====== IBM Cloud Object Storage ======

https://www.ibm.com/support/knowledgecenter/STXNRM_3.15.5/coss.doc/kc_welcome.html

===== Command line base setup =====

https://www.ibm.com/docs/en/STXNRM_3.13.6/coss.doc/pdfs/applianceConfiguration_bookmap.pdf

When you deploy base image, you have to choose the role of each appliance: manager, accessor, slicestor

Once installed you have to configure the network

LACP is supported but not VLAN tagging (for advanced config check the link to PDF)
<cli prompt='#'>
my-cos-s03# port list
PORT      ADDRESS           MAX SPEED  STATUS
em1       38:68:xx:xx:XX:XX 10000 Mbps up, 10000 Mbps, full-duplex
em2       38:68:xx:xx:XX:XX 10000 Mbps up, 10000 Mbps, full-duplex
</cli>

==== The Manager ====

First configure the manager (use FQN)
<cli prompt='#'>
manager# edit
manager (working)# channel data port eth0
manager (working)# channel data ip 10.10.10.10
manager (working)# channel data netmask 255.255.255.0
manager (working)# channel data gateway 10.10.10.1
manager (working)# system hostname my-cos-m01.mydom.com
manager (working)# system ntpservers 10.10.10.123
manager (working)# system dns 10.10.10.124
manager (working)# system organization IBM orgunit sales city Chicago state Illinois country US
manager (working)# activate
</cli>

Now you are ready to connect using a web browser
https://10.10.10.10/

//For info://
  Set the Company Name to which the node belongs.
    # system organization {IBM}
  Set the Department or Organizational Name to which the node belongs.
    # system orgunit {Popconfig}
  Set the City in which the node is located.
    # system city {Chicago}
  Set the State or Province in which the node is located.
    # system state {Illinois}
  Set the two letter (ISO Country code) for the Country in which the node is located.
    # system country {US}

==== The accessors and slicestors ====

Then configure the accessors and slicestors (without NTP, and specify manager)
<cli prompt='#'>
slicestor# edit
slicestor (working)# channel data port eth0
slicestor (working)# channel data ip 10.10.10.11
slicestor (working)# channel data netmask 255.255.255.0
slicestor (working)# channel data gateway 10.10.10.1
slicestor (working)# system hostname my-cos-s01.mydom.com
slicestor (working)# system dns 10.10.10.124
slicestor (working)# system organization IBM orgunit sales city Chicago state Illinois country US
slicestor (working)# activate
</cli>
Once IP is set, configure connection to manager
<cli prompt='#'>
slicestor# edit
slicestor (working)#  manager ip 10.10.10.10
Automatically accept the manager certificate when it is available? [y/N]: y
slicestor (working)# activate
</cli>

===== Additionnal commands =====

To switch to root:
<cli prompt='#'>
cos-s03# su
root@dcas-cos-s03:~# df -h
Filesystem                                                                 Size  Used Avail Use% Mounted on
udev                                                                        47G     0   47G   0% /dev
tmpfs                                                                      9.3G  1.3M  9.3G   1% /run
/dev/md126p2                                                               440G  9.1G  408G   3% /lib/live/mount/medium
...
</cli>

Version
<cli prompt='#'>
cos-s03# version
ClevOS 3.15.7.54
cos-s03# appliance
Model: IBM Cloud Object Storage Slicestor12
Serial Number: 4957-C10 78XXXX
</cli>

Health
<cli prompt='#'>
cos-s03# health state
...
cpu.1.temperature                   = OK
fan.controller.1.speed              = OK
fan.controller.2.speed              = OK
fan.controller.3.speed              = OK
fan.controller.4.speed              = OK
fan.controller.5.speed              = OK
fan.controller.6.speed              = OK
fan.controller.7.speed              = OK
fan.jbod1.1.speed                   = OK
fan.jbod1.2.speed                   = OK
fan.jbod1.3.speed                   = OK
fan.jbod1.4.speed                   = OK
psu.controller.Power Supply 1.status                               = OK
psu.controller.Power Supply 2.status                               = OK
psu.jbod1.PCM 0 Power Supply.status = OK
psu.jbod1.PCM 1 Power Supply.status = OK
drive.1dd98794-383b-46e1-9d12-d4f245e8eaa3:controller:front:0.temperature = OK
drive.1dd98794-383b-46e1-9d12-d4f245e8eaa3:controller:front:1.temperature = OK
drive.2d3e30ce-dafa-4ad2-b0ec-02ea4462fa26.status                  = ONLINE
drive.2d3e30ce-dafa-4ad2-b0ec-02ea4462fa26.temperature             = OK
drive.03b66381-0ee3-46de-b17a-5d5cc792daa8.status                  = ONLINE
drive.03b66381-0ee3-46de-b17a-5d5cc792daa8.temperature             = OK
drive.77a103e5-cd4a-43e7-8c9d-cb7f9a792cc3.status                  = ONLINE
drive.77a103e5-cd4a-43e7-8c9d-cb7f9a792cc3.temperature             = OK
...
</cli>


===== Application Spectrum Protect =====

Setup for Spectrum Protect
    * SecureSlice disabled
    * Name Index disabled
    * xxx enabled

CLOUDURL is limited to 255 characters, you can specify multiples accesser separated by "|"

Not recommended 
  * file level recovery is not possible
  * RTO sensitive workloads

===== Bucket Object Lock ====

https://github.com/aws/aws-cli


The Curl command didn't work so I used the aws s3 commands. (You need to have it installed for the commands to
work)
Please follow the steps below:
  * Enable Object Lock feature on Manager GUI
  * Enable Object Lock configuration on Storage Pool. Click on Configure button on Object Lock section.
  * Select Container vaults to enable Object Lock. Versioning enabled on selected Container vaults as well.
  * Create bucket and run commands to enable Versioning and Object Lock on the individual bucket.

__NOTE__ Enabling Object lock will not affect the existing vaults.

The below is an example which I tried in my lab to enable Versioning and then Object Lock. Maybe you can try
replicating the same to see if it works.

==== create bucket ====

<cli prompt='%'>
% curl -X PUT http://10.10.64.98:8337/container/testlockbucket -u jeff:password -d '{"storage_location":"cv1","service_instance":"jeff1"}' -H "Content-Type: application/json"
</cli>
<code>
{
"storage_location":"76c978d7-3e92-7946-11b8-2f8dd0e56865",
"name":"testlockbucket",
"service_instance":"jeff1",
"acl": {
"jeff1@00000000-0000-0000-0000-000000000002":["FULL_CONTROL"]
},
"retention_policy": {
"status":"COMPLIANCE",
"permanent_retention_enabled":false
},
"hard_quota":0,
"time_created":"2024-06-21T07:38:25.146Z",
"time_updated":"2024-06-21T07:38:25.155Z",
"versioning_state":"Disabled",
"has_replication":"Not Present"
}
</code>

==== check versioning status ==== 

<cli prompt='%'>
% aws s3api get-bucket-versioning --endpoint-url http://10.10.64.98 --bucket testlockbucket --profile jeff-lab2
</cli>

==== enable versioning ====

<cli prompt='%'>
% aws s3api put-bucket-versioning --endpoint-url http://10.10.64.98 --bucket testlockbucket --versioning-configuration
</cli>
<code>
Status=Enabled --profile jeff-lab2
</code>
<cli prompt='%'>
% aws s3api get-bucket-versioning --endpoint-url http://10.10.64.98 --bucket testlockbucket --profile jeff-lab2
</cli>
<code>
{
"Status": "Enabled"
}
</code>

==== check object lock status ====

<cli prompt='%'>
% aws s3api get-object-lock-configuration --endpoint-url http://10.10.64.98 --bucket testlockbucket --profile jeff-lab2
</cli>
<code>
An error occurred (ObjectLockConfigurationNotFoundError) when calling the GetObjectLockConfiguration operation:
Object Lock configuration does not exist for this bucket
</code>

==== enable object lock ==== 

<cli prompt='%'>
% aws s3api put-object-lock-configuration --endpoint-url http://10.10.64.98 --bucket testlockbucket --object-lock-configuration ObjectLockEnabled=Enabled --profile jeff-lab2
</cli>
<cli prompt='%'>
% aws s3api get-object-lock-configuration --endpoint-url http://10.10.64.98 --bucket testlockbucket --profile jeff-lab2
</cli>
<code>
{
"ObjectLockConfiguration": {
"ObjectLockEnabled": "Enabled"
}
}
</code>