
config_profile> Test
|
||||
|
||||
Edit advanced config?
|
||||
y) Yes
|
||||
n) No (default)
|
||||
y/n> n
|
||||
|
||||
Configuration complete.
|
||||
Options:
|
||||
- type: oracleobjectstorage
|
||||
- namespace: idbamagbg734
|
||||
- compartment: ocid1.compartment.oc1..aaaaaaaapufkxc7ame3sthry5i7ujrwfc7ejnthhu6bhanm5oqfjpyasjkba
|
||||
- region: us-ashburn-1
|
||||
- provider: user_principal_auth
|
||||
- config_file: /etc/oci/dev.conf
|
||||
- config_profile: Test
|
||||
Keep this "remote" remote?
|
||||
y) Yes this is OK (default)
|
||||
e) Edit this remote
|
||||
d) Delete this remote
|
||||
y/e/d> y
|
||||
```
|
||||
|
||||
See all buckets
|
||||
|
||||
rclone lsd remote:
|
||||
|
||||
Create a new bucket
|
||||
|
||||
rclone mkdir remote:bucket
|
||||
|
||||
List the contents of a bucket
|
||||
|
||||
rclone ls remote:bucket
|
||||
rclone ls remote:bucket --max-depth 1
|
||||
|
||||
## Authentication Providers
|
||||
|
||||
OCI has various authentication methods. To learn more about authentication methods please refer [oci authentication
|
||||
methods](https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdk_authentication_methods.htm)
|
||||
These choices can be specified in the rclone config file.
|
||||
|
||||
Rclone supports the following OCI authentication provider.
|
||||
|
||||
User Principal
|
||||
Instance Principal
|
||||
Resource Principal
|
||||
Workload Identity
|
||||
No authentication
|
||||
|
||||
### User Principal
|
||||
|
||||
Sample rclone config file for Authentication Provider User Principal:
|
||||
|
||||
[oos]
|
||||
type = oracleobjectstorage
|
||||
namespace = id<redacted>34
|
||||
compartment = ocid1.compartment.oc1..aa<redacted>ba
|
||||
region = us-ashburn-1
|
||||
provider = user_principal_auth
|
||||
config_file = /home/opc/.oci/config
|
||||
config_profile = Default
|
||||
|
||||
Advantages:
|
||||
- One can use this method from any server within OCI or on-premises or from other cloud provider.
|
||||
|
||||
Considerations:
|
||||
- you need to configure user’s privileges / policy to allow access to object storage
|
||||
- Overhead of managing users and keys.
|
||||
- If the user is deleted, the config file will no longer work and may cause automation regressions that use the user's credentials.
|
||||
|
||||
### Instance Principal
|
||||
|
||||
An OCI compute instance can be authorized to use rclone by using it's identity and certificates as an instance principal.
|
||||
With this approach no credentials have to be stored and managed.
|
||||
|
||||
Sample rclone configuration file for Authentication Provider Instance Principal:
|
||||
|
||||
[opc@rclone ~]$ cat ~/.config/rclone/rclone.conf
|
||||
[oos]
|
||||
type = oracleobjectstorage
|
||||
namespace = id<redacted>fn
|
||||
compartment = ocid1.compartment.oc1..aa<redacted>k7a
|
||||
region = us-ashburn-1
|
||||
provider = instance_principal_auth
|
||||
|
||||
Advantages:
|
||||
|
||||
- With instance principals, you don't need to configure user credentials and transfer/ save it to disk in your compute
|
||||
instances or rotate the credentials.
|
||||
- You don’t need to deal with users and keys.
|
||||
- Greatly helps in automation as you don't have to manage access keys, user private keys, storing them in vault,
|
||||
using kms etc.
|
||||
|
||||
Considerations:
|
||||
|
||||
- You need to configure a dynamic group having this instance as member and add policy to read object storage to that
|
||||
dynamic group.
|
||||
- Everyone who has access to this machine can execute the CLI commands.
|
||||
- It is applicable for oci compute instances only. It cannot be used on external instance or resources.
|
||||
|
||||
### Resource Principal
|
||||
|
||||
Resource principal auth is very similar to instance principal auth but used for resources that are not
|
||||
compute instances such as [serverless functions](https://docs.oracle.com/en-us/iaas/Content/Functions/Concepts/functionsoverview.htm).
|
||||
To use resource principal ensure Rclone process is started with these environment variables set in its process.
|
||||
|
||||
export OCI_RESOURCE_PRINCIPAL_VERSION=2.2
|
||||
export OCI_RESOURCE_PRINCIPAL_REGION=us-ashburn-1
|
||||
export OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM=/usr/share/model-server/key.pem
|
||||
export OCI_RESOURCE_PRINCIPAL_RPST=/usr/share/model-server/security_token
|
||||
|
||||
Sample rclone configuration file for Authentication Provider Resource Principal:
|
||||
|
||||
[oos]
|
||||
type = oracleobjectstorage
|
||||
namespace = id<redacted>34
|
||||
compartment = ocid1.compartment.oc1..aa<redacted>ba
|
||||
region = us-ashburn-1
|
||||
provider = resource_principal_auth
|
||||
|
||||
### Workload Identity
|
||||
Workload Identity auth may be used when running Rclone from Kubernetes pod on a Container Engine for Kubernetes (OKE) cluster.
|
||||
For more details on configuring Workload Identity, see [Granting Workloads Access to OCI Resources](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contenggrantingworkloadaccesstoresources.htm).
|
||||
To use workload identity, ensure Rclone is started with these environment variables set in its process.
|
||||
|
||||
export OCI_RESOURCE_PRINCIPAL_VERSION=2.2
|
||||
export OCI_RESOURCE_PRINCIPAL_REGION=us-ashburn-1
|
||||
|
||||
### No authentication
|
||||
|
||||
Public buckets do not require any authentication mechanism to read objects.
|
||||
Sample rclone configuration file for No authentication:
|
||||
|
||||
[oos]
|
||||
type = oracleobjectstorage
|
||||
namespace = id<redacted>34
|
||||
compartment = ocid1.compartment.oc1..aa<redacted>ba
|
||||
region = us-ashburn-1
|
||||
provider = no_auth
|
||||
|
||||
### Modification times and hashes
|
||||
|
||||
The modification time is stored as metadata on the object as
|
||||
`opc-meta-mtime` as floating point since the epoch, accurate to 1 ns.
|
||||
|
||||
If the modification time needs to be updated rclone will attempt to perform a server
|
||||
side copy to update the modification if the object can be copied in a single part.
|
||||
In the case the object is larger than 5Gb, the object will be uploaded rather than copied.
|
||||
|
||||
Note that reading this from the object takes an additional `HEAD` request as the metadata
|
||||
isn't returned in object listings.
|
||||
|
||||
The MD5 hash algorithm is supported.
|
||||
|
||||
### Multipart uploads
|
||||
|
||||
rclone supports multipart uploads with OOS which means that it can
|
||||
upload files bigger than 5 GiB.
|
||||
|
||||
Note that files uploaded *both* with multipart upload *and* through
|
||||
crypt remotes do not have MD5 sums.
|
||||
|
||||
rclone switches from single part uploads to multipart uploads at the
|
||||
point specified by `--oos-upload-cutoff`. This can be a maximum of 5 GiB
|
||||
and a minimum of 0 (ie always upload multipart files).
|
||||
|
||||
The chunk sizes used in the multipart upload are specified by
|
||||
`--oos-chunk-size` and the number of chunks uploaded concurrently is
|
||||
specified by `--oos-upload-concurrency`.
|
||||
|
||||
Multipart uploads will use `--transfers` * `--oos-upload-concurrency` *
|
||||
`--oos-chunk-size` extra memory. Single part uploads to not use extra
|
||||
memory.
|
||||
|
||||
Single part transfers can be faster than multipart transfers or slower
|
||||
depending on your latency from oos - the more latency, the more likely
|
||||
single part transfers will be faster.
|
||||
|
||||
Increasing `--oos-upload-concurrency` will increase throughput (8 would
|
||||
be a sensible value) and increasing `--oos-chunk-size` also increases
|
||||
throughput (16M would be sensible). Increasing either of these will
|
||||
use more memory. The default values are high enough to gain most of
|
||||
the possible performance without using too much memory.
|
||||
|
||||
{{< rem autogenerated options start" - DO NOT EDIT - instead edit fs.RegInfo in backend/oracleobjectstorage/oracleobjectstorage.go then run make backenddocs" >}}
|
||||
### Standard options
|
||||
|
||||
Here are the Standard options specific to oracleobjectstorage (Oracle Cloud Infrastructure Object Storage).
|
||||
|
||||
#### --oos-provider
|
||||
|
||||
Choose your Auth Provider
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: provider
|
||||
- Env Var: RCLONE_OOS_PROVIDER
|
||||
- Type: string
|
||||
- Default: "env_auth"
|
||||
- Examples:
|
||||
- "env_auth"
|
||||
- automatically pickup the credentials from runtime(env), first one to provide auth wins
|
||||
- "user_principal_auth"
|
||||
- use an OCI user and an API key for authentication.
|
||||
- you’ll need to put in a config file your tenancy OCID, user OCID, region, the path, fingerprint to an API key.
|
||||
- https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdkconfig.htm
|
||||
- "instance_principal_auth"
|
||||
- use instance principals to authorize an instance to make API calls.
|
||||
- each instance has its own identity, and authenticates using the certificates that are read from instance metadata.
|
||||
- https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm
|
||||
- "workload_identity_auth"
|
||||
- use workload identity to grant OCI Container Engine for Kubernetes workloads policy-driven access to OCI resources using OCI Identity and Access Management (IAM).
|
||||
- https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contenggrantingworkloadaccesstoresources.htm
|
||||
- "resource_principal_auth"
|
||||
- use resource principals to make API calls
|
||||
- "no_auth"
|
||||
- no credentials needed, this is typically for reading public buckets
|
||||
|
||||
#### --oos-namespace
|
||||
|
||||
Object storage namespace
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: namespace
|
||||
- Env Var: RCLONE_OOS_NAMESPACE
|
||||
- Type: string
|
||||
- Required: true
|
||||
|
||||
#### --oos-compartment
|
||||
|
||||
Object storage compartment OCID
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: compartment
|
||||
- Env Var: RCLONE_OOS_COMPARTMENT
|
||||
- Provider: !no_auth
|
||||
- Type: string
|
||||
- Required: true
|
||||
|
||||
#### --oos-region
|
||||
|
||||
Object storage Region
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: region
|
||||
- Env Var: RCLONE_OOS_REGION
|
||||
- Type: string
|
||||
- Required: true
|
||||
|
||||
#### --oos-endpoint
|
||||
|
||||
Endpoint for Object storage API.
|
||||
|
||||
Leave blank to use the default endpoint for the region.
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: endpoint
|
||||
- Env Var: RCLONE_OOS_ENDPOINT
|
||||
- Type: string
|
||||
- Required: false
|
||||
|
||||
#### --oos-config-file
|
||||
|
||||
Path to OCI config file
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: config_file
|
||||
- Env Var: RCLONE_OOS_CONFIG_FILE
|
||||
- Provider: user_principal_auth
|
||||
- Type: string
|
||||
- Default: "~/.oci/config"
|
||||
- Examples:
|
||||
- "~/.oci/config"
|
||||
- oci configuration file location
|
||||
|
||||
#### --oos-config-profile
|
||||
|
||||
Profile name inside the oci config file
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: config_profile
|
||||
- Env Var: RCLONE_OOS_CONFIG_PROFILE
|
||||
- Provider: user_principal_auth
|
||||
- Type: string
|
||||
- Default: "Default"
|
||||
- Examples:
|
||||
- "Default"
|
||||
- Use the default profile
|
||||
|
||||
### Advanced options
|
||||
|
||||
Here are the Advanced options specific to oracleobjectstorage (Oracle Cloud Infrastructure Object Storage).
|
||||
|
||||
#### --oos-storage-tier
|
||||
|
||||
The storage class to use when storing new objects in storage. https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/understandingstoragetiers.htm
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: storage_tier
|
||||
- Env Var: RCLONE_OOS_STORAGE_TIER
|
||||
- Type: string
|
||||
- Default: "Standard"
|
||||
- Examples:
|
||||
- "Standard"
|
||||
- Standard storage tier, this is the default tier
|
||||
- "InfrequentAccess"
|
||||
- InfrequentAccess storage tier
|
||||
- "Archive"
|
||||
- Archive storage tier
|
||||
|
||||
#### --oos-upload-cutoff
|
||||
|
||||
Cutoff for switching to chunked upload.
|
||||
|
||||
Any files larger than this will be uploaded in chunks of chunk_size.
|
||||
The minimum is 0 and the maximum is 5 GiB.
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: upload_cutoff
|
||||
- Env Var: RCLONE_OOS_UPLOAD_CUTOFF
|
||||
- Type: SizeSuffix
|
||||
- Default: 200Mi
|
||||
|
||||
#### --oos-chunk-size
|
||||
|
||||
Chunk size to use for uploading.
|
||||
|
||||
When uploading files larger than upload_cutoff or files with unknown
|
||||
size (e.g. from "rclone rcat" or uploaded with "rclone mount" they will be uploaded
|
||||
as multipart uploads using this chunk size.
|
||||
|
||||
Note that "upload_concurrency" chunks of this size are buffered
|
||||
in memory per transfer.
|
||||
|
||||
If you are transferring large files over high-speed links and you have
|
||||
enough memory, then increasing this will speed up the transfers.
|
||||
|
||||
Rclone will automatically increase the chunk size when uploading a
|
||||
large file of known size to stay below the 10,000 chunks limit.
|
||||
|
||||
Files of unknown size are uploaded with the configured
|
||||
chunk_size. Since the default chunk size is 5 MiB and there can be at
|
||||
most 10,000 chunks, this means that by default the maximum size of
|
||||
a file you can stream upload is 48 GiB. If you wish to stream upload
|
||||
larger files then you will need to increase chunk_size.
|
||||
|
||||
Increasing the chunk size decreases the accuracy of the progress
|
||||
statistics displayed with "-P" flag.
|
||||
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: chunk_size
|
||||
- Env Var: RCLONE_OOS_CHUNK_SIZE
|
||||
- Type: SizeSuffix
|
||||
- Default: 5Mi
|
||||
|
||||
#### --oos-max-upload-parts
|
||||
|
||||
Maximum number of parts in a multipart upload.
|
||||
|
||||
This option defines the maximum number of multipart chunks to use
|
||||
when doing a multipart upload.
|
||||
|
||||
OCI has max parts limit of 10,000 chunks.
|
||||
|
||||
Rclone will automatically increase the chunk size when uploading a
|
||||
large file of a known size to stay below this number of chunks limit.
|
||||
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: max_upload_parts
|
||||
- Env Var: RCLONE_OOS_MAX_UPLOAD_PARTS
|
||||
- Type: int
|
||||
- Default: 10000
|
||||
|
||||
#### --oos-upload-concurrency
|
||||
|
||||
Concurrency for multipart uploads.
|
||||
|
||||
This is the number of chunks of the same file that are uploaded
|
||||
concurrently.
|
||||
|
||||
If you are uploading small numbers of large files over high-speed links
|
||||
and these uploads do not fully utilize your bandwidth, then increasing
|
||||
this may help to speed up the transfers.
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: upload_concurrency
|
||||
- Env Var: RCLONE_OOS_UPLOAD_CONCURRENCY
|
||||
- Type: int
|
||||
- Default: 10
|
||||
|
||||
#### --oos-copy-cutoff
|
||||
|
||||
Cutoff for switching to multipart copy.
|
||||
|
||||
Any files larger than this that need to be server-side copied will be
|
||||
copied in chunks of this size.
|
||||
|
||||
The minimum is 0 and the maximum is 5 GiB.
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: copy_cutoff
|
||||
- Env Var: RCLONE_OOS_COPY_CUTOFF
|
||||
- Type: SizeSuffix
|
||||
- Default: 4.656Gi
|
||||
|
||||
#### --oos-copy-timeout
|
||||
|
||||
Timeout for copy.
|
||||
|
||||
Copy is an asynchronous operation, specify timeout to wait for copy to succeed
|
||||
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: copy_timeout
|
||||
- Env Var: RCLONE_OOS_COPY_TIMEOUT
|
||||
- Type: Duration
|
||||
- Default: 1m0s
|
||||
|
||||
#### --oos-disable-checksum
|
||||
|
||||
Don't store MD5 checksum with object metadata.
|
||||
|
||||
Normally rclone will calculate the MD5 checksum of the input before
|
||||
uploading it so it can add it to metadata on the object. This is great
|
||||
for data integrity checking but can cause long delays for large files
|
||||
to start uploading.
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: disable_checksum
|
||||
- Env Var: RCLONE_OOS_DISABLE_CHECKSUM
|
||||
- Type: bool
|
||||
- Default: false
|
||||
|
||||
#### --oos-encoding
|
||||
|
||||
The encoding for the backend.
|
||||
|
||||
See the [encoding section in the overview](/overview/#encoding) for more info.
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: encoding
|
||||
- Env Var: RCLONE_OOS_ENCODING
|
||||
- Type: Encoding
|
||||
- Default: Slash,InvalidUtf8,Dot
|
||||
|
||||
#### --oos-leave-parts-on-error
|
||||
|
||||
If true avoid calling abort upload on a failure, leaving all successfully uploaded parts for manual recovery.
|
||||
|
||||
It should be set to true for resuming uploads across different sessions.
|
||||
|
||||
WARNING: Storing parts of an incomplete multipart upload counts towards space usage on object storage and will add
|
||||
additional costs if not cleaned up.
|
||||
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: leave_parts_on_error
|
||||
- Env Var: RCLONE_OOS_LEAVE_PARTS_ON_ERROR
|
||||
- Type: bool
|
||||
- Default: false
|
||||
|
||||
#### --oos-attempt-resume-upload
|
||||
|
||||
If true attempt to resume previously started multipart upload for the object.
|
||||
This will be helpful to speed up multipart transfers by resuming uploads from past session.
|
||||
|
||||
WARNING: If chunk size differs in resumed session from past incomplete session, then the resumed multipart upload is
|
||||
aborted and a new multipart upload is started with the new chunk size.
|
||||
|
||||
The flag leave_parts_on_error must be true to resume and optimize to skip parts that were already uploaded successfully.
|
||||
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: attempt_resume_upload
|
||||
- Env Var: RCLONE_OOS_ATTEMPT_RESUME_UPLOAD
|
||||
- Type: bool
|
||||
- Default: false
|
||||
|
||||
#### --oos-no-check-bucket
|
||||
|
||||
If set, don't attempt to check the bucket exists or create it.
|
||||
|
||||
This can be useful when trying to minimise the number of transactions
|
||||
rclone does if you know the bucket exists already.
|
||||
|
||||
It can also be needed if the user you are using does not have bucket
|
||||
creation permissions.
|
||||
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: no_check_bucket
|
||||
- Env Var: RCLONE_OOS_NO_CHECK_BUCKET
|
||||
- Type: bool
|
||||
- Default: false
|
||||
|
||||
#### --oos-sse-customer-key-file
|
||||
|
||||
To use SSE-C, a file containing the base64-encoded string of the AES-256 encryption key associated
|
||||
with the object. Please note only one of sse_customer_key_file|sse_customer_key|sse_kms_key_id is needed.'
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: sse_customer_key_file
|
||||
- Env Var: RCLONE_OOS_SSE_CUSTOMER_KEY_FILE
|
||||
- Type: string
|
||||
- Required: false
|
||||
- Examples:
|
||||
- ""
|
||||
- None
|
||||
|
||||
#### --oos-sse-customer-key
|
||||
|
||||
To use SSE-C, the optional header that specifies the base64-encoded 256-bit encryption key to use to
|
||||
encrypt or decrypt the data. Please note only one of sse_customer_key_file|sse_customer_key|sse_kms_key_id is
|
||||
needed. For more information, see Using Your Own Keys for Server-Side Encryption
|
||||
(https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm)
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: sse_customer_key
|
||||
- Env Var: RCLONE_OOS_SSE_CUSTOMER_KEY
|
||||
- Type: string
|
||||
- Required: false
|
||||
- Examples:
|
||||
- ""
|
||||
- None
|
||||
|
||||
#### --oos-sse-customer-key-sha256
|
||||
|
||||
If using SSE-C, The optional header that specifies the base64-encoded SHA256 hash of the encryption
|
||||
key. This value is used to check the integrity of the encryption key. see Using Your Own Keys for
|
||||
Server-Side Encryption (https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm).
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: sse_customer_key_sha256
|
||||
- Env Var: RCLONE_OOS_SSE_CUSTOMER_KEY_SHA256
|
||||
- Type: string
|
||||
- Required: false
|
||||
- Examples:
|
||||
- ""
|
||||
- None
|
||||
|
||||
#### --oos-sse-kms-key-id
|
||||
|
||||
if using your own master key in vault, this header specifies the
|
||||
OCID (https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm) of a master encryption key used to call
|
||||
the Key Management service to generate a data encryption key or to encrypt or decrypt a data encryption key.
|
||||
Please note only one of sse_customer_key_file|sse_customer_key|sse_kms_key_id is needed.
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: sse_kms_key_id
|
||||
- Env Var: RCLONE_OOS_SSE_KMS_KEY_ID
|
||||
- Type: string
|
||||
- Required: false
|
||||
- Examples:
|
||||
- ""
|
||||
- None
|
||||
|
||||
#### --oos-sse-customer-algorithm
|
||||
|
||||
If using SSE-C, the optional header that specifies "AES256" as the encryption algorithm.
|
||||
Object Storage supports "AES256" as the encryption algorithm. For more information, see
|
||||
Using Your Own Keys for Server-Side Encryption (https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm).
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: sse_customer_algorithm
|
||||
- Env Var: RCLONE_OOS_SSE_CUSTOMER_ALGORITHM
|
||||
- Type: string
|
||||
- Required: false
|
||||
- Examples:
|
||||
- ""
|
||||
- None
|
||||
- "AES256"
|
||||
- AES256
|
||||
|
||||
#### --oos-description
|
||||
|
||||
Description of the remote.
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: description
|
||||
- Env Var: RCLONE_OOS_DESCRIPTION
|
||||
- Type: string
|
||||
- Required: false
|
||||
|
||||
## Backend commands
|
||||
|
||||
Here are the commands specific to the oracleobjectstorage backend.
|
||||
|
||||
Run them with
|
||||
|
||||
rclone backend COMMAND remote:
|
||||
|
||||
The help below will explain what arguments each command takes.
|
||||
|
||||
See the [backend](/commands/rclone_backend/) command for more
|
||||
info on how to pass options and arguments.
|
||||
|
||||
These can be run on a running backend using the rc command
|
||||
[backend/command](/rc/#backend-command).
|
||||
|
||||
### rename
|
||||
|
||||
change the name of an object
|
||||
|
||||
rclone backend rename remote: [options] [<arguments>+]
|
||||
|
||||
This command can be used to rename a object.
|
||||
|
||||
Usage Examples:
|
||||
|
||||
rclone backend rename oos:bucket relative-object-path-under-bucket object-new-name
|
||||
|
||||
|
||||
### list-multipart-uploads
|
||||
|
||||
List the unfinished multipart uploads
|
||||
|
||||
rclone backend list-multipart-uploads remote: [options] [<arguments>+]
|
||||
|
||||
This command lists the unfinished multipart uploads in JSON format.
|
||||
|
||||
rclone backend list-multipart-uploads oos:bucket/path/to/object
|
||||
|
||||
It returns a dictionary of buckets with values as lists of unfinished
|
||||
multipart uploads.
|
||||
|
||||
You can call it with no bucket in which case it lists all bucket, with
|
||||
a bucket or with a bucket and path.
|
||||
|
||||
{
|
||||
"test-bucket": [
|
||||
{
|
||||
"namespace": "test-namespace",
|
||||
"bucket": "test-bucket",
|
||||
"object": "600m.bin",
|
||||
"uploadId": "51dd8114-52a4-b2f2-c42f-5291f05eb3c8",
|
||||
"timeCreated": "2022-07-29T06:21:16.595Z",
|
||||
"storageTier": "Standard"
|
||||
}
|
||||
]
|
||||
|
||||
|
||||
### cleanup
|
||||
|
||||
Remove unfinished multipart uploads.
|
||||
|
||||
rclone backend cleanup remote: [options] [<arguments>+]
|
||||
|
||||
This command removes unfinished multipart uploads of age greater than
|
||||
max-age which defaults to 24 hours.
|
||||
|
||||
Note that you can use --interactive/-i or --dry-run with this command to see what
|
||||
it would do.
|
||||
|
||||
rclone backend cleanup oos:bucket/path/to/object
|
||||
rclone backend cleanup -o max-age=7w oos:bucket/path/to/object
|
||||
|
||||
Durations are parsed as per the rest of rclone, 2h, 7d, 7w etc.
|
||||
|
||||
|
||||
Options:
|
||||
|
||||
- "max-age": Max age of upload to delete
|
||||
|
||||
### restore
|
||||
|
||||
Restore objects from Archive to Standard storage
|
||||
|
||||
rclone backend restore remote: [options] [<arguments>+]
|
||||
|
||||
This command can be used to restore one or more objects from Archive to Standard storage.
|
||||
|
||||
Usage Examples:
|
||||
|
||||
rclone backend restore oos:bucket/path/to/directory -o hours=HOURS
|
||||
rclone backend restore oos:bucket -o hours=HOURS
|
||||
|
||||
This flag also obeys the filters. Test first with --interactive/-i or --dry-run flags
|
||||
|
||||
rclone --interactive backend restore --include "*.txt" oos:bucket/path -o hours=72
|
||||
|
||||
All the objects shown will be marked for restore, then
|
||||
|
||||
rclone backend restore --include "*.txt" oos:bucket/path -o hours=72
|
||||
|
||||
It returns a list of status dictionaries with Object Name and Status
|
||||
keys. The Status will be "RESTORED"" if it was successful or an error message
|
||||
if not.
|
||||
|
||||
[
|
||||
{
|
||||
"Object": "test.txt"
|
||||
"Status": "RESTORED",
|
||||
},
|
||||
{
|
||||
"Object": "test/file4.txt"
|
||||
"Status": "RESTORED",
|
||||
}
|
||||
]
|
||||
|
||||
|
||||
Options:
|
||||
|
||||
- "hours": The number of hours for which this object will be restored. Default is 24 hrs.
|
||||
|
||||
{{< rem autogenerated options stop >}}
|
||||
|
||||
## Tutorials
|
||||
### [Mounting Buckets](/oracleobjectstorage/tutorial_mount/)
|
|
@ -0,0 +1,845 @@
|
|||
---
|
||||
title: "Oracle Object Storage"
|
||||
description: "Rclone docs for Oracle Object Storage"
|
||||
type: page
|
||||
versionIntroduced: "v1.60"
|
||||
---
|
||||
|
||||
# {{< icon "fa fa-cloud" >}} Oracle Object Storage
|
||||
- [Oracle Object Storage Overview](https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/objectstorageoverview.htm)
|
||||
- [Oracle Object Storage FAQ](https://www.oracle.com/cloud/storage/object-storage/faq/)
|
||||
- [Oracle Object Storage Limits](https://docs.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/oci-object-storage-best-practices.pdf)
|
||||
|
||||
Paths are specified as `remote:bucket` (or `remote:` for the `lsd` command.) You may put subdirectories in
|
||||
too, e.g. `remote:bucket/path/to/dir`.
|
||||
|
||||
Sample command to transfer local artifacts to remote:bucket in oracle object storage:
|
||||
|
||||
`rclone -vvv --progress --stats-one-line --max-stats-groups 10 --log-format date,time,UTC,longfile --fast-list --buffer-size 256Mi --oos-no-check-bucket --oos-upload-cutoff 10Mi --multi-thread-cutoff 16Mi --multi-thread-streams 3000 --transfers 3000 --checkers 64 --retries 2 --oos-chunk-size 10Mi --oos-upload-concurrency 10000 --oos-attempt-resume-upload --oos-leave-parts-on-error sync ./artifacts remote:bucket -vv`
|
||||
|
||||
## Configuration
|
||||
|
||||
Here is an example of making an oracle object storage configuration. `rclone config` walks you
|
||||
through it.
|
||||
|
||||
Here is an example of how to make a remote called `remote`. First run:
|
||||
|
||||
rclone config
|
||||
|
||||
This will guide you through an interactive setup process:
|
||||
|
||||
|
||||
```
|
||||
n) New remote
|
||||
d) Delete remote
|
||||
r) Rename remote
|
||||
c) Copy remote
|
||||
s) Set configuration password
|
||||
q) Quit config
|
||||
e/n/d/r/c/s/q> n
|
||||
|
||||
Enter name for new remote.
|
||||
name> remote
|
||||
|
||||
Option Storage.
|
||||
Type of storage to configure.
|
||||
Choose a number from below, or type in your own value.
|
||||
[snip]
|
||||
XX / Oracle Cloud Infrastructure Object Storage
|
||||
\ (oracleobjectstorage)
|
||||
Storage> oracleobjectstorage
|
||||
|
||||
Option provider.
|
||||
Choose your Auth Provider
|
||||
Choose a number from below, or type in your own string value.
|
||||
Press Enter for the default (env_auth).
|
||||
1 / automatically pickup the credentials from runtime(env), first one to provide auth wins
|
||||
\ (env_auth)
|
||||
/ use an OCI user and an API key for authentication.
|
||||
2 | you’ll need to put in a config file your tenancy OCID, user OCID, region, the path, fingerprint to an API key.
|
||||
| https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdkconfig.htm
|
||||
\ (user_principal_auth)
|
||||
/ use instance principals to authorize an instance to make API calls.
|
||||
3 | each instance has its own identity, and authenticates using the certificates that are read from instance metadata.
|
||||
| https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm
|
||||
\ (instance_principal_auth)
|
||||
/ use workload identity to grant Kubernetes pods policy-driven access to Oracle Cloud
|
||||
4 | Infrastructure (OCI) resources using OCI Identity and Access Management (IAM).
|
||||
| https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contenggrantingworkloadaccesstoresources.htm
|
||||
\ (workload_identity_auth)
|
||||
5 / use resource principals to make API calls
|
||||
\ (resource_principal_auth)
|
||||
6 / no credentials needed, this is typically for reading public buckets
|
||||
\ (no_auth)
|
||||
provider> 2
|
||||
|
||||
Option namespace.
|
||||
Object storage namespace
|
||||
Enter a value.
|
||||
namespace> idbamagbg734
|
||||
|
||||
Option compartment.
|
||||
Object storage compartment OCID
|
||||
Enter a value.
|
||||
compartment> ocid1.compartment.oc1..aaaaaaaapufkxc7ame3sthry5i7ujrwfc7ejnthhu6bhanm5oqfjpyasjkba
|
||||
|
||||
Option region.
|
||||
Object storage Region
|
||||
Enter a value.
|
||||
region> us-ashburn-1
|
||||
|
||||
Option endpoint.
|
||||
Endpoint for Object storage API.
|
||||
Leave blank to use the default endpoint for the region.
|
||||
Enter a value. Press Enter to leave empty.
|
||||
endpoint>
|
||||
|
||||
Option config_file.
|
||||
Full Path to OCI config file
|
||||
Choose a number from below, or type in your own string value.
|
||||
Press Enter for the default (~/.oci/config).
|
||||
1 / oci configuration file location
|
||||
\ (~/.oci/config)
|
||||
config_file> /etc/oci/dev.conf
|
||||
|
||||
Option config_profile.
|
||||
Profile name inside OCI config file
|
||||
Choose a number from below, or type in your own string value.
|
||||
Press Enter for the default (Default).
|
||||
1 / Use the default profile
|
||||
\ (Default)
|
||||
config_profile> Test
|
||||
|
||||
Edit advanced config?
|
||||
y) Yes
|
||||
n) No (default)
|
||||
y/n> n
|
||||
|
||||
Configuration complete.
|
||||
Options:
|
||||
- type: oracleobjectstorage
|
||||
- namespace: idbamagbg734
|
||||
- compartment: ocid1.compartment.oc1..aaaaaaaapufkxc7ame3sthry5i7ujrwfc7ejnthhu6bhanm5oqfjpyasjkba
|
||||
- region: us-ashburn-1
|
||||
- provider: user_principal_auth
|
||||
- config_file: /etc/oci/dev.conf
|
||||
- config_profile: Test
|
||||
Keep this "remote" remote?
|
||||
y) Yes this is OK (default)
|
||||
e) Edit this remote
|
||||
d) Delete this remote
|
||||
y/e/d> y
|
||||
```
|
||||
|
||||
See all buckets
|
||||
|
||||
rclone lsd remote:
|
||||
|
||||
Create a new bucket
|
||||
|
||||
rclone mkdir remote:bucket
|
||||
|
||||
List the contents of a bucket
|
||||
|
||||
rclone ls remote:bucket
|
||||
rclone ls remote:bucket --max-depth 1
|
||||
|
||||
## Authentication Providers
|
||||
|
||||
OCI has various authentication methods. To learn more about authentication methods please refer [oci authentication
|
||||
methods](https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdk_authentication_methods.htm)
|
||||
These choices can be specified in the rclone config file.
|
||||
|
||||
Rclone supports the following OCI authentication provider.
|
||||
|
||||
User Principal
|
||||
Instance Principal
|
||||
Resource Principal
|
||||
Workload Identity
|
||||
No authentication
|
||||
|
||||
### User Principal
|
||||
|
||||
Sample rclone config file for Authentication Provider User Principal:
|
||||
|
||||
[oos]
|
||||
type = oracleobjectstorage
|
||||
namespace = id<redacted>34
|
||||
compartment = ocid1.compartment.oc1..aa<redacted>ba
|
||||
region = us-ashburn-1
|
||||
provider = user_principal_auth
|
||||
config_file = /home/opc/.oci/config
|
||||
config_profile = Default
|
||||
|
||||
Advantages:
|
||||
- One can use this method from any server within OCI or on-premises or from other cloud provider.
|
||||
|
||||
Considerations:
|
||||
- you need to configure user’s privileges / policy to allow access to object storage
|
||||
- Overhead of managing users and keys.
|
||||
- If the user is deleted, the config file will no longer work and may cause automation regressions that use the user's credentials.
|
||||
|
||||
### Instance Principal
|
||||
|
||||
An OCI compute instance can be authorized to use rclone by using it's identity and certificates as an instance principal.
|
||||
With this approach no credentials have to be stored and managed.
|
||||
|
||||
Sample rclone configuration file for Authentication Provider Instance Principal:
|
||||
|
||||
[opc@rclone ~]$ cat ~/.config/rclone/rclone.conf
|
||||
[oos]
|
||||
type = oracleobjectstorage
|
||||
namespace = id<redacted>fn
|
||||
compartment = ocid1.compartment.oc1..aa<redacted>k7a
|
||||
region = us-ashburn-1
|
||||
provider = instance_principal_auth
|
||||
|
||||
Advantages:
|
||||
|
||||
- With instance principals, you don't need to configure user credentials and transfer/ save it to disk in your compute
|
||||
instances or rotate the credentials.
|
||||
- You don’t need to deal with users and keys.
|
||||
- Greatly helps in automation as you don't have to manage access keys, user private keys, storing them in vault,
|
||||
using kms etc.
|
||||
|
||||
Considerations:
|
||||
|
||||
- You need to configure a dynamic group having this instance as member and add policy to read object storage to that
|
||||
dynamic group.
|
||||
- Everyone who has access to this machine can execute the CLI commands.
|
||||
- It is applicable for oci compute instances only. It cannot be used on external instance or resources.
|
||||
|
||||
### Resource Principal
|
||||
|
||||
Resource principal auth is very similar to instance principal auth but used for resources that are not
|
||||
compute instances such as [serverless functions](https://docs.oracle.com/en-us/iaas/Content/Functions/Concepts/functionsoverview.htm).
|
||||
To use resource principal ensure Rclone process is started with these environment variables set in its process.
|
||||
|
||||
export OCI_RESOURCE_PRINCIPAL_VERSION=2.2
|
||||
export OCI_RESOURCE_PRINCIPAL_REGION=us-ashburn-1
|
||||
export OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM=/usr/share/model-server/key.pem
|
||||
export OCI_RESOURCE_PRINCIPAL_RPST=/usr/share/model-server/security_token
|
||||
|
||||
Sample rclone configuration file for Authentication Provider Resource Principal:
|
||||
|
||||
[oos]
|
||||
type = oracleobjectstorage
|
||||
namespace = id<redacted>34
|
||||
compartment = ocid1.compartment.oc1..aa<redacted>ba
|
||||
region = us-ashburn-1
|
||||
provider = resource_principal_auth
|
||||
|
||||
### Workload Identity
|
||||
Workload Identity auth may be used when running Rclone from Kubernetes pod on a Container Engine for Kubernetes (OKE) cluster.
|
||||
For more details on configuring Workload Identity, see [Granting Workloads Access to OCI Resources](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contenggrantingworkloadaccesstoresources.htm).
|
||||
To use workload identity, ensure Rclone is started with these environment variables set in its process.
|
||||
|
||||
export OCI_RESOURCE_PRINCIPAL_VERSION=2.2
|
||||
export OCI_RESOURCE_PRINCIPAL_REGION=us-ashburn-1
|
||||
|
||||
### No authentication
|
||||
|
||||
Public buckets do not require any authentication mechanism to read objects.
|
||||
Sample rclone configuration file for No authentication:
|
||||
|
||||
[oos]
|
||||
type = oracleobjectstorage
|
||||
namespace = id<redacted>34
|
||||
compartment = ocid1.compartment.oc1..aa<redacted>ba
|
||||
region = us-ashburn-1
|
||||
provider = no_auth
|
||||
|
||||
### Modification times and hashes
|
||||
|
||||
The modification time is stored as metadata on the object as
|
||||
`opc-meta-mtime` as floating point since the epoch, accurate to 1 ns.
|
||||
|
||||
If the modification time needs to be updated rclone will attempt to perform a server
|
||||
side copy to update the modification if the object can be copied in a single part.
|
||||
In the case the object is larger than 5Gb, the object will be uploaded rather than copied.
|
||||
|
||||
Note that reading this from the object takes an additional `HEAD` request as the metadata
|
||||
isn't returned in object listings.
|
||||
|
||||
The MD5 hash algorithm is supported.
|
||||
|
||||
### Multipart uploads
|
||||
|
||||
rclone supports multipart uploads with OOS which means that it can
|
||||
upload files bigger than 5 GiB.
|
||||
|
||||
Note that files uploaded *both* with multipart upload *and* through
|
||||
crypt remotes do not have MD5 sums.
|
||||
|
||||
rclone switches from single part uploads to multipart uploads at the
|
||||
point specified by `--oos-upload-cutoff`. This can be a maximum of 5 GiB
|
||||
and a minimum of 0 (ie always upload multipart files).
|
||||
|
||||
The chunk sizes used in the multipart upload are specified by
|
||||
`--oos-chunk-size` and the number of chunks uploaded concurrently is
|
||||
specified by `--oos-upload-concurrency`.
|
||||
|
||||
Multipart uploads will use `--transfers` * `--oos-upload-concurrency` *
|
||||
`--oos-chunk-size` extra memory. Single part uploads to not use extra
|
||||
memory.
|
||||
|
||||
Single part transfers can be faster than multipart transfers or slower
|
||||
depending on your latency from oos - the more latency, the more likely
|
||||
single part transfers will be faster.
|
||||
|
||||
Increasing `--oos-upload-concurrency` will increase throughput (8 would
|
||||
be a sensible value) and increasing `--oos-chunk-size` also increases
|
||||
throughput (16M would be sensible). Increasing either of these will
|
||||
use more memory. The default values are high enough to gain most of
|
||||
the possible performance without using too much memory.
|
||||
|
||||
{{< rem autogenerated options start" - DO NOT EDIT - instead edit fs.RegInfo in backend/oracleobjectstorage/oracleobjectstorage.go then run make backenddocs" >}}
|
||||
### Standard options
|
||||
|
||||
Here are the Standard options specific to oracleobjectstorage (Oracle Cloud Infrastructure Object Storage).
|
||||
|
||||
#### --oos-provider
|
||||
|
||||
Choose your Auth Provider
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: provider
|
||||
- Env Var: RCLONE_OOS_PROVIDER
|
||||
- Type: string
|
||||
- Default: "env_auth"
|
||||
- Examples:
|
||||
- "env_auth"
|
||||
- automatically pickup the credentials from runtime(env), first one to provide auth wins
|
||||
- "user_principal_auth"
|
||||
- use an OCI user and an API key for authentication.
|
||||
- you’ll need to put in a config file your tenancy OCID, user OCID, region, the path, fingerprint to an API key.
|
||||
- https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdkconfig.htm
|
||||
- "instance_principal_auth"
|
||||
- use instance principals to authorize an instance to make API calls.
|
||||
- each instance has its own identity, and authenticates using the certificates that are read from instance metadata.
|
||||
- https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm
|
||||
- "workload_identity_auth"
|
||||
- use workload identity to grant OCI Container Engine for Kubernetes workloads policy-driven access to OCI resources using OCI Identity and Access Management (IAM).
|
||||
- https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contenggrantingworkloadaccesstoresources.htm
|
||||
- "resource_principal_auth"
|
||||
- use resource principals to make API calls
|
||||
- "no_auth"
|
||||
- no credentials needed, this is typically for reading public buckets
|
||||
|
||||
#### --oos-namespace
|
||||
|
||||
Object storage namespace
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: namespace
|
||||
- Env Var: RCLONE_OOS_NAMESPACE
|
||||
- Type: string
|
||||
- Required: true
|
||||
|
||||
#### --oos-compartment
|
||||
|
||||
Object storage compartment OCID
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: compartment
|
||||
- Env Var: RCLONE_OOS_COMPARTMENT
|
||||
- Provider: !no_auth
|
||||
- Type: string
|
||||
- Required: true
|
||||
|
||||
#### --oos-region
|
||||
|
||||
Object storage Region
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: region
|
||||
- Env Var: RCLONE_OOS_REGION
|
||||
- Type: string
|
||||
- Required: true
|
||||
|
||||
#### --oos-endpoint
|
||||
|
||||
Endpoint for Object storage API.
|
||||
|
||||
Leave blank to use the default endpoint for the region.
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: endpoint
|
||||
- Env Var: RCLONE_OOS_ENDPOINT
|
||||
- Type: string
|
||||
- Required: false
|
||||
|
||||
#### --oos-config-file
|
||||
|
||||
Path to OCI config file
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: config_file
|
||||
- Env Var: RCLONE_OOS_CONFIG_FILE
|
||||
- Provider: user_principal_auth
|
||||
- Type: string
|
||||
- Default: "~/.oci/config"
|
||||
- Examples:
|
||||
- "~/.oci/config"
|
||||
- oci configuration file location
|
||||
|
||||
#### --oos-config-profile
|
||||
|
||||
Profile name inside the oci config file
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: config_profile
|
||||
- Env Var: RCLONE_OOS_CONFIG_PROFILE
|
||||
- Provider: user_principal_auth
|
||||
- Type: string
|
||||
- Default: "Default"
|
||||
- Examples:
|
||||
- "Default"
|
||||
- Use the default profile
|
||||
|
||||
### Advanced options
|
||||
|
||||
Here are the Advanced options specific to oracleobjectstorage (Oracle Cloud Infrastructure Object Storage).
|
||||
|
||||
#### --oos-storage-tier
|
||||
|
||||
The storage class to use when storing new objects in storage. https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/understandingstoragetiers.htm
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: storage_tier
|
||||
- Env Var: RCLONE_OOS_STORAGE_TIER
|
||||
- Type: string
|
||||
- Default: "Standard"
|
||||
- Examples:
|
||||
- "Standard"
|
||||
- Standard storage tier, this is the default tier
|
||||
- "InfrequentAccess"
|
||||
- InfrequentAccess storage tier
|
||||
- "Archive"
|
||||
- Archive storage tier
|
||||
|
||||
#### --oos-upload-cutoff
|
||||
|
||||
Cutoff for switching to chunked upload.
|
||||
|
||||
Any files larger than this will be uploaded in chunks of chunk_size.
|
||||
The minimum is 0 and the maximum is 5 GiB.
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: upload_cutoff
|
||||
- Env Var: RCLONE_OOS_UPLOAD_CUTOFF
|
||||
- Type: SizeSuffix
|
||||
- Default: 200Mi
|
||||
|
||||
#### --oos-chunk-size
|
||||
|
||||
Chunk size to use for uploading.
|
||||
|
||||
When uploading files larger than upload_cutoff or files with unknown
|
||||
size (e.g. from "rclone rcat" or uploaded with "rclone mount" they will be uploaded
|
||||
as multipart uploads using this chunk size.
|
||||
|
||||
Note that "upload_concurrency" chunks of this size are buffered
|
||||
in memory per transfer.
|
||||
|
||||
If you are transferring large files over high-speed links and you have
|
||||
enough memory, then increasing this will speed up the transfers.
|
||||
|
||||
Rclone will automatically increase the chunk size when uploading a
|
||||
large file of known size to stay below the 10,000 chunks limit.
|
||||
|
||||
Files of unknown size are uploaded with the configured
|
||||
chunk_size. Since the default chunk size is 5 MiB and there can be at
|
||||
most 10,000 chunks, this means that by default the maximum size of
|
||||
a file you can stream upload is 48 GiB. If you wish to stream upload
|
||||
larger files then you will need to increase chunk_size.
|
||||
|
||||
Increasing the chunk size decreases the accuracy of the progress
|
||||
statistics displayed with "-P" flag.
|
||||
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: chunk_size
|
||||
- Env Var: RCLONE_OOS_CHUNK_SIZE
|
||||
- Type: SizeSuffix
|
||||
- Default: 5Mi
|
||||
|
||||
#### --oos-max-upload-parts
|
||||
|
||||
Maximum number of parts in a multipart upload.
|
||||
|
||||
This option defines the maximum number of multipart chunks to use
|
||||
when doing a multipart upload.
|
||||
|
||||
OCI has max parts limit of 10,000 chunks.
|
||||
|
||||
Rclone will automatically increase the chunk size when uploading a
|
||||
large file of a known size to stay below this number of chunks limit.
|
||||
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: max_upload_parts
|
||||
- Env Var: RCLONE_OOS_MAX_UPLOAD_PARTS
|
||||
- Type: int
|
||||
- Default: 10000
|
||||
|
||||
#### --oos-upload-concurrency
|
||||
|
||||
Concurrency for multipart uploads.
|
||||
|
||||
This is the number of chunks of the same file that are uploaded
|
||||
concurrently.
|
||||
|
||||
If you are uploading small numbers of large files over high-speed links
|
||||
and these uploads do not fully utilize your bandwidth, then increasing
|
||||
this may help to speed up the transfers.
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: upload_concurrency
|
||||
- Env Var: RCLONE_OOS_UPLOAD_CONCURRENCY
|
||||
- Type: int
|
||||
- Default: 10
|
||||
|
||||
#### --oos-copy-cutoff
|
||||
|
||||
Cutoff for switching to multipart copy.
|
||||
|
||||
Any files larger than this that need to be server-side copied will be
|
||||
copied in chunks of this size.
|
||||
|
||||
The minimum is 0 and the maximum is 5 GiB.
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: copy_cutoff
|
||||
- Env Var: RCLONE_OOS_COPY_CUTOFF
|
||||
- Type: SizeSuffix
|
||||
- Default: 4.656Gi
|
||||
|
||||
#### --oos-copy-timeout
|
||||
|
||||
Timeout for copy.
|
||||
|
||||
Copy is an asynchronous operation, specify timeout to wait for copy to succeed
|
||||
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: copy_timeout
|
||||
- Env Var: RCLONE_OOS_COPY_TIMEOUT
|
||||
- Type: Duration
|
||||
- Default: 1m0s
|
||||
|
||||
#### --oos-disable-checksum
|
||||
|
||||
Don't store MD5 checksum with object metadata.
|
||||
|
||||
Normally rclone will calculate the MD5 checksum of the input before
|
||||
uploading it so it can add it to metadata on the object. This is great
|
||||
for data integrity checking but can cause long delays for large files
|
||||
to start uploading.
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: disable_checksum
|
||||
- Env Var: RCLONE_OOS_DISABLE_CHECKSUM
|
||||
- Type: bool
|
||||
- Default: false
|
||||
|
||||
#### --oos-encoding
|
||||
|
||||
The encoding for the backend.
|
||||
|
||||
See the [encoding section in the overview](/overview/#encoding) for more info.
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: encoding
|
||||
- Env Var: RCLONE_OOS_ENCODING
|
||||
- Type: Encoding
|
||||
- Default: Slash,InvalidUtf8,Dot
|
||||
|
||||
#### --oos-leave-parts-on-error
|
||||
|
||||
If true avoid calling abort upload on a failure, leaving all successfully uploaded parts for manual recovery.
|
||||
|
||||
It should be set to true for resuming uploads across different sessions.
|
||||
|
||||
WARNING: Storing parts of an incomplete multipart upload counts towards space usage on object storage and will add
|
||||
additional costs if not cleaned up.
|
||||
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: leave_parts_on_error
|
||||
- Env Var: RCLONE_OOS_LEAVE_PARTS_ON_ERROR
|
||||
- Type: bool
|
||||
- Default: false
|
||||
|
||||
#### --oos-attempt-resume-upload
|
||||
|
||||
If true attempt to resume previously started multipart upload for the object.
|
||||
This will be helpful to speed up multipart transfers by resuming uploads from past session.
|
||||
|
||||
WARNING: If chunk size differs in resumed session from past incomplete session, then the resumed multipart upload is
|
||||
aborted and a new multipart upload is started with the new chunk size.
|
||||
|
||||
The flag leave_parts_on_error must be true to resume and optimize to skip parts that were already uploaded successfully.
|
||||
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: attempt_resume_upload
|
||||
- Env Var: RCLONE_OOS_ATTEMPT_RESUME_UPLOAD
|
||||
- Type: bool
|
||||
- Default: false
|
||||
|
||||
#### --oos-no-check-bucket
|
||||
|
||||
If set, don't attempt to check the bucket exists or create it.
|
||||
|
||||
This can be useful when trying to minimise the number of transactions
|
||||
rclone does if you know the bucket exists already.
|
||||
|
||||
It can also be needed if the user you are using does not have bucket
|
||||
creation permissions.
|
||||
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: no_check_bucket
|
||||
- Env Var: RCLONE_OOS_NO_CHECK_BUCKET
|
||||
- Type: bool
|
||||
- Default: false
|
||||
|
||||
#### --oos-sse-customer-key-file
|
||||
|
||||
To use SSE-C, a file containing the base64-encoded string of the AES-256 encryption key associated
|
||||
with the object. Please note only one of sse_customer_key_file|sse_customer_key|sse_kms_key_id is needed.'
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: sse_customer_key_file
|
||||
- Env Var: RCLONE_OOS_SSE_CUSTOMER_KEY_FILE
|
||||
- Type: string
|
||||
- Required: false
|
||||
- Examples:
|
||||
- ""
|
||||
- None
|
||||
|
||||
#### --oos-sse-customer-key
|
||||
|
||||
To use SSE-C, the optional header that specifies the base64-encoded 256-bit encryption key to use to
|
||||
encrypt or decrypt the data. Please note only one of sse_customer_key_file|sse_customer_key|sse_kms_key_id is
|
||||
needed. For more information, see Using Your Own Keys for Server-Side Encryption
|
||||
(https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm)
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: sse_customer_key
|
||||
- Env Var: RCLONE_OOS_SSE_CUSTOMER_KEY
|
||||
- Type: string
|
||||
- Required: false
|
||||
- Examples:
|
||||
- ""
|
||||
- None
|
||||
|
||||
#### --oos-sse-customer-key-sha256
|
||||
|
||||
If using SSE-C, The optional header that specifies the base64-encoded SHA256 hash of the encryption
|
||||
key. This value is used to check the integrity of the encryption key. see Using Your Own Keys for
|
||||
Server-Side Encryption (https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm).
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: sse_customer_key_sha256
|
||||
- Env Var: RCLONE_OOS_SSE_CUSTOMER_KEY_SHA256
|
||||
- Type: string
|
||||
- Required: false
|
||||
- Examples:
|
||||
- ""
|
||||
- None
|
||||
|
||||
#### --oos-sse-kms-key-id
|
||||
|
||||
if using your own master key in vault, this header specifies the
|
||||
OCID (https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm) of a master encryption key used to call
|
||||
the Key Management service to generate a data encryption key or to encrypt or decrypt a data encryption key.
|
||||
Please note only one of sse_customer_key_file|sse_customer_key|sse_kms_key_id is needed.
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: sse_kms_key_id
|
||||
- Env Var: RCLONE_OOS_SSE_KMS_KEY_ID
|
||||
- Type: string
|
||||
- Required: false
|
||||
- Examples:
|
||||
- ""
|
||||
- None
|
||||
|
||||
#### --oos-sse-customer-algorithm
|
||||
|
||||
If using SSE-C, the optional header that specifies "AES256" as the encryption algorithm.
|
||||
Object Storage supports "AES256" as the encryption algorithm. For more information, see
|
||||
Using Your Own Keys for Server-Side Encryption (https://docs.cloud.oracle.com/Content/Object/Tasks/usingyourencryptionkeys.htm).
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: sse_customer_algorithm
|
||||
- Env Var: RCLONE_OOS_SSE_CUSTOMER_ALGORITHM
|
||||
- Type: string
|
||||
- Required: false
|
||||
- Examples:
|
||||
- ""
|
||||
- None
|
||||
- "AES256"
|
||||
- AES256
|
||||
|
||||
#### --oos-description
|
||||
|
||||
Description of the remote.
|
||||
|
||||
Properties:
|
||||
|
||||
- Config: description
|
||||
- Env Var: RCLONE_OOS_DESCRIPTION
|
||||
- Type: string
|
||||
- Required: false
|
||||
|
||||
## Backend commands
|
||||
|
||||
Here are the commands specific to the oracleobjectstorage backend.
|
||||
|
||||
Run them with
|
||||
|
||||
rclone backend COMMAND remote:
|
||||
|
||||
The help below will explain what arguments each command takes.
|
||||
|
||||
See the [backend](/commands/rclone_backend/) command for more
|
||||
info on how to pass options and arguments.
|
||||
|
||||
These can be run on a running backend using the rc command
|
||||
[backend/command](/rc/#backend-command).
|
||||
|
||||
### rename
|
||||
|
||||
change the name of an object
|
||||
|
||||
rclone backend rename remote: [options] [<arguments>+]
|
||||
|
||||
This command can be used to rename a object.
|
||||
|
||||
Usage Examples:
|
||||
|
||||
rclone backend rename oos:bucket relative-object-path-under-bucket object-new-name
|
||||
|
||||
|
||||
### list-multipart-uploads
|
||||
|
||||
List the unfinished multipart uploads
|
||||
|
||||
rclone backend list-multipart-uploads remote: [options] [<arguments>+]
|
||||
|
||||
This command lists the unfinished multipart uploads in JSON format.
|
||||
|
||||
rclone backend list-multipart-uploads oos:bucket/path/to/object
|
||||
|
||||
It returns a dictionary of buckets with values as lists of unfinished
|
||||
multipart uploads.
|
||||
|
||||
You can call it with no bucket in which case it lists all bucket, with
|
||||
a bucket or with a bucket and path.
|
||||
|
||||
{
|
||||
"test-bucket": [
|
||||
{
|
||||
"namespace": "test-namespace",
|
||||
"bucket": "test-bucket",
|
||||
"object": "600m.bin",
|
||||
"uploadId": "51dd8114-52a4-b2f2-c42f-5291f05eb3c8",
|
||||
"timeCreated": "2022-07-29T06:21:16.595Z",
|
||||
"storageTier": "Standard"
|
||||
}
|
||||
]
|
||||
|
||||
|
||||
### cleanup
|
||||
|
||||
Remove unfinished multipart uploads.
|
||||
|
||||
rclone backend cleanup remote: [options] [<arguments>+]
|
||||
|
||||
This command removes unfinished multipart uploads of age greater than
|
||||
max-age which defaults to 24 hours.
|
||||
|
||||
Note that you can use --interactive/-i or --dry-run with this command to see what
|
||||
it would do.
|
||||
|
||||
rclone backend cleanup oos:bucket/path/to/object
|
||||
rclone backend cleanup -o max-age=7w oos:bucket/path/to/object
|
||||
|
||||
Durations are parsed as per the rest of rclone, 2h, 7d, 7w etc.
|
||||
|
||||
|
||||
Options:
|
||||
|
||||
- "max-age": Max age of upload to delete
|
||||
|
||||
### restore
|
||||
|
||||
Restore objects from Archive to Standard storage
|
||||
|
||||
rclone backend restore remote: [options] [<arguments>+]
|
||||
|
||||
This command can be used to restore one or more objects from Archive to Standard storage.
|
||||
|
||||
Usage Examples:
|
||||
|
||||
rclone backend restore oos:bucket/path/to/directory -o hours=HOURS
|
||||
rclone backend restore oos:bucket -o hours=HOURS
|
||||
|
||||
This flag also obeys the filters. Test first with --interactive/-i or --dry-run flags
|
||||
|
||||
rclone --interactive backend restore --include "*.txt" oos:bucket/path -o hours=72
|
||||
|
||||
All the objects shown will be marked for restore, then
|
||||
|
||||
rclone backend restore --include "*.txt" oos:bucket/path -o hours=72
|
||||
|
||||
It returns a list of status dictionaries with Object Name and Status
|
||||
keys. The Status will be "RESTORED"" if it was successful or an error message
|
||||
if not.
|
||||
|
||||
[
|
||||
{
|
||||
"Object": "test.txt"
|
||||
"Status": "RESTORED",
|
||||
},
|
||||
{
|
||||
"Object": "test/file4.txt"
|
||||
"Status": "RESTORED",
|
||||
}
|
||||
]
|
||||
|
||||
|
||||
Options:
|
||||
|
||||
- "hours": The number of hours for which this object will be restored. Default is 24 hrs.
|
||||
|
||||
{{< rem autogenerated options stop >}}
|
||||
|
||||
## Tutorials
|
||||
### [Mounting Buckets](/oracleobjectstorage/tutorial_mount/)
|
|
@ -1,9 +1,8 @@
|
|||
---
|
||||
title: "Oracle Object Storage Mount"
|
||||
description: "Oracle Object Storage mounting tutorial"
|
||||
slug: tutorial_mount
|
||||
url: /oracleobjectstorage/tutorial_mount/
|
||||
---
|
||||
|
||||
# {{< icon "fa fa-cloud" >}} Mount Buckets and Expose via NFS Tutorial
|
||||
This runbook shows how to [mount](/commands/rclone_mount/) *Oracle Object Storage* buckets as local file system in
|
||||
OCI compute Instance using rclone tool.
|
||||
|
|
3
docs/layouts/_default/section.html
Normal file
3
docs/layouts/_default/section.html
Normal file
|
@ -0,0 +1,3 @@
|
|||
{{ define "main" }}
|
||||
{{ .Content }}
|
||||
{{ end }}
|
Loading…
Reference in a new issue