mhkadhum opened a new pull request, #12124: URL: https://github.com/apache/cloudstack/pull/12124
### Description This PR adds support for a Dell EMC ECS S3 object storage plugin for Apache CloudStack. ECS is a software-defined object storage platform that supports both object and file-system protocols, with a focus on scalable and reliable object storage. We have been using ECS in production for three years, and this work extends CloudStack’s existing MinIO plugin to provide similar functionality for ECS. The implementation supports the full lifecycle of S3-compatible buckets on ECS, including user provisioning, bucket creation, policy management, versioning, creation-time encryption, and integration with CloudStack’s S3 Browser. All functionality has been tested in a lab environment on Ubuntu using a CloudStack development setup based on the official installation guidelines. Key architectural differences from MinIO: **Management API Integration** ECS requires use of the ECS Management API (port 4443, or 443 when fronted by HAProxy). CloudStack authenticates with management-user credentials to perform bucket and user operations. **Namespace Requirements** A dedicated ECS namespace is required for CloudStack-managed buckets. Multiple namespaces allow different CloudStack environments to share the same ECS cluster. **S3 Endpoints (Public and Private)** ECS exposes S3 services on ports 9020/9021 (non-TLS/TLS). In our deployment, these are routed through HAProxy and exposed externally on port 443. The Public URL is displayed to CloudStack users, while the Private URL is used internally. **TLS Handling** The “Allow Insecure HTTPS” option controls whether CloudStack accepts untrusted certificates when communicating with the ECS Management API. **User Provisioning Workflow** When a CloudStack user creates their first bucket, CloudStack provisions a corresponding ECS object user using the CloudStack UUID with a `cs-` prefix. ECS generates access and secret keys once, which CloudStack securely stores and reuses for subsequent bucket operations. Bucket features: - **Encryption:** Supported only during bucket creation; CloudStack hides encryption in the update view. - **Bucket Policy:** Supports Private and Public configurations. - **Versioning:** Fully supported through the S3 API rather than the Management API. - **Object Lock:** Not supported in this release; the UI hides the option and API calls return a clear error. Bucket modification supports quota changes, versioning updates, and policy changes. Encryption is excluded because ECS does not allow changing it after creation. CloudStack’s S3 Browser supports upload, download, delete, listing, and prefix filtering through the ECS S3 endpoint. ECS prevents deletion of non-empty buckets, and CloudStack surfaces these errors accordingly. We welcome review and feedback. The development fork is available here: https://github.com/mhkadhum/cloudstack ### Types of changes - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [x] New feature (non-breaking change which adds functionality) - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] Enhancement (improves an existing feature and functionality) - [ ] Cleanup (Code refactoring and cleanup, that may add test cases) - [ ] Build/CI - [ ] Test (unit or integration test code) ### Feature/Enhancement Scale or Bug Severity #### Feature/Enhancement Scale - [x] Major - [ ] Minor #### Bug Severity - [ ] BLOCKER - [ ] Critical - [ ] Major - [ ] Minor - [ ] Trivial ### Screenshots (if appropriate): <img width="722" height="743" alt="Screenshot from 2025-11-24 16-58-08" src="https://github.com/user-attachments/assets/0208acfe-6df8-46c6-9c89-3d32cceb9277"; /> <img width="708" height="558" alt="image" src="https://github.com/user-attachments/assets/95598ca4-dc29-4a99-9163-c346342132a6"; /> <img width="550" height="356" alt="image" src="https://github.com/user-attachments/assets/19cd98c1-2398-4cda-8832-be7fddbf024f"; /> ### How Has This Been Tested? The plugin was tested in an Ubuntu-based CloudStack development environment created by cloning the CloudStack source and following the official installation instructions. Testing included: - Management API authentication and namespace operations - Object-user provisioning and credential handling - Bucket creation, deletion, versioning, quota updates, and policy changes - S3 Browser operations (upload, download, delete, listing, prefix navigation) - Error handling for invalid configurations and unsupported Object Lock requests - TLS and insecure-TLS scenarios - HAProxy-fronted deployments for both Management API and S3 endpoints -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
