This document will walk you through the steps required to set up Yarkon Server with an S3 compatible storage provider, such as CEPH or Wasabi. The document highlights the differences in the set up compared to the generic AWS S3 set up. Make sure to review the Getting Started manual before proceeding with this document.
Depending on the capabilities of your storage provider, some of the features available to AWS S3 users may not be available when using a compatible provider.
The first step is to set up the proper connection information for your provider. In Yarkon Server, this is handled through ENV variables provided to the server.
Set up in EC2
When using an EC2 instance of Yarkon Server, the recommended method to pass ENV variables to the application is using the configuration file used by the pm2 process manager which is running the application. In a standard install of Yarkon Server, this file is named yarkon-server.pm2.json and is located in the folder /var/app/current. Make sure to restart the server after changing this file.
The following sample shows how to update the config file for Wasabi (just replace the sample access key with yours):
The below image shows how the Yarkon Admin Console page would look when set up with Wasabi.
Set up in Docker
When using a dockerized instance of Yarkon Server, the following sample shows how to set it up to run with Wasabi:
Follow the instructions provider by your provider to set up the access policies. At the very least, the access policy must be similar to this generic one used with AWS S3:
Make sure to replace the <account-number> with your account number.
Details (see the Sid attributes for reference):
AllowAllS3Actions – allows the Yarkon Server full access to S3. If you want to limit the usage of Yarkon in your organization to a predefined set of buckets, replace the statement with the below:
AllowUIToDisplayIAMOptions – only required when using Federated or Integrated security models. The Yarkon Server does not need IAM access when set to use the Shared security model. This setting has no impact on the permissions granted to end users. If you only intend to use the Shared model, you can remove it.
AllowTheRoleToGetPermissions – only required when using the Integrated security model. You can remove it if using any of the other models. Also, the role name specified, yarkons3-console-role assumes this is the name you’d be using for the IAM role required (see below). If you choose a different name, make sure to update here.
AllowTheRoleToFederate – only required when using the Federated security model. You can remove it if using any of the other models.
As mentioned above, some of the features available to users of AWS S3, might not be available when using other storage providers. Use the Features page of the Yarkon Admin Console to turn off features that are not supported.