Object Storage Service (OSS) provides a console and easy-to-use tools that allow you to manage buckets visually. Through OSS you can persistently store instance data and distribute data across instances at a low cost. It is suitable for scenarios in which you need to perform more read operations than write operations, such as mounting configuration files or frontend static files.
Before you start
Access to the configuration
The tabs below tells how to access the configuration in 3 different scenarios:
When creating an application
Log on to the SAE console. In the left-side navigation pane, choose . Select a region in the top navigation bar and a namespace from the Application List drop-down list, and click Create Application.
Configure the required parameters on the Basic Information page, and click Next: Advanced Settings.
When modifying a running application
After you redeploy an application, the application is restarted. To prevent unpredictable errors such as business interruptions, we recommend that you deploy applications during off-peak hours.
Log on to the SAE console. In the left-side navigation pane, choose . Select a region in the top navigation bar and a namespace from the Application List drop-down list, and click the name of the target application.
On the Basic Information page that appears, click Deploy Application.
When modifying a stopped application
Log on to the SAE console. In the left-side navigation pane, choose . Select a region in the top navigation bar and a namespace from the Application List drop-down list, and click the name of the target application.
On the Basic Information page that appears, click Modify Application Configurations.
Procedure
Expand the Configure Persistent Storage section, and Enable OSS.
Mount OSS
Configure the AccessKey ID and AccessKey Secret .
We recommend using the AccessKey pair of a RAM user to call OSS APIs. Ensure that the RAM user is granted the minimum required permissions. For example, if you want the RAM user to have read-only access to the oss-test/ directory of the test-sae bucket, just grant the following minimum permissions to the RAM user.
{ "Statement": [ { "Action": "oss:GetBucket", "Effect": "Allow", "Resource": "acs:oss:*:*:test-sae" }, { "Action": "oss:GetObject", "Effect": "Allow", "Resource": "acs:oss:*:*:/" } ], "Version": "1" }Configure the following OSS mount information. To add multiple entries, click Add.
Parameter
Description
Example
Bucket
The existing OSS bucket.
bucketname
Mount Directory
The path of the existing OSS directory or OSS object. If the specified directory or object is invalid, an exception occurs.
Example:
/
Note/ indicates the root directory to which the bucket is mounted.
tmp/oss-test/
tmp/oss-demo.log
Container Path
The path of SAE container. The specified directory overwrites the original value or will be created.
/home/admin/app/php/
Permission
The permissions of the container to operate on the OSS. Valid values:
Read-Only
Read/Write
Read-Only
Unmount the OSS bucket
If OSS storage is no longer needed, you can unmount the OSS bucket while the data stored in it will not be deleted.
Follow the steps to unmount OSS:
Find the OSS configuration entry.
In the Actions column, click the
icon.
Verify the mount result
Verify the mount result based on change records.
Successful changes means OSS bucket is mounted.
Verify the mount result based on containers.
Log on to Webshell, and run the following command to check whether the mount information of the OSS bucket exists in the application:
cat /proc/mounts | grep ossfsIf the following output is returned, the OSS bucket is mounted.
Verify the mount result.
Log on to Webshell, and operate under the mount directory. If you can see returns in the OSS console, the OSS bucket is mounted.
FAQ
Can I use OSS to store logs?
We recommend not. Use SLS or Kafka for persistent log storage instead. OSS is suitable for mass data processing, such as image, audio, and video files. It is also suitable for scenarios in which static and dynamic resources are stored separatly.
Troubleshooting
If you encounter OSS mount failure, missing mount path in the container, or lack of operation permissions during use, refer to the following steps for troubleshooting.
Confirm whether the configured OSS Bucket exists.
If you deploy applications through the console, only OSS Buckets that actually exist in the same account and region can be selected in the SAE console.
If you deploy applications through methods other than the console (such as API, SDK, saectl tool, or Jenkins plugin), you need to log on to the OSS console and confirm that the OSS Bucket name configured in the same account and region exists.
Check the operation permissions of the RAM user associated with the configured AccessKey ID and AccessKey Secret.
Find the associated RAM user based on the configured AccessKey ID and AccessKey Secret.
Confirm that the RAM user has minimum operation permissions for the configured OSS Bucket.
Check the OSS Bucket authorization policy.
Log on to the OSS console, go to the details page of the target Bucket, and choose in the left-side navigation pane.
Check whether the Bucket authorization policy blocks SAE access. Specifically, confirm that the public IP addresses of SAE in the corresponding region have been added to the whitelist, as shown in the following table.
NoteTo obtain detailed public IP addresses for SAE, contact technical support in the DingTalk group (Group number: 32874633).
Region
IP address
cn-hangzhou
47.99.xx.xx
cn-shanghai
47.101.xx.xx
cn-beijing
47.94.xx.xx
cn-zhangjiakou
121.89.xx.xx
cn-wulanchabu
8.130.xx.xx
cn-shenzhen
39.108.xx.xx
cn-heyuan
47.121.xx.xx
cn-guangzhou
8.134.xx.xx
8.134.xx.xx
cn-chengdu
47.108.xx.xx
cn-hongkong
47.243.xx.xx
8.210.xx.xx
ap-southeast-1
8.219.xx.xx
eu-central-1
8.211.xx.xx
8.211.xx.xx
us-west-1
47.89.xx.xx
us-east-1
47.252.xx.xx