This operation enables you to configure information about the global location service (GLS) and regional location service (RLS), KMS encryption server, and authentication information.
Procedure
- Choose Settings > Object Service Settings > External Service.
- Set the external service parameters. Table 1 describes related parameters.
Table 1 External service parameters Parameter
Description
GLS Public Primary Service Address
Indicates the public primary service address of the GLS. Set the value to the service plane IP address of any storage node in the default region.
[Value range]
The value can be an IPv4 address or domain name. A domain name contains 3 to 253 characters, including lowercase letters, digits, and hyphens (-), and cannot start or end with a hyphen (-). The domain name must contain a second-level domain name. Each subdomain name contains 1 to 63 characters and is separated from each other using periods (.). The top-level domain name cannot contain digits only.
[Example]
192.168.1.100
GLS Internal Primary Service Address
Indicates the internal primary service address of the GLS. Set the value to the service plane IP address of any storage node in the default region.
[Value range]
The value can be an IPv4 address or domain name. A domain name contains 3 to 253 characters, including lowercase letters, digits, and hyphens (-), and cannot start or end with a hyphen (-). The domain name must contain a second-level domain name. Each subdomain name contains 1 to 63 characters and is separated from each other using periods (.). The top-level domain name cannot contain digits only.
[Example]
192.168.1.100
RLS Primary Service Address
Indicates the primary service address of the RLS. Set the value to the service plane IP address of any storage node in the current region.
[Value range]
The value can be an IPv4 address or domain name. A domain name contains 3 to 253 characters, including lowercase letters, digits, and hyphens (-), and cannot start or end with a hyphen (-). The domain name must contain a second-level domain name. Each subdomain name contains 1 to 63 characters and is separated from each other using periods (.). The top-level domain name cannot contain digits only.
[Example]
192.168.1.100
KMS Encryption Server
Indicates the IP address of the KMS encryption server.
[Value range]
- The value must start with http or https.
- The value can be an IPv4 address or domain name. A domain name contains 3 to 253 characters, including lowercase letters, digits, and hyphens (-), and cannot start or end with a hyphen (-). The domain name must contain a second-level domain name. Each subdomain name contains 1 to 63 characters and is separated from each other using periods (.). The top-level domain name cannot contain digits only.
- The port ranges from 1 to 65535 and is optional.
- The path can contain lowercase letters, digits, and special characters !#$&'()*+,/:;=?@[]-_.~, and is optional.
[Example]
https://10.100.100.100:30443/path
- Modify authentication information.Modify the authentication information based on the authentication type set during the initialization of the object service.
When you modify the system authentication information, if services are being processed during the switchover, the ongoing services will fail, and existing accounts cannot access data. You are advised to perform the operation during off-peak hours.
- POE authentication
Table 2 describes related parameters.
Table 2 POE authentication parameters Parameter
Description
URL
Indicates the URL of the POE authentication server.
NOTE:Set the value to the POE authentication service domain name in the default region.
[Value range]
- The value can be an IPv4 address or domain name. A domain name contains 3 to 253 characters, including lowercase letters, digits, and hyphens (-) and cannot start or end with a hyphen (-). The domain name must contain a second-level domain name. Each subdomain name contains 1 to 63 characters and is separated from each other using periods (.). The top-level domain name cannot contain digits only.
- The port ranges from 1 to 65535 and is optional.
- The path can contain lowercase letters, digits, and special characters !#$&'()*+,/:;=?@[]-_.~, and is optional.
[Example]
192.168.1.1:30443 or www.test.com:30443
Access Certificate
Indicates the certificate of the POE authentication server.
Security Certificate
Indicates the certificate password of the POE authentication server.
- IAM authentication
Table 3 describes related parameters.
Table 3 IAM authentication parameters Parameter
Description
URL
Indicates the URL of the IAM authentication server.
[Value range]
- The value can be an IPv4 address or domain name. A domain name contains 3 to 253 characters, including lowercase letters, digits, and hyphens (-) and cannot start or end with a hyphen (-). The domain name must contain a second-level domain name. Each subdomain name contains 1 to 63 characters and is separated from each other using periods (.). The top-level domain name cannot contain digits only.
- The port ranges from 1 to 65535 and is optional.
- The path can contain lowercase letters, digits, and special characters !#$&'()*+,/:;=?@[]-_.~, and is optional.
[Example]
192.168.1.1:30443 or www.test.com:30443
Access Protocol
Indicates the protocol used for accessing the IAM authentication server.
Possible values are HTTP and HTTPS. The default value is HTTPS.
NOTE:Setting the access protocol to HTTP brings security risks. HTTPS is recommended.
Username
Indicates the user name for logging in to the IAM authentication server.
[Value range]
The user name contains 1 to 127 characters.
Password
Indicates the password of the logged-in user. The password contains 8 to 63 characters.
Domain ID
Indicates the domain ID of the IAM authentication server.
[Value range]
The domain ID contains 1 to 127 characters.
Project Name
Indicates the project name of IAM authentication.
[Value range]
The project name contains 1 to 63 characters.
- Keystone authentication
Table 4 describes related parameters.
Table 4 Keystone authentication parameters Parameter
Description
URL
Indicates the URL of the Keystone authentication server.
[Value range]
- The value can be an IPv4 address or domain name. A domain name contains 3 to 253 characters, including lowercase letters, digits, and hyphens (-) and cannot start or end with a hyphen (-). The domain name must contain a second-level domain name. Each subdomain name contains 1 to 63 characters and is separated from each other using periods (.). The top-level domain name cannot contain digits only.
- The port ranges from 1 to 65535 and is optional.
- The path can contain lowercase letters, digits, and special characters !#$&'()*+,/:;=?@[]-_.~, and is optional.
[Example]
192.168.1.1:30443 or www.test.com:30443
Access Protocol
Indicates the protocol used for accessing the Keystone authentication server.
Possible values are HTTP and HTTPS. The default value is HTTPS.
NOTE:Setting the access protocol to HTTP brings security risks. HTTPS is recommended.
Username
Indicates the user name for logging in to the Keystone authentication server
[Value range]
The user name contains 1 to 127 characters.
Password
Indicates the password of the logged-in user. The password contains 8 to 63 characters.
Domain ID
Indicates the domain ID of the Keystone authentication server.
[Value range]
The domain ID contains 1 to 127 characters.
Project Name
Indicates the project name of Keystone authentication.
[Value range]
The project name contains 1 to 63 characters.
- POE authentication
- Click Save.
Follow-up Procedure
After configuring or modifying external service parameters, you need to synchronize the modification to other clusters in the same region.