Professional Documents
Culture Documents
March 2016
Documentation for Oracle Storage Cloud Service
administrators and users that describes how to store and
manage content in the cloud.
Oracle Cloud Using Oracle Storage Cloud Service ,
E37261-17
Copyright © 2014, 2016, Oracle and/or its affiliates. All rights reserved.
Primary Authors: Lakshmi Mohan, Kumar Dhanagopal, Hemant Kapila, Robin Merrin, Rehan Iftikhar,
Anshuman Mishra
This software and related documentation are provided under a license agreement containing restrictions on
use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your
license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license,
transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse
engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is
prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If
you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on
behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software,
any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are
"commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-
specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the
programs, including any operating system, integrated software, any programs installed on the hardware,
and/or documentation, shall be subject to license terms and license restrictions applicable to the programs.
No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications.
It is not developed or intended for use in any inherently dangerous applications, including applications that
may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you
shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its
safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this
software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of
their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are
used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron,
the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro
Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content, products,
and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly
disclaim all warranties of any kind with respect to third-party content, products, and services unless
otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates
will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party
content, products, or services, except as set forth in an applicable agreement between you and Oracle.
Contents
iii
Listing Containers..................................................................................................................................... 2-5
Deleting Containers.................................................................................................................................. 2-7
Setting Container Metadata..................................................................................................................... 2-8
Setting Container ACLs................................................................................................................... 2-9
Setting Container Quotas .............................................................................................................. 2-12
Setting Custom Metadata for Containers ................................................................................... 2-13
Getting Container Metadata.................................................................................................................. 2-15
iv
C Java Code Samples for Using the File Transfer Manager API
v
vi
Preface
Using Oracle Storage Cloud Service describes how to access and use Oracle Storage
Cloud Service APIs to store and manage content in the cloud.
Topics:
• Audience
• Related Resources
• Conventions
Audience
Using Oracle Storage Cloud Service is intended for administrators and users who want to
store, access, and manage files and unstructured data in the cloud.
Related Resources
For more information, see these Oracle resources:
Conventions
The following text conventions are used in this document:
Convention Meaning
boldface Boldface type indicates graphical user interface elements associated
with an action, or terms defined in text or the glossary.
italic Italic type indicates book titles, emphasis, or placeholder variables for
which you supply particular values.
vii
Convention Meaning
monospace Monospace type indicates commands within a paragraph, URLs, code
in examples, text that appears on the screen, or text that you enter.
viii
1
Getting Started with Oracle Storage Cloud
Service
This section describes how to get started with Oracle Storage Cloud Service.
Topics:
Topics:
• With direct attached storage, such as the hard disk drive in a laptop, the operating
system underlying the applications manages data storage, retrieval, and
organization through a file system, which is a schema that the operating system uses
• In network-attached storage (NAS), the storage device is physically separate from the
servers hosting the applications. To the application hosts, the storage device is
available as a network drive. A network file system on the storage device manages
data storage, retrieval, and organization. NAS enables applications running on
multiple hosts to share storage. It enables centralized management of storage
resources and high performance over a local network. But this architecture is
feasible only within a limited geographical area, and it offers limited room for
scaling. Like in directly attached storage, in NAS as well, applications rely on the
underlying operating system and on the network file system of the storage device.
• Block storage enables applications such as OLTP databases that have high IOPS
(input/output operations per second) requirements to store and retrieve data
efficiently, by bypassing the host operating system and interacting directly with
virtual block devices. Chunks of data are stored in blocks, each with an address,
but with no other metadata. Applications decide where data is stored, and they
retrieve data by calling the appropriate block addresses directly. Block storage
optimizes storage for IOPS and block-based access and provides POSIX-compliant
file systems for Oracle Compute Cloud Service instances. It is limited in terms of
scalability and does not support the definition of granular metadata for stored data.
• An object is most commonly created by uploading a file. It can also be created from
ephemeral unstructured data. Objects are created within a container. A single
object can hold up to 5 GB of data, but multiple objects can be linked together to
hold more than 5 GB of contiguous data.
• The primary method for accessing Oracle Storage Cloud Service is through a
RESTful web service, which is based on OpenStack Swift. For information about
feature differences between Oracle Storage Cloud Service and OpenStack Swift, see
Interfaces to Oracle Storage Cloud Service. The service can be accessed from
anywhere over the Internet, at any time, and from any device.
• A Java library that wraps the RESTful web service is also available. No special
hardware is required to start using the service.
See Accessing Oracle Storage Cloud Service.
Replication to a geographically distant data center
After activating your Oracle Storage Cloud Service subscription, you must choose a
replication policy, which defines your primary data center and also specifies whether
your data should be replicated to a geographically distant (secondary) data center.
This feature enables recovery of data in the event of any disaster at the primary data
center. Data is written to the primary data center and replicated asynchronously to the
secondary data center. The primary and secondary data centers are eventually
consistent. In addition to being billed for storage capacity used at each data center,
you will also be billed for bandwidth used during replication between data centers.
For information about the available policies, see Selecting a Replication Policy for
Oracle Storage Cloud Service.
Note:
After you select a replication policy, you cannot change the policy.
Note: The REST API endpoint is the global namespace URL. You can find the
REST API endpoint in the Oracle Cloud My Services page, under the
Additional Information section, in the REST Endpoint field.
If the primary data center is unavailable, read requests to the global namespace URL
are routed to the secondary data center. This is known as failover. While the primary
data center is unavailable, write requests will fail with the 403 – Forbidden error.
When the primary data center is available again, all requests to the global namespace
URL are routed to the primary data center. This is known as failback.
Note: During failover and failback, the DNS records of your service instance’s
global namespace URL are updated to point to the currently active data
center. But for a short while after the DNS records are updated, usually a few
minutes, requests to the global namespace URL may return a 500–series error.
This error occurs because propagation of the DNS changes across all the
intermediate nodes on the Internet between your client and Oracle Public
Cloud may not yet have been completed. To continue using Oracle Storage
Cloud Service during DNS propagation, you can send requests directly to the
URL of the active data center (see About REST URLs for Oracle Storage Cloud
Service Resources). In the following situations, DNS propagation can take
longer than a few minutes:
• ISP DNS resolvers set their own DNS TTL values. Check about this with
your ISP provider.
Architectural Overview
The Oracle Storage Cloud Service architecture is highly available and redundant. It
provides support for external access methods, including customer applications, Java
SDK, and REST clients.
When objects are stored in Oracle Storage Cloud Service, the data is replicated across
multiple storage nodes in the data center. This replication strategy ensures that stored
object data can survive hardware failure. There can only be one Oracle Storage Cloud
service instance per identity domain.
The following diagram presents an architectural overview of Oracle Cloud Storage
Service:
RESTful Web Oracle Storage Cloud Service provides REST • About REST URLs for
Service API APIs based on OpenStack Swift. The Oracle Storage Cloud
following major additions have been made: Service Resources
• Centralized identity management across • Accessing Oracle
Oracle Cloud Storage Cloud Service
• Centralized reporting of usage metrics Using the REST API
Oracle Storage Cloud Service does not support • REST API for Standard
the following OpenStack Swift features: Storage in Oracle
Storage Cloud Service
• Object versioning
• REST API for Archive
• Static website support
Storage in Oracle
• Container synchronization
Storage Cloud Service
• Form post
• REST API for Identity
• Account ACLs in Oracle Storage Cloud
• Rate limits Service
The RESTful web service API is available
only over HTTPS.
Java Library A Java library that wraps the RESTful web • Operations Supported
service API. by RESTful API and
The Java library supports most of the major Java Library
features of the RESTful web service API. • Accessing Oracle
Storage Cloud Service
The Java library also provides client-side
Using the Java Library
encryption utilities.
• Java API Reference for
Oracle Storage Cloud
Service
Oracle Storage Oracle Storage Cloud Software Appliance is a • Getting Started with
Cloud Software tool that you can install on-premises and then Oracle Storage Cloud
Appliance use to easily connect your on-premises Software Appliance in
applications and workflows to Oracle Storage Using Oracle Storage
Cloud Service. Cloud Software
Appliance
File Transfer File Transfer Manager API is a Java library • Java API Reference for
Manager API that provides a simple interface to upload or File Transfer Manager
download individual and multiple objects of API
various sizes to standard and archive • Java Code Samples for
containers in Oracle Cloud Storage Service. Using the File Transfer
To download the SDK, go to http:// Manager API
www.oracle.com/technetwork/topics/
cloud/downloads/index.html.
Upload CLI tool The Upload CLI tool is a cross-platform Java- • Uploading Files by
based command line tool that you can use to Using the Upload CLI
efficiently upload files to Oracle Storage Tool
Cloud Service.
Note: Oracle has certified certain third-party products for use with Oracle
Storage Cloud Service. For more information, see Certified Third-Party
Products.
Task RESTful API Java Library Oracle File Transfer Upload CLI
Storage Manager API Tool (version
Cloud (version 1) 2)
Software
Appliance
1.0
Setting Yes No No No No
account
metadata
Getting Yes No No No No
account
metadata
Task RESTful API Java Library Oracle File Transfer Upload CLI
Storage Manager API Tool (version
Cloud (version 1) 2)
Software
Appliance
1.0
Setting Yes No No No No
container
quotas
Deleting Yes No No No No
multiple
objects in one
operation
Updating Yes No No No No
special
metadata for
objects
Copying Yes No No No No
objects
Task RESTful API Java Library Oracle File Transfer Upload CLI
Storage Manager API Tool (version
Cloud (version 1) 2)
Software
Appliance
1.0
Supporting No No Yes No No
NFS protocol
Network No No Yes No No
throttling
Note:
• Create and configure your account on Oracle Cloud. For more information, see
Getting an Oracle.com Account in Getting Started with Oracle Cloud.
– The Java programming language, if you intend to use the Java library to access
Oracle Storage Cloud Service. Specifically, you must be familiar with reading
and writing local files using the InputStream interface
Request a trial or Provide your information, and sign up for a How to Begin with Oracle
purchase a free trial or purchase a subscription. After Storage Cloud Service
subscription to activation, create accounts for your users and Subscriptions
Oracle Storage assign them appropriate privileges and roles.
Cloud Service
Monitor the Check on the day-to-day operation of your Managing and Monitoring
service service, monitor performance, and review Oracle Cloud Services in
important notifications. Managing and Monitoring
Oracle Cloud
Access the Access the service through the REST API or Accessing Oracle Storage
service Java library interface. Cloud Service
1. Use any of the following subscription methods to start with Oracle Storage Cloud
Service:
2. Activate and verify the service. See Activating Your Trial Subscription or
Activating Your Order in Getting Started with Oracle Cloud.
4. Select a replication policy for your service. See Selecting a Replication Policy for
Oracle Storage Cloud Service.
5. Learn about the users and roles. See About Oracle Storage Cloud Service Roles and
Users.
6. Create accounts for your users and assign them appropriate privileges and roles.
See Managing User Accounts and Managing User Roles in Managing and Monitoring
Oracle Cloud.
This task is required for Oracle Storage Cloud Service accounts of any of the following
subscription types:
The My Services Dashboard is displayed. It lists the services that are assigned to
your account.
• If you see the warning, Replication Policy Not Set, you must select a replication
policy as described here.
Note: If you try to create containers and objects without first selecting a
replication policy, the requests will fail with the 403 Forbidden error.
• If you don’t see the Replication Policy Not Set warning, skip this procedure.
The Set Replication Policy dialog box appears. It displays the available data
centers and replication policies for your Oracle Storage Cloud Service instance.
4. Select a replication policy for your service instance as per your requirement.
Caution: Once you select a replication policy, you can’t change it. So select
your policy carefully.
6. Verify the selected replication policy details in the Confirm Replication Policy
Selection dialog box. Click Confirm.
To see the replication policy that you just selected for your Oracle Storage Cloud
Service instance, select View Details from the Actions menu. Alternatively,
click the Oracle Storage Cloud Service link in the Dashboard page. On the
resulting page, expand Service Details. The details of your Oracle Storage Cloud
Service instance are displayed. Look for the Replication Policy field, as highlighted
in the following screenshot.
You can now start creating containers and objects in Oracle Storage Cloud Service.
Topics:
• Accessing Oracle Storage Cloud Service Using Oracle Storage Cloud Software
Appliance
• cURL — cURL is a command-line tool that you can use to invoke REST API calls by
sending HTTP requests.
To use cURL, see http://curl.haxx.se and the tutorial, Installing cURL on Cygwin
on Windows.
• Web browsers — Support varies across vendors. Some browser plugins may be
needed for full support.
Many programming platforms (Java, Ruby, Perl, PHP, .NET, and so on) also meet
these requirements, although some may require the use of third party libraries for full
support. See your programming platform's documentation for guidance.
The REST API endpoint in the Oracle Cloud My Services page is the global namespace
URL. You can find the REST API endpoint in the Oracle Cloud My Services page,
under the Additional Information section, in the REST Endpoint field.
Topics:
3. Select View Details from the Actions menu. Alternatively, click the Oracle
Storage Cloud Service link on the Dashboard page.
On the resulting page, the details of your Oracle Storage Cloud Service instance
are displayed. The URL is displayed in the REST Endpoint field under the
Additional Information section.
The URL for the Oracle Storage Cloud Service REST API endpoint is in one of the
following formats:
• Global namespace URL for all customers: This is the URL that you see in My
Services.
Note: If your client applications use a URL from an early release of Oracle
Storage Cloud Service, you can update the applications to use the global
namespace URL.
• dataCenterCode is the identifier of the data center in which the service instance
is provisioned. For example, dataCenterCode is us2 for the data center in
Chicago, Illinois, U.S.A. and us6 for Ashburn, Virginia, U.S.A.
Note: These URLs are valid for any object in a Standard or Archive
container. To restore an object in an Archive container and to track the
progress of the restoration, the URL for an object named myObject5 in the
myArchiveContainer5 container would be https://
foo.storage.oraclecloud.com/v0/Storage–myIdentity3/
myArchiveContainer5/myObject5. Note the v0 API version in the URL.
Note: You cannot create archive containers by using the Java API.
1. Download the Oracle Storage Cloud Service Java SDK from: http://
www.oracle.com/technetwork/topics/cloud/downloads/cloud-service-java-
sdk-2121032.html
2. Extract the Java library's classes and runtime dependencies somewhere onto your
Java application's class path.
3. Import the Java library's classes and interfaces into your Java application.
For information about using the Java library to perform specific operations for
containers and objects, see Managing Containers in Oracle Storage Cloud Service and
Managing Objects in Oracle Storage Cloud Service.
Accessing Oracle Storage Cloud Service Using Oracle Storage Cloud Software
Appliance
Oracle Storage Cloud Software Appliance is a tool that you can install on-premises
and then use to easily connect your on-premises applications and workflows to Oracle
Storage Cloud Service.
Using Oracle Storage Cloud Software Appliance, your applications can interact with
Oracle Storage Cloud Service through standard file-based network protocols, without
invoking direct REST API calls to the service.
For information on the list of tasks that you can perform in your Oracle Storage Cloud
Service account using Oracle Storage Cloud Software Appliance, see Tasks Supported
by Different Interfaces of Oracle Storage Cloud Service.
Storage.Storage_Adm Users who are assigned this role can • Managing Containers
inistrator (Service perform the following tasks: in Oracle Storage
Administrator) • Perform all tasks for an Oracle Cloud Service
For nonmetered Storage Cloud Service instance, • Managing Objects in
subscriptions, the role including user management Oracle Storage Cloud
name would be • Monitor and manage service Service
service-instance- usage in Oracle Cloud
name.Storage_Admini • Grant roles to users
strator. • Create and delete containers
• Modify container ACLs
The account administrator can
create more storage administrators,
as required, by assigning this role.
Storage.Storage_Rea Users who are assigned this role can • Managing Containers
dWriteGroup perform the following tasks: in Oracle Storage
For nonmetered • Create, read, modify, and delete Cloud Service
subscriptions, the role objects within containers • Managing Objects in
name would be • List containers (note that they Oracle Storage Cloud
service-instance- cannot create, modify, or delete Service
name.Storage_ReadWr containers)
iteGroup. • List objects within containers
unless the roles has been
removed from the containers's
read ACL
Note that the containers ACLs can be rewritten. So while the predefined roles have
semantics based on the default behavior, access to a container is governed entirely by
the values set for the container's X-Container-Read and X-Container-Write
metadata fields, and not by the role. For more information, see Setting Special
Metadata on a Container.
Topics:
3. Select View Details from the Actions menu. Alternatively, click the Oracle
Storage Cloud Service link on the Dashboard page.
On the resulting page, the details of your Oracle Storage Cloud Service instance
are displayed.
4. Note the REST Endpoint URL, which is displayed in the REST Endpoint field
under the Additional Information section.
For example: https://foo.storage.oraclecloud.com/v1/Storage-
myIdentity3
When you send the GET request to the authentication URL that you just constructed,
include the user credentials in the following headers:
• X-Storage-User
• X-Storage-Pass: password
You can find out your user name, password, and identity domain from the “New
Account Information” email that you received from Oracle Cloud when your
account was set up, as shown in the following example:
If you don't have your “New Account Information” email, ask your account
administrator for your Oracle Cloud user name, password, and identity domain.
If your user credentials are not authenticated, the service returns an HTTP response
with a status code of 401 and no authentication token is returned.
If the credentials are authenticated, the service either returns the currently active
authentication token or generates a new authenticate token. Authentication tokens are
returned as the value of the HTTP header X-Auth-Token in the HTTP response.
Requesting an authentication token with credentials that already have an active
authentication token will not extend the expiration time of the existing authentication
token.
Here’s an example of a cURL command for requesting an authentication token:
curl -v -X GET \
-H "X-Storage-User: myService-myIdentity3:myUsername" \
-H "X-Storage-Pass: myPassword" \
https://foo.storage.oraclecloud.com/auth/v1.0
To use your authentication token, include it as the value of the X-Auth-Token HTTP
header in every HTTP request to the service instance. If your authentication token is
not valid, or has expired, the service returns an HTTP response with the status code
401 and the requested operation will fail. If the authentication token has expired, you
must request a new token. If you are reading publicly accessible objects, you do not
need to provide an authentication token in your HTTP request; anonymously
accessible objects do not need an authentication token.
Here’s an example of a cURL command for storing an object in an account using an
authentication token:
curl -v -X PUT \
-H "X-Auth-Token: AUTH_tk209f7f2ea1265a0d3f29d28a2dc8ced6" \
-d "Hello, World!" \
https://foo.storage.oraclecloud.com/v1/myService-myIdentity3/myContainer/
myObject
When using the Java library, you must pass your user credentials to a
CloudStorageConfig object. The CloudStorageConfig object is then passed to a
CloudStorageFactory object and, upon successful authentication, ultimately
returns a CloudStorage object. The CloudStorage object provides the methods for
all supported functionality to the service instance.
The following is an example of Java code for providing user credentials and creating
an object. The values used in this example are illustrative. While developing Java code
to use Oracle Storage Cloud Service, ensure that the code complies with the IT security
standards and requirements of your organization.
CloudStorageConfig myConfig = new CloudStorageConfig();
myConfig.setServiceName("myService-myIdentityDomainID")
.setUsername("myUsername")
.setPassword("myPassword".toCharArray())
.setServiceUrl("https://foo.storage.oraclecloud.com");
CloudStorage myConnection = CloudStorageFactory.getStorage(myConfig);
FileInputStream fis = new FileInputStream("hello_world.txt");
myConnection.storeObject("MyContainer", "hello_world.txt", "text/plain", fis);
To identify the service URL and service name (for the setServiceName and
setServiceUrl methods in this code example) of your Oracle Storage Cloud Service
instance:
The My Services Dashboard is displayed. It lists the services that are assigned to
your account.
3. From the Actions menu, select View Details. Alternatively, click the Oracle
Storage Cloud Service link in the Dashboard page.
On the resulting page, the details of your Oracle Storage Cloud Service instance are
displayed. Look for the REST Endpoint field in the Additional Information
section. You can see the details of the service URL and service name of your Oracle
Storage Cloud Service instance.
For example: https://foo.storage.oraclecloud.com/v1/Storage-
myIdentity3
In this example, the following are the service URL and name:
• X-Container-Read: Users can read objects and associated metadata in the given
container.
• X-Container-Read:
identity_domain_ID.storage_service.Storage_ReadOnlyGroup,iden
tity_domain_ID.storage_service.Storage_ReadWriteGroup
• X-Container-Write:
identity_domain_ID.storage_service.Storage_ReadWriteGroup
Example:
The following are the newly created container ACL values for a service instance
named Storage in an identity domain named myIdentity3.
• X-Container-Read:
myIdentityDomainID.Storage.Storage_ReadOnlyGroup,
myIdentityDomainID.Storage.Storage_ReadWriteGroup
• X-Container-Write:
myIdentityDomainID.Storage.Storage_ReadWriteGroup
To learn how to restrict read and write access to containers by using ACLs, see Setting
Container ACLs and the following tutorials:
• Oracle Storage Cloud Service: Restricting Read and Write Access to Containers Using the
REST API
• Oracle Storage Cloud Service: Restricting Read and Write Access to Containers Using the
Java Library
Topics:
• Creating Containers
• Listing Containers
• Deleting Containers
Creating Containers
A container is a storage compartment that provides a way to organize the data stored
in Oracle Storage Cloud Service.
Any user with the Service Administrator role can create containers. You should create
at least one container for your account. Containers are similar to a directory structure
but with a key distinction: unlike directories, containers cannot be nested. By default,
all containers are of the standard storage class (as opposed to the archive storage
class).
Note: Before you create your first container, make sure that the replication
policy has been set for your account. See Selecting a Replication Policy for
Oracle Storage Cloud Service.
For information about creating containers by using the Java library, see
createContainer in Java API Reference for Oracle Cloud Storage Service.
For information about creating containers by using the REST API, see:
• Create Container in REST API for Standard Storage in Oracle Storage Cloud Service
To create an archive container, you must set the X-Storage-Class header to
Archive. For more information, see Creating Archive Containers.
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources
• Failure: See Error Code Reference for Oracle Storage Cloud Service
For information about getting details of a container, see Getting Container Metadata.
Note:
• You can set X-Storage-Class only when creating a new container. After
you set X-Storage-Class, you cannot change it.
• Uploading files larger than 5 GB by using the dynamic large objects approach
• Bulk-creating objects
• Bulk-deleting objects
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources.
• Failure: See Error Code Reference for Oracle Storage Cloud Service
For information about getting details of an Archive container, see Getting Container
Metadata.
For creating objects in an Archive container, see Creating Objects.
Listing Containers
All containers within an account can be listed.
Any user within the identity domain can perform this task.
Containers are sorted lexicographically using memcmp(). All containers, up to 10000
by default, will be returned in the list, unless you filter the list by using any of the
following query parameters:
• limit: Limit the number of containers listed to the specified value. The default
and maximum value is 10000.
• marker: Return containers with names greater than the specified string.
• end_marker: Return containers with names less than the specified string.
• format: Return extended information about each returned container in either xml
or json format (REST API only).
For information about listing containers by using the Java library, see
listContainer in Java API Reference for Oracle Cloud Storage Service.
For information about listing containers by using the REST API, see List Endpoints in
REST API for Standard Storage in Oracle Storage Cloud Service.
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources.
• Success: 200 OK
Note: If there are no containers, the HTTP response code would be 204 OK.
• Failure: See Error Code Reference for Oracle Storage Cloud Service
This command lists the first 15 containers, lexicographically sorted, in the specified
account.
The following is an example of the output of this command:
* About to connect() to foo.storage.oraclecloud.com port 443 (#0)
* Trying 160.34.0.51... connected
* Connected to foo.storage.oraclecloud.com (160.34.0.51) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
* subject: CN=*.us2.oraclecloud.com,O=Oracle Corporation,L=Redwood
Shores,ST=California,C=US
* start date: Oct 22 00:00:00 2014 GMT
* expire date: Dec 21 23:59:59 2015 GMT
* common name: *.us2.oraclecloud.com
* issuer: CN=Symantec Class 3 Secure Server CA - G4,OU=Symantec Trust
Network,O=Symantec Corporation,C=US
> GET /v1/Storage-myIdentity3 HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/
1.2.3 libidn/1.18 libssh2/1.4.2
> Host: foo.storage.oraclecloud.com
> Accept: */*
> X-Auth-Token: AUTH_tk6403794c218a709d1c6c5a76444d01f6
>
< HTTP/1.1 200 OK
< Date: Fri, 06 Mar 2015 10:38:15 GMT
< Content-Length: 109
< X-Account-Container-Count: 3
< Accept-Ranges: bytes
< X-Account-Object-Count: 843
< X-Account-Bytes-Used: 10304761355
< X-Timestamp: 1412823447.62495
< X-Account-Meta-Test5: test1
Deleting Containers
All objects within a container must first be deleted before the container can be deleted.
To find out whether a container contains any objects, send a HEAD request to the
container URL.
Any user with the Service Administrator role can perform this task.
For information about deleting containers by using the Java library, see
deleteContainer in Java API Reference for Oracle Cloud Storage Service.
For information about deleting containers by using the REST API, see Delete
Container in REST API for Standard Storage in Oracle Storage Cloud Service.
For information about deleting multiple objects in a container in a single operation, see
Bulk-Deleting Objects.
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources.
• Failure: See Error Code Reference for Oracle Storage Cloud Service
Topics:
• The roles can be built-in roles or custom roles. Custom roles are defined in the My
Services Security page.
– For a role that was provisioned as part of another service instance, the format is
domainName.serviceName.roleName
• A referrer designation indicates the host (or hosts) for which read access to the
container should be allowed or denied. When the server receives a request for the
container, it compares the referrer designations specified in the X-Container-
Read ACL with the value of the Referer header in the request, and determines
whether access should be allowed or denied. The syntax of the referrer designation
is: .r:value
– value indicates the host for which access to the container should be allowed. It
can be a specific host name (example: .r:www.example.com), a domain
(example: .r:.example.com), or an asterisk (.r:*) to indicate all hosts. Note
that if .r:* is specified, objects in the container will be publicly readable
without authentication.
– By default, read access to a container does not include permission to list the
objects in the container. To allow listing of objects as well, include
the .rlistings directive in the ACL (example: .r:*,.rlistings).
For information about using the Java library to set container ACLs, see
setContainerAcl in Java API Reference for Oracle Cloud Storage Service.
For information about using the REST API to set container ACLs, see Create, update,
or delete container metadata in REST API for Standard Storage in Oracle Storage Cloud
Service.
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources.
• containerName is the name of the container for which the quota should be set.
For information about getting container ACLs, see Getting Container Metadata.
• Failure: See Error Code Reference for Oracle Storage Cloud Service
• Provide write access for any user with the predefined role,
Storage_ReadWriteGroup and the custom role, myCustomRole:
curl -v -X POST \
-H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
-H "X-Container-Write:
myDomain.Storage.Storage_ReadWriteGroup,myDomain.myCustomRole" \
https://foo.storage.oraclecloud.com/v1/Storage-myIdentity3/FirstContainer
• Provide read access for all hosts and also allow listing of the objects in the
container:
curl -v -X POST \
-H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
-H "X-Container-Read: .r:*,.rlistings" \
https://foo.storage.oraclecloud.com/v1/Storage-myDomain/FirstContainer
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• maxBytes is the maximum number of bytes of data that can be stored in the
container.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources.
• containerName is the name of the container for which the quota should be set.
• Failure: See Error Code Reference for Oracle Storage Cloud Service
For information about getting container quota, see Getting Container Metadata.
This command sets a quota of 10737418240 bytes (10 GB) and 100 objects for the
container named FirstContainer. The following is an example of the output of this
command:
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• Name and value are the metadata key and value to be created.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources.
• containerName is the name of the container for which custom metadata should
be created.
• Failure: See Error Code Reference for Oracle Storage Cloud Service
For information about getting custom container metadata, see Getting Container
Metadata.
< Content-Language: en
<
* Connection #0 to host foo.storage.oraclecloud.com left intact
* Closing connection #0
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources.
• Failure: See Error Code Reference for Oracle Storage Cloud Service
The following is an example of the output of this command for a Standard container:
* About to connect() to foo.storage.oraclecloud.com port 443 (#0)
* Trying 160.34.0.51... connected
* Connected to foo.storage.oraclecloud.com (160.34.0.51) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
* subject: CN=*.us2.oraclecloud.com,O=Oracle Corporation,L=Redwood
Shores,ST=California,C=US
* start date: Oct 22 00:00:00 2014 GMT
* expire date: Dec 21 23:59:59 2015 GMT
* common name: *.us2.oraclecloud.com
* issuer: CN=Symantec Class 3 Secure Server CA - G4,OU=Symantec Trust
Network,O=Symantec Corporation,C=US
> HEAD /v1/Storage-myIdentity3/FirstContainer HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/
1.2.3 libidn/1.18 libssh2/1.4.2
> Host: foo.storage.oraclecloud.com
> Accept: */*
> X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b
>
< HTTP/1.1 204 No Content
< Date: Fri, 06 Mar 2015 11:40:11 GMT
< X-Container-Object-Count: 0
< X-Container-Write: Storage-myIdentity3.Storage.Storage_ReadWriteGroup,Storage-
myIdentity3.myCustomRole
< X-Container-Meta-Category: Books
< Accept-Ranges: bytes
< X-Container-Meta-Quota-Count: 100
< X-Timestamp: 1425639066.56315
< X-Container-Read: .r:*,.rlistings
< X-Container-Bytes-Used: 0
< Content-Type: text/plain; charset=utf-8
< X-Container-Meta-Quota-Bytes: 10737418240
< X-Trans-Id: txb0b9882eceba45b287266-0054f9921b
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Language: en
<
* Connection #0 to host foo.storage.oraclecloud.com left intact
* Closing connection #0
This section provides documentation about managing objects in Oracle Storage Cloud
Service.
Topics:
• Creating Objects
– Bulk-Creating Objects
• Downloading Objects
• Deleting Objects
• Copying Objects
• Encrypting Objects
Generate an Generate an authentication token if you are accessing Authenticating Access When
authentication token the service through the REST API interface. If you are Using REST API
accessing the service through Java library, the
authentication token would be automatically generated
and applied.
List objects within a List objects within a specified container. Listing Objects within a
container Container
Create objects Create a single object, bulk create objects and upload Creating Objects
files larger than 5GB.
Update object Update custom metadata and special metadata. Updating Object Metadata
metadata
Encrypt objects Transparently encrypt objects with the Java library Encrypting Objects
before uploading.
• Tasks that do not cause changes to containers and objects require the
Storage_ReadOnlyGroup role or a custom role in the associated container's X-
Container-Read ACL.
For more information about roles and ACLs, see About Oracle Storage Cloud Service
Roles and Users.
Objects are sorted by their names lexicographically, using memcmp(). All objects, up
to 10000 by default, will be returned in the list, unless you filter the list by using any of
the following parameters:
• limit: Limit the number of objects listed to the specified value. The default and
maximum value is 10000.
• marker: Return objects with names greater than the specified string.
• end_marker: Return objects with names less than the specified string.
• format: Return extended information about each returned object in either xml or
json format (REST API only).
• prefix: Return objects with names that start with the specified string.
• delimiter: Return objects with names that include the specified character. Only
the substring of object names before the specified character are returned. Only
unique substrings are returned.
– If the prefix parameter is also used, any matches of the specified delimiter
character are ignored.
– Used to emulate directory structures within a container (that is, with a forward
slash (/) as the delimiter).
For information about using the Java library, see listObjects in Java API Reference
for Oracle Cloud Storage Service.
For information about listing objects by using the REST API, see Show container
details and List Objects in REST API for Standard Storage in Oracle Storage Cloud Service.
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources.
• containerName is the name of the container for which objects should be listed.
• Success: 200 OK
Note: If there are no objects, the HTTP response code would be 204 No
Content.
• Failure: See Error Code Reference for Oracle Storage Cloud Service
Creating Objects
Objects must be created within a container. You can create a single object or upload
multiple objects to a container.
Topics:
• Bulk-Creating Objects
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources.
Note:
To schedule automatic deletion of objects, include the X-Delete-After or
X-Delete-At header. See Scheduling Automatic Deletion of Objects.
• Failure: See Error Code Reference for Oracle Storage Cloud Service
Bulk-Creating Objects
You can create multiple objects in a single operation by uploading an archive file
containing multiple files and directories.
Note: The term archive in this topic refers to files in the .tar, .tar.gz, or
tar.bz2 format. It does not refer to the Archive storage class. Bulk-creating
objects in an Archive container is not supported.
Any user with the Service Administrator role or a role that is specified in the X-
Container-Write ACL of the container can perform this task.
To bulk-create objects:
1. Create a local archive (.tar, .tar.gz, or tar.bz2) of the files and directories to
be stored.
bulktest-files/
bulktest-files/file1.txt
bulktest-files/file2.txt
bulktest-files/file3.txt
• Upload the file to the account URL. Specify the archive type by using the ?
extract-archive request parameter.
• The response indicates the number of files created and any errors, if any.
Example request and response:
$ curl -v -X PUT
-H "X-Auth-Token: AUTH_tkcc14bdc52d571f70991b68907098f831" \
"https://foo.storage.oraclecloud.com/v1/mystorage2-myidentity3/?extract-
archive=tar.gz" \
--data-binary @myfiles.tar.gz
Response Body:
Response Status: 201 Created
For more information about the REST API, see Bulk Operations in OpenStack Object
Storage Service API Reference. The Java library does not support this task.
Topics
To download a large object, you simply download the manifest object. The segments
are concatenated in the correct order and downloaded as a single file.
The following table lists the key differences between the SLO and DLO approaches:
Minimum 1 MB No limit.
segment size
Container for The segments can be in different containers. All the segments must be
segment objects The manifest specifies the container name of in the same container.
each object.
Segment upload The segments must be uploaded before the The manifest object can be
order manifest file. created either before or
after uploading the
segments.
But to avoid any
mismatch in the data in
the downloaded manifest
object, the manifest object
must be created after
uploading all the
segments.
Note: For the steps to upload objects by using the dynamic large object
approach, see Uploading Objects Using the Dynamic Large Object Approach.
1. Segment the large file locally into multiple sequential segment files, each smaller
than 5 GB.
ls —al segment_name*
3. Create objects from each segment file. Upload all the objects in the same container.
curl -v -X PUT \
-H "X-Auth-Token:token" \
-T segmentName \
accountURL/containerName/objectName
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• segmentName is the full path and name of the segment file to be uploaded.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources.
• objectName is the name of the object to be created. Ensure that you name the
object with the corresponding segment file name.
4. Create a manifest file in JSON format, where each element contains the following
attributes:
...
{
"path": "FirstContainer/segment_aj",
"etag": "f1c9645dbc14efddc7d8a322685f26eb",
"size_bytes": 10485760
}
]
5. Upload the manifest file that you just created. In the URI, include the ?
multipart-manifest=put query parameter.
curl -v -X PUT \
-H "X-Auth-Token:token" \
"accountURL/containerName/StaticLargeFileName?multipart-manifest=put" \
-T ./fileName.json
curl -v -X HEAD \
-H "X-Auth-Token:token" \
accountURL/containerName/StaticLargeObjectName
The size of the static large object is the total size of all the segment objects. To
download a static large object, see Downloading Large Objects.
Example:
1. Segment the large file locally into multiple sequential segment files, each smaller
than 5 GB:
split -b 10m myLargeFile.zip segment_
},
...
{
"path": "FirstContainer/segment_aj",
"etag": "f1c9645dbc14efddc7d8a322685f26eb",
"size_bytes": 10485760
}
]
6. Download the large object by sending a GET request. All the segment objects are
concatenated and downloaded as one large object.
curl -v -X GET \
-H "X-Auth-Token: AUTH_tk5a58b7a8c34bb7b662523a59a5272650"
https://foo.storage.oraclecloud.com/v1/Storage-myIdentity3/
FirstContainer/myLargeFile.manifest \
-o ./myLargeFile
Download the manifest object by sending a GET request and add the query
parameter ?multipart-manifest=get.
curl -v -X GET \
-H "X-Auth-Token: AUTH_tk5a58b7a8c34bb7b662523a59a5272650"
"https://foo.storage.oraclecloud.com/v1/Storage-myIdentity3/
FirstContainer/myLargeFile.manifest?multipart-manifest=get" \
-o ./manifestFile
7. Run a HEAD request to view the size of the large object (myLargeFile) that you
created:
curl -v -X HEAD \
-H "X-Auth-Token: AUTH_tkbaebb60dfa5b80d84e62b0d5d07031e5"
https://foo.storage.oraclecloud.com/v1/Storage-myIdentity3/
FirstContainer/myLargeFile
You can view the size of the static large object in the header Content-Length.
The size of the static large object is the sum total of the sizes of the segment
objects. To download the static large object, see Downloading Large Objects.
Note: You cannot upload files to an Archive container by using the DLO
approach.
Note: For the steps to upload objects by using the static large object approach,
see Uploading Objects Using the Static Large Object Approach.
md5sum file_name
Make a note of the MD5 checksum of the file.
2. Segment the file locally into multiple sequential segment files, each smaller than 5
GB.
• Make sure that the segment file names sort lexicographically in the correct
order. Append suffixes to segment file names accordingly (that is,
segment_aa, segment_ab, and so on.).
ls —al segment_*
curl -v -X PUT \
-H "X-Auth-Token:token" \
-T segmentName \
accountURL/containerName/objectName
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• segmentName is the full path and name of the segment file to be uploaded.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources.
• objectName is the name of the object to be created. Ensure that you name the
object with the corresponding segment file name.
curl -v -X PUT \
-H "X-Auth-Token:token" \
-H "X-Object-Manifest: containerName/segment_" \
-H "Content-Length: 0" \
accountURL/containerName/manifestFile
The manifest object, when downloaded, will sequentially concatenate all segment
objects together to produce an object equivalent of the original file that was larger
than 5 GB.
6. To verify the content of the large object, download the manifest file.
curl -v -X GET \
-H "X-Auth-Token:token" \
-o manifestFile \
accountURL/containerName/manifestFile
7. To verify the size of the large object, compute the MD5 checksum of the manifest
file that you downloaded.
md5sum manifestFile
The computed MD5 checksum of the downloaded manifest file should be the same
as the MD5 checksum that you computed in Step 1.
Example:
1. Compute the MD5 checksum of the file that you want to upload:
md5sum myLargeFile
Make a note of the MD5 checksum.
MD5 (myLargeFile) = 32b357a64e7182e1484188161ba62ce9
2. Segment the file locally into multiple sequential segment files, each smaller than 5
GB:
split -b 10m myLargeFile segment_
Network,O=Symantec Corporation,C=US
> PUT /v1/Storage-myIdentity3/FirstContainer/segment_aa HTTP/1.1
> User-Agent: curl/7.29.0
> Host: foo.storage.oraclecloud.com
> Accept: */*
> X-Auth-Token: AUTH_tkc9305a46ebaa0585c4c7ae063c844f0b
> Content-Length: 10485760
> Expect: 100-continue
>
< HTTP/1.1 100 Continue
* We are completely uploaded and fine
< HTTP/1.1 201 Created
< Date: Tue, 15 Dec 2015 10:18:26 GMT
< Last-Modified: Tue, 15 Dec 2015 10:17:21 GMT
< X-Trans-Id: tx85da332ec5ae4852b7d8c-00566fe8b0ga
< Etag: f1c9645dbc14efddc7d8a322685f26eb
< Connection: keep-alive
< X-Last-Modified-Timestamp: 1450174640.10123
< Content-Type: text/html;charset=UTF-8
< Content-Length: 0
< Server: Oracle-Storage-Cloud-Service
<
* Connection #0 to host foo.storage.oraclecloud.com left intact
6. To verify the content of the large object, download the manifest file:
curl -v -X GET \
-H "X-Auth-Token: AUTH_tkbaebb60dfa5b80d84e62b0d5d07031e5"
-o mylargefile.manifest
https://foo.storage.oraclecloud.com/v1/Storage-myIdentity3/FirstContainer/
myLargeFile.manifest
7. To verify the size of the large object, compute the MD5 checksum of the manifest
file that you downloaded:
md5sum mylargefile.manifest
The computed MD5 checksum of the downloaded manifest file is the same as the
MD5 checksum of the file myLargeFile.
MD5 (mylargefile.manifest) =
32b357a64e7182e1484188161ba62ce9
For information about uploading objects by using the DLO approach, using the REST
API, see the following:
• Oracle Storage Cloud Service: Uploading Files Larger than 5 GB Using the
REST API
For information about uploading objects by using the DLO approach, using the Java
library, see the following:
• Oracle Storage Cloud Service: Uploading Files Larger than 5 GB Using the Java
Library
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources.
• objectName is the name of the object for which metadata should be retrieved.
• Success: 200 OK
• Failure: See Error Code Reference for Oracle Storage Cloud Service
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources.
• manifestObjectName is the name of the large object for which metadata should
be retrieved.
• Success: 200 OK
• Failure: See Error Code Reference for Oracle Storage Cloud Service
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources.
• containerName is the name of the container that contains the object whose
archival or restoration status needs to be identified.
• objectName is the name of the object for which you want to find out the
restoration status.
• Success: 200 OK
• Failure: See Error Code Reference for Oracle Storage Cloud Service
The following is an example of the output of this command with the object status as
archived:
* About to connect() to foo.storage.oraclecloud.com port 443 (#0)
* Trying 10.79.153.47...
* Connected to foo.storage.oraclecloud.com port 443 (10.79.153.47) port 443 (#0)
> HEAD /v1/Storage-myIdentity3/firstArchiveContainer/obj1.txt HTTP/1.1
> User-Agent: curl/7.29.0
> Host: foo.storage.oraclecloud.com:443
> Accept: */*
> X-Auth-Token: AUTH_tkb237a55e17b772a7579f433d8b4f6e05
>
< HTTP/1.1 200 OK
< X-Archive-Restore-Status: archived
< Accept-Ranges: bytes
< Last-Modified: Thu, 18 Jun 2015 19:45:26 GMT
< Etag: 3db2050fcf84bb631dcae417d3db518c
< X-Timestamp: 1434656725.77022
< X-Trans-Id: tx37fb896a0a8144f3860da-0055832016ga
< Date: Thu, 18 Jun 2015 19:46:30 GMT
< Content-Type: text/plain;charset=UTF-8
< Content-Length: 12
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources. Use v0 in the REST API URL.
• Failure: See Error Code Reference for Oracle Storage Cloud Service
You can now track the restoration progress of the object in the Archive container. To
track the object's restoration progress, make a note of the URL in the X-Archive-
Restore-Tracking header and the job ID in the header X-Archive-Restore-
JobId when you restore an object. For more information, see Tracking Restoration of
an Object in an Archive Container.
• Restoration Progress
• Job Details
• Object Size
• Object Etag
• Job Type
• Job ID
For information about tracking restoration of an object in an archive container by
using the REST API, see Return status of restore job in REST API for Archive Storage in
Oracle Storage Cloud Service.
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources. Use v0 in the REST API URL.
• Success: 200 OK
• Failure: See Error Code Reference for Oracle Storage Cloud Service
The objectExpiration field in the response body shows the UNIX Epoch time
stamp representing the date and time when the restored object will expire. For
example, 1434736481424 represents June 19, 2015 17:54:41 GMT. See http://
www.epochconverter.com/. The standard expiry duration is 24 hours.
You can now download the restored object before it expires. For more information, see
Downloading Objects.
Downloading Objects
When you download an object, the object's metadata and data are downloaded.
Any user with the Service Administrator role or a role that is specified in the X-
Container-Read ACL of the container can perform this task.
For information about using the Java library, see retrieveObject in Java API
Reference for Oracle Cloud Storage Service.
For information about downloading objects by using the REST API, see Get object
content and metadata in REST API for Standard Storage in Oracle Storage Cloud Service.
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• file is the full path and name of the file to which the object should be
downloaded.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources.
• Success: 200 OK
• Failure: See Error Code Reference for Oracle Storage Cloud Service
* Closing connection #0
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• largeObject is the full path and name of the file to which the object should be
downloaded.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources.
• containerName is the name of the container that contains the segment objects
(that form the large object) to be downloaded.
-o manifestFile \
accountURL/containerName/manifestObjectName?multipart-manifest=get \
<
* Connection #0 to host foo.storage.oraclecloud.com left intact
Deleting Objects
When an object is deleted, the object and its metadata will be removed permanently.
Any user with the Service Administrator role or a role that is specified in the X-
Container-Write ACL of the container can perform this task.
For information about the Java library, see deleteObject in Java API Reference for
Oracle Cloud Storage Service.
For information about deleting objects by using the REST API, see Delete Object in
REST API for Standard Storage in Oracle Storage Cloud Service.
Note: You can schedule deletion of objects at a specified time in the future or
after a specified period of time has elapsed, by using the X-Delete-At or X-
Delete-After header. See Scheduling Automatic Deletion of Objects.
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources.
• containerName is the name of the container that contains the object to be deleted.
• Failure: See Error Code Reference for Oracle Storage Cloud Service
To delete a static large object, send a DELETE request and add the query parameter ?
multipart-manifest=delete to delete the manifest object and all the segment
files.
curl -v -X DELETE \
-H "X-Auth-Token: token" \
accountURL/containerName/manifestFile?multipart-manifest=delete \
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources.
• containerName is the name of the container that contains the manifest file to be
deleted.
<
* Connection #0 to host foo.storage.oraclecloud.com left intact
Bulk-Deleting Objects
Multiple objects can be deleted in a single operation.
Any user with the Service Administrator role or a role that is specified in the X-
Container-Write ACL of the container can perform this task.
To bulk-delete objects:
• Create a plain text file that lists each object you want to delete.
bulktest-files/file1.txt
bulktest-files/file2.txt
bulktest-files/file3.txt
Number Deleted: 3
Number Not Found: 0
Response Body:
For more information about the REST API, see Bulk Operations in OpenStack Object
Storage Service API Reference. The Java library does not support this task.
• The first character after a hyphen is capitalized. All other letters are converted to
lowercase.
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• Name and value are the metadata key and value to be created.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources.
• containerName is the name of the container that contains the object for which
custom metadata should be created.
• objectName is the name of the object for which custom metadata should be
created.
• Failure: See Error Code Reference for Oracle Storage Cloud Service
Any user with the Service Administrator role or a role that is specified in the X-
Container-Write ACL of the container can perform this task.
To schedule automatic deletion while creating an object, include the X-Delete-
After or X-Delete-At header in the PUT request. To schedule automatic deletion
for an existing object, use the POST request. The Java library does not support
scheduling automatic deletion of objects.
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• period is the duration, in seconds, after which the object should be deleted.
• time is the UNIX Epoch timestamp representing the date and time at which the
object should be deleted. For example, 1416218400 represents November 17, 2014
10:00:00 GMT. See http://www.epochconverter.com/.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources.
• containerName is the name of the container that contains the object for which
automatic deletion should be scheduled.
• objectName is the name of the object for which automatic deletion should be
scheduled.
curl -v -X POST \
-H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
-H "X-Delete-After: 86400" \
https://foo.storage.oraclecloud.com/v1/Storage-myIdentity3/myContainer/
myObject
Copying Objects
An object can be copied to another object within the same or another container. There
is no need to download the object and then upload it again; the copying operation is
performed entirely on the server.
A user with any of the following roles can perform this task:
• You can copy static large objects between containers. You can copy the segments
directly, but you must re-create the manifest. You cannot use the existing manifest
as it points to the old segments, which may have been deleted.
or
curl -v -X COPY \
-H "X-Auth-Token: token" \
-H "Destination: /dstContainer/dstObject" \
accountURL/srcContainer/srcObject
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• srcContainer is the name of the container that contains the object to be copied.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources.
• dstContainer is the name of the container to which the object should be copied.
This should be an existing container. In other words, the COPY operation won’t
create the destination container.
• Failure: See Error Code Reference for Oracle Storage Cloud Service
or
curl -v -X COPY \
-H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
-H "Destination: /container2/object1" \
https://foo.storage.oraclecloud.com/v1/Storage-myIdentity3/container1/object1
Encrypting Objects
The Java library can encrypt objects as they are being stored to Oracle Storage Cloud
Service. All encryption happens within the Java library; no encryption happens within
the service. The REST API does not support this.
Any user with the Service Administrator role or a role that is specified in the X-
Container-Write ACL of the container can perform this task.
When you use the client-side encryption feature of the Java library, for every object
that you create in Oracle Storage Cloud Service, a unique symmetric key is generated.
The Java library uses the symmetric key to encrypt your data before storing it. In
addition, you must provide and manage an asymmetric key pair. After encrypting
your data, the Java library encrypts the symmetric key as an envelope key by using the
asymmetric key pair. Note that you can rotate a previously used key pair for a new
key pair without downloading and re-encrypting each object. The envelope key is
stored as metadata alongside the object data.
When you use the Java library to access such encrypted objects, the envelope key is
first retrieved and decrypted by using the asymmetric key pair that you provide. The
resulting symmetric key is then used to decrypt the object data.
You can restrict access to client-side encrypted objects. For example, if you have write
access to a container but not to the asymmetric key pair, you can remove the envelope
key metadata from an object. So the object data becomes unrecoverable, even if you
have access to the asymmetric key pair.
When using the Java library's encryption feature, note the following:
This section provides documentation on how to set and view metadata for your Oracle
Storage Cloud Service account.
Topics
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• Name and value are the metadata key and value to be created.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources.
• Failure: See Error Code Reference for Oracle Storage Cloud Service
-H "X-Account-Meta-Owner: IT" \
https://foo.storage.oraclecloud.com/v1/Storage-myIdentity3
• Total number of objects created in all the containers in the account (X-Account-
Object-Count)
• token is the authentication token obtained earlier from Oracle Storage Cloud
Service. See Authenticating Access When Using the REST API.
• For the syntax of accountURL, see About REST URLs for Oracle Storage Cloud
Service Resources.
• Failure: See Error Code Reference for Oracle Storage Cloud Service
The Upload CLI tool is a cross-platform Java-based command line tool that you can
use to efficiently upload files to Oracle Storage Cloud Service.
Features
• Optimized uploads
Large files are broken down into segments and uploaded in parallel by using the
static large object approach. Segmenting the files allows usage of network resources
effectively and reduces overall upload time.
Prerequisites
• Ensure that you have the required role to upload files by using the Upload CLI tool
to Oracle Storage Cloud Service.
• You can run the Upload CLI tool on Oracle Linux 6.3, 6.5, or 7.2; Windows 7; and
Ubuntu Desktop 14.04. Ensure that JRE 7, JRE 8, OpenJDK 7, or OpenJDK 8 is
installed on the host.
• Go to http://www.oracle.com/technetwork/topics/cloud/downloads/
index.html, look for the Oracle Storage Cloud Service Upload CLI section, and
download the tool.
Procedure
1. On the host on which you downloaded the tool, go to the directory where you
downloaded the tool, and run the following command:
java -jar uploadcli.jar -url REST_Endpoint_URL -user
userName -container containerName file-or-files-or-directory
This syntax shows only the required options. The other options are described later
in this document.
The uploadcli.jar command does the following:
b. Uploads all the segments as objects in a container. The objects are named
using the following convention:
segment_segment_number
Example: segment1
c. For each uploaded file, it creates a manifest object in the container. The name
of the manifest object matches the name of the uploaded file. The manifest
object links the individual segment objects.
Note:
• Files that are smaller than the specified segment size are uploaded directly
to the container. They aren’t segmented and a manifest object is not
created.
• If an upload fails, running the same command again will resume the
upload.
Command Parameters:
-password-file Optional Full path and name of the file containing the
password for the user.
If you don’t specify this option, the command
prompts you to enter the password.
-segment-size Optional Size of the segments that the large file must be
divided into before it is uploaded to Oracle
Storage Cloud Service.
Specify the size in MiB (one MiB = 1048576 bytes)
Default: 200
Minimum: 1 MiB,
Maximum: 5000 MiB
Guidelines for selecting the segment size:
• The segments are uploaded in parallel using
multiple threads. A smaller segment size may
result in faster overall upload.
• If you notice upload retries (up to five times) or
slow uploads, decrease the segment size.
For example, when uploading a 20000-MiB file,
specify a segment size that is between 20 and 5000
MiB. A smaller segment size than that would
result in more than 1000 segments.
-overwrite Optional Overwrites any existing object with the same name
file-or-files- Required Full path and name of the file or directory that you
or-directory want to upload.
You can upload all the files in a directory by
specifying the full path of the directory.
To upload all the files in the current directory,
specify "." (a period, without quotes).
To upload all the files in a directory, specify the
full path and name of the directory
To upload multiple files: Specify the file names
and separate the file names with ',' (a comma).
This MUST be the last parameter that you specify.
Examples
• To improve the upload performance of the tool, upload the files with different
segment sizes and different number of threads:
java -jar uploadcli.jar -url https://
foo.storage.oraclecloud.com/myIdentityDomain-myServiceName
-user john.smith@oracle.com -container myContainer -
segment-size 50MB -max-threads 8 D:\myfiles
• To upload a large file and segment the file into 10-megabyte segments and
upload the segments to the container MyContainer_segments:
java -jar uploadcli.jar -url https://
foo.storage.oraclecloud.com -domain myIdentityDomain -
service storageservice -user john.smith@oracle.com -
container myContainer -segments-container
myContainer_segments -segment-size 10 files.tar.gz
• To upload multiple files from a directory and overwrite existing objects in the
container myContainer:
java -jar uploadcli.jar -url https://
foo.storage.oraclecloud.com/myIdentityDomain-myServiceName
-domain myIdentityDomain -service storageservice -user
john.smith@oracle.com -container myContainer -segments-
container myContainer_segments -segment-size 10 -overwrite
D:\myfiles
• To troubleshoot an issue, use the -debug flag to create a log file in the current
working directory:
java -jar uploadcli.jar -url https://
foo.storage.oraclecloud.com/myIdentityDomain-myServiceName
-user john.smith@oracle.com -container myContainer -debug
D:\myfiles
If you don’t specify the -password-file option, a prompt to enter the
password for the Oracle Storage Cloud Service account is displayed.
If you specified an entire directory rather than just one file, then the messages are
displayed separately for each uploaded file.
Note: If the network connection is lost during the upload process, the tool
attempts (up to five times) to reconnect and resume the upload from the point
where it was interrupted. If it is unable to resume the upload after five
attempts, the tool displays an error. If this happens, enter the same command
to run the tool again.
After the files are successfully uploaded, the following message is displayed:
File [ myFile.tar.gz ] uploaded successfully!
This section provides answers to frequently asked questions (FAQ) for Oracle Storage
Cloud Service.
Topics:
• How can I find the REST Endpoint URL of my Oracle Storage Cloud Service
instance?
• How can I use a Content Delivery Network (CDN) to accelerate the downloads of
my publicly available content?
• I already have an Oracle Cloud Storage Service subscription. Can I opt for
georeplication now?
• Are there any charges for the storage space used by replicated data stored in the
secondary data center?
• How soon after a successful write operation is data replicated to the secondary data
center?
• Is replication to the secondary data center guaranteed for every write operation?
• How can I check whether archival or restoration of an object has been completed?
Note that the Oracle Storage Cloud Service account is accountable for its monthly
bandwidth usage, including traffic which is downloading publicly readable objects. If
large amounts of traffic are expected, it is better to cache publicly readable objects in a
Content Delivery Network (CDN). See How can I use a Content Delivery Network
(CDN) to accelerate the downloads of my publicly available content?
How can I use a Content Delivery Network (CDN) to accelerate the downloads of
my publicly available content?
A Content Delivery Network (CDN) can be used to accelerate the download rate of
objects from a container. It can also limit the egress bandwidth usage of an Oracle
Storage Cloud Service account which is serving publicly readable objects. Oracle does
not provide CDN functionality with Oracle Storage Cloud Service but customers can
use their own third-party CDNs. Third-party CDNs must support Origin Pull and
HTTPS in order to work with an Oracle Storage Cloud Service account.
The first step is to make a container publicly readable (see How can I make objects
within a container publicly readable?). The next step is to use the URL of the Oracle
Storage Cloud Service account as the Origin Server for the third-party CDN.
At this time, private objects cannot be accelerated with a CDN. Additionally, Oracle
will not share the SSL certificate for the domains which Oracle Storage Cloud Service
accounts are hosted on.
I already have an Oracle Cloud Storage Service subscription. Can I opt for geo-
replication now?
Existing Oracle Storage Cloud Service users cannot use the geo-replication feature.
The feature is available only for new metered Oracle Storage Cloud Service accounts.
3. To see the replication policy for your Oracle Storage Cloud Service instance, select
View Details from the Actions menu. Alternatively, click the Oracle Storage
Cloud Service link on the Dashboard page.
4. On the resulting page, expand Service Details. The details of your Oracle Storage
Cloud Service instance are displayed.
You can see the replication policy that you selected for your service instance in the
Replication Policy field.
Are there any charges for the storage space used by replicated data stored in
the secondary data center?
You'll be charged for storage space used in each site — primary and secondary. You’ll
also be billed for the data transfer across the primary and secondary data centers.
How soon after a successful write operation is data replicated to the secondary
data center?
After a successful write operation, your data is written only to the primary data center
and it is asynchronously replicated to the secondary data center. The primary and
secondary sites are always eventually consistent.
This section provides solutions for problems you may encounter while using Oracle
Storage Cloud Service.
For information about error codes that Oracle Storage Cloud Service may return, see
Error Code Reference for Oracle Storage Cloud Service.
Topics:
• I updated a container (or object), but a GET request returns old data
I updated a container (or object), but a GET request returns old data
The updates you made to the container or object have not been replicated across all the
nodes. Wait for the updates to be replicated across all the nodes, and try again.
1. Go to https://support.oracle.com.
2. In the Sign In pane, select Cloud Portal as the portal and click Sign In.
Oracle Storage Cloud Service returns standard HTTP responses. Every HTTP response
contains a status code that indicates success or failure of the request. This section lists
the causes and solutions for the HTTP error codes that Oracle Storage Cloud Service
may return. If you see an error that it is not documented here, contact Oracle Support.
Topics:
• 401 Unauthorized
• 403 Forbidden
• 409 Conflict
401 Unauthorized
Cause
• The authentication token specified in the request is not valid. It may have expired.
Authentication tokens expire after 30 minutes.
Solution
Ensure that a valid authentication token is included in the request. See Authenticating
Access When Using the REST API.
403 Forbidden
This error may occur when you:
• Download an object
• Restore an object in a container for which the X-Container-Read ACL does not
have any of your roles
• Attempt an operation that's not supported for containers of the Archive storage
class. See Features Not Supported for Archive Containers.
• A replication policy has not been selected for your service in Oracle Cloud My
Services.
• A replication policy has been selected for your service, and a write request was sent
to the secondary data center.
• The request was sent to an incorrect data center. For example, the data center for
your service is Chicago (us2), but the request was sent to the URL corresponding to
the Ashburn (us6) data center.
• You don’t have the required permission to perform the operation on the specified
container. For example, there may be a change in the roles assigned to your user or
the access privileges defined for the container specified in the request.
Solution
1. Ask your account administrator whether a replication policy has been selected for
the service. See Selecting a Replication Policy for Oracle Storage Cloud Service.
• Write requests (PUT, POST, and DELETE) can be sent to either the primary data
center or the global namespace URL. See About REST URLs for Oracle Storage
Cloud Service Resources.
• Read requests (GET and HEAD) can be sent to the primary data center, the
secondary data center, or the global namespace URL.
3. Ask your service administrator whether there is a change in either the roles
assigned to your user or the access privileges to the container specified in your
request.
4. If the roles or access privileges have changed, request the service administrator to
grant you the required permissions to the container.
5. You can restore an archived object only if you have a role that is specified in the
X-Container-Read ACL.
• The specified container or object doesn’t exist in Oracle Storage Cloud Service.
• The specified container or object was just created and has not been replicated
across all the nodes.
Solution
• Verify whether the specified container or object exists, by listing the containers or
listing the objects within the specified container, as appropriate.
• If the container or object was just created, wait for the container or object to get
replicated across all the nodes.
409 Conflict
Cause
The specified container cannot be deleted because it contains one or more objects.
Solution
• The file being uploaded is larger than 5 GB, which is the limit for the size of a
single object.
• The unused account quota is less than the size of the objects being created.
• For information about uploading files larger than 5 GB, see Uploading Files Larger
than 5 GB.
• If the unused account quota is not sufficient for the objects being created, delete
existing objects that are no longer required or purchase more quota.
To find out the current unused account quota, send a HEAD request for the account,
and look for the values of the X-Account-Bytes-Used and X-Account-Meta-
Quota-Bytes headers in the response. X-Account-Meta-Quota-Bytes minus
X-Account-Bytes-Used is the unused account quota.
• If the unused container quota is less than the size of the objects being created,
delete existing objects that you no longer require or increase the container quota.
To find out whether container quotas have been set and to determine the current
unused quota, send a HEAD request for the container, and look for the values of the
following headers in the response:
This appendix provides code samples for using the File Transfer Manager API. For
more information, see Java API Reference for File Transfer Manager API.
}
}
Java Code Samples for Using the File Transfer Manager API C-1
C-2 Using Oracle Storage Cloud Service