Updated on 2022-08-16 GMT+08:00

Resource Preparation

Before using obsfs, you need to prepare the resources listed in Table 1.

Table 1 Resource preparation

Resource

Description

Operation Guide

IAM user

To ensure account and resource security, it is safer to create an IAM user and assign permissions to that user specifically for accessing OBS resources. Then use the IAM account to access obsfs.

NOTE:

The IAM user who uses obsfs to mount and access a parallel file system must have the same access permissions for OBS buckets. After an OBS role or policy is granted to an IAM user, the role or policy will apply to both OBS buckets and parallel file systems.

Creating an IAM User

Access keys (AK and SK)

Access keys (AK and SK) are used as credentials for your account and for IAM users. obsfs accesses OBS using access keys that are used to encrypt the signature of a request, ensuring the security and integrity of the request and that identities of the request sender and receiver are correct.

Creating Access Keys (AK and SK)

Parallel file system

A parallel file system is a container for storing data.

Creating a Parallel File System

Creating an IAM User

To ensure account and resource security, it is safer to create an IAM user and assign permissions to that user specifically for accessing OBS resources. Then use the IAM account to access obsfs.

  1. Log in to the management console using a cloud service account.
  2. On the top navigation menu, choose Service List > Management & Deployment > Identity and Access Management. The IAM console page is displayed.
  3. Create a user group and grant the OBS permissions to the user group.

    User groups facilitate centralized user management and streamlined permission management. Users in the same user group have the same permissions. Users created in IAM inherit permissions from the groups to which they belong.
    1. In the navigation pane on the left, click User Groups. The User Groups page is displayed.
    2. Click Create User Group.
    3. On the Create User Group page, enter a name for the user group and click OK.

      The user group is then displayed in the user group list.

    4. Click Assign Permissions in the Operation column of the row where the created user group resides.
    5. In the Group Permissions area, locate the row that displays Global service > OBS, click Attach Policy in the Operation column, select the policy name, and click OK.

      In the Policy Information area, you can view the details about the policy.

      Due to data caching, an RBAC policy and fine-grained policy involving OBS actions will take effect 10 to 15 minutes after it is attached to a user, a user group, or an enterprise project.

  4. Create a user.

    1. In the navigation pane on the left, click Users. The Users page is displayed.
    2. Click Create User.
    3. Set the user information and click Next.
      Table 2 User parameters

      Parameter

      Description

      Username

      The user name for logging in to the cloud service.

      Credential Type

      A credential refers to the identity credential used for user system authentication. In this example, password is selected.
      • Password: Used for accessing cloud services using the console or development tools.
      • Access key: Used for logging in to the cloud service using development tools. This credential type is more secure, and is recommended if the user does not need to use the console.

      User Groups

      The user will inherit the permissions granted to the user group. The default user group is admin, which has the administrator permissions and all of the permissions required to use all cloud resources.

      Description

      (Optional) brief description of the user

    4. Select a type for password generation, set the email address and mobile number, and click OK.

  5. Use the created IAM user to log in to OBS Console and verify the user permissions.

Creating Access Keys (AK and SK)

Access keys (AK and SK) are used as credentials for your account and for IAM users. obsfs accesses OBS using access keys that are used to encrypt the signature of a request, ensuring the security and integrity of the request and that identities of the request sender and receiver are correct. If you already have them, skip this part.

Each account or IAM user can create a maximum of two valid access keys.

Creating a Parallel File System

For details about how to create a parallel file system, see the Parallel File System Feature Guide.