Accessing Ozone S3 via CyberDuck
Here’s a step‑by‑step guide to mounting and managing your Apache Ozone object store’s S3 interface using Cyberduck.
Prerequisites
-
Running Ozone S3 Gateway Make sure your Ozone cluster is up and the S3 Gateway (s3g) is running. By default it listens on port 9878 over HTTP (and 9879 for HTTPS) at the host where you started it.
-
Credentials
- No security: You can use any values for AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY.
- With Kerberos security enabled:
kinit -kt /etc/security/keytabs/<user>.keytab <user>@YOUR.REALM ozone s3 getsecret # → awsAccessKey=<user>@YOUR.REALM # awsSecret=<long‑hex‑string>
These exports give you the Access Key ID and Secret you’ll plug into Cyberduck.
1. Install Cyberduck
- Download Cyberduck from https://cyberduck.io and install it on your Mac or Windows machine.
- Launch Cyberduck.
2. Create a New S3 Connection
- The bundled S3 profile in Cyberduck does not permit a custom network port, and does not allow HTTP. You may need to install additional profiles to allow those.
- Select a profile from Ozone S3 Cyberduck profiles.
- For example, download the Ozone S3 HTTP.cyberduckprofile if your gateway is HTTP.
- Or download the Ozone S3 (HTTP) with path-style addressing.cyberduckprofile.
- Installing the file by double-clicking a
.cyberduckprofile
file - Check out the Cyberduck user documentation for more details.
- In Cyberduck, click Open Connection (or press ⌘ N).
- From the Protocol dropdown choose Ozone S3 (HTTP) if your gateway is configured for HTTP), or Apache Ozone S3 HTTP path style if the gateway is configured with Path-Style Addressing.
- Fill in the fields:
- Server:
<ozone‑s3‑host>
(e.g.ozone.example.com
) - Port:
9878
(or9879
for HTTPS) - Access Key ID: the
awsAccessKey
you obtained - Secret Access Key: the
awsSecret
you obtained
- Server:
- Click the little ▶ triangle next to More Options and ensure Use SSL is unchecked if you’re connecting over plain HTTP.
- Path‑Style Addressing (default) vs Virtual‑Host Style:
- By default Ozone uses path‑style (
http://host:9878/bucket
). - If you’ve set
ozone.s3g.domain.name
in yourozone-site.xml
, you can switch to virtual‑host style and Cyberduck will usebucket.host:9878
URLs.
- By default Ozone uses path‑style (
3. Save as a Bookmark (Optional)
- Click the dropdown arrow next to the Connect button and choose Bookmark ▶ Add Bookmark.
- Give it a name like “Ozone S3” so you can reconnect quickly.
4. Browsing and Basic Operations
Once connected, your Cyberduck window will list all buckets in the default /s3v
volume as top‑level entries.
- List Buckets: All existing buckets appear as folders.
- Create Bucket: Click the “+” (New Folder) icon, enter a bucket name, and press Return.
- Upload Files: Drag‑and‑drop files from your desktop into a bucket folder.
- Download Files: Right‑click an object and choose Download To…
- Delete Objects/Buckets: Select the file or bucket, press the Delete key, and confirm.
5. Working with Other Volumes
Ozone’s namespace includes volumes beyond /s3v
. To expose a bucket from another volume:
ozone sh volume create /vol1
ozone sh bucket create /vol1/bucket1
ozone sh bucket link /vol1/bucket1 /s3v/common-bucket
After linking, you’ll see common-bucket
in Cyberduck and can manage it just like any other S3 bucket.
6. Tips & Troubleshooting
- Permissions: If you get “Access Denied,” double‑check that you’ve generated or revoked/re‑generated your S3 secret correctly.
- SSL Errors: If you enable HTTPS on the gateway, make sure you either trust the certificate in Cyberduck or use a CA‑signed cert.
- Firewall/Network: Ensure your machine can reach
<ozone‑s3‑host>:9878
(e.g.telnet hostname 9878
). - Bookmarks Sync: Cyberduck can sync bookmarks via Dropbox or iCloud so you can share connections across devices.
You’re all set! Enjoy browsing and managing your Ozone object store through a familiar S3 GUI.
Next >>