文档中心API Explorer
ZHEN
文档中心ZCFZStack ZStone技术白皮书ZCF

Object Storage Service

S3 Interface

ZStack ZStone provides a RESTful API interface compatible with the S3 protocol, delivering object storage services for clusters.

Since the primary management service for each API type can register multiple subordinate services, a single API can ultimately correspond to multiple management services. Each management service maintains the Resources it supports and can itself be viewed as a type of Resource. Each Resource can also contain multiple Handlers, with each Handler containing multiple OPs. The following figure uses the S3 protocol API type as an example to show the specific operation of op_delete.

图 1. S3 Protocol API Type Relationship Diagram


Access Control Management

ZStack ZStone ensures data transmission and access security through a three-tier permission system: key pairs, user permissions, and bucket permissions.

Object User Permission Management

ZStack ZStone allows administrators to create multiple object users, with each user's data isolated and non-interfering. Accessing the object storage service requires authentication with your credentials, and only after successful authentication can data in the object storage be accessed.

The fundamental information required for authentication consists of an AccessKey and a SecretKey. After you creates an object user in ZStack ZStone, the system automatically generates a key pair. When you access object storage via an S3 client, the system authenticates the client request by verifying the consistency of the keys carried within the request.

Simultaneously, ZStack ZStone supports managing object user permissions and quotas.
  • Permission Management:
    The system supports configuring access permissions for object users at the bucket and object levels. By default, three permission types are available: Read, Write, and Delete.
    • Read: Object users with this permission can read bucket ACLs and list/download objects within a bucket. This permission cannot be deselected.
    • Write: Object users with this permission can create buckets, modify bucket ACLs, upload objects, and perform related write operations.
    • Delete: Object users with this permission can delete buckets and objects and others.
  • Quota Management:
    • Number of Buckets: Supports setting the maximum number of buckets a single object user can own.
    • Capacity: Supports setting the maximum capacity of objects a single object user can store.
    • Number of Objects: Supports setting the maximum number of objects a single object user can access or operate on.
    Note: In addition to user quotas, ZStack ZStone also supports setting per-bucket quotas for object users, specifying the capacity and object limits for a single object user within a single storage bucket.

Bucket Permission Management

Bucket permissions include Access Control Lists (ACL), bucket policies, and quotas bound to the object user.
  • Access Control List (ACL):
    ACLs control users' permissions for bucket operations. ZStack ZStone provides basic access control for buckets and objects.
    Permission Values Access Restrictions for Users
    READ Grants read access. Bucket: List objects within the bucket. Object: Read the object data.
    READ_ACP Grants permission to read ACL rules. Bucket: Read ACL rules of the bucket. Object: Read ACL rules of the object.
    WRITE Grants write access. Bucket: Create, delete, or overwrite objects within the bucket. Object: None.
    WRITE_ACP Grants permission to modify ACL rules. Bucket: Modify ACL rules of the bucket. Object: Modify ACL rules of the object.
    FULL_CONTROL Grants all of the above permissions.
  • Bucket Policy:
    Storage bucket policies use a JSON-based access policy language to supplement and extend ACLs. You can use these policies to grant access permissions to a bucket and its objects. Only the bucket owner can associate a policy with a bucket. Permissions attached to a bucket apply to all objects in buckets owned by the bucket owner.
    Note: The size limit for a storage bucket policy is 20 KB.
  • Object User-Bound Quotas:

    Storage buckets inherit controls from object user permissions. If an object user imposes a quota on a certain type of resource, the same quota restriction applies to the permissions of buckets bound to that object user.

Multipart Upload

ZStack ZStone supports the Multipart Upload mechanism, which allows an object to be divided into multiple parts for upload. Each part is a contiguous data block of the object, and these parts can be uploaded independently in any order. Therefore, if a part fails to upload, only that part requires retransmission, without impacting the rest. Once all parts are successfully uploaded, ZStack ZStone reassembles them sequentially into a complete object.
Note: When uploading an object in parts, each part occupies one object count quota. After successful upload and merging, the final object only occupies one quota.
The multipart upload mechanism of ZStack ZStone has the following advantages:
  • Enhanced Upload Throughput: Supports concurrent uploading of multiple data parts, thereby improving overall upload throughput.
  • Reduced Impact of Network Failures: Smaller size of data parts enables rapid retransmission recovery during network issues, significantly minimizing disruption.
  • Pausing or Cancelling Uploads on Demand: If an upload is paused, the uploaded parts remain preserved and can resume from the paused point upon starting. If an upload is canceled, the uploaded parts are deleted, and the entire file must be re-uploaded.

Storage Policy

A storage policy is a set of rules governing storage bucket allocation sources, data storage forms, and so on. It handles the mapping between storage buckets and storage pools, allocating data of different storage classes to corresponding storage pools. ZStack ZStone supports specifying 7 storage classes per storage policy, including storageclass_0 to storageclass_6, where storageclass_0 is the default storage class added by the system. You can add storage classes when creating a storage policy or on the storage policy details page. Each storage class corresponds to a separate data pool, and specifying a storage class directs object data to the designated data pool.

Data Compression

Data compression technology can perform lossless or lossy compression on data using compression algorithms, saving data storage space, reducing storage costs, and improving storage efficiency. ZStack ZStone utilizes the Snappy algorithm and supports enabling online compression via the web interface.

图 1. Data Compression Flowchart


图 2. Data Decompression Flowchart


上一篇Block Storage Service