A Neate Blog


6 January 2022

Mounting OCI Object Storage to Oracle Cloud Free Tier Compute Instance

Tags: OCI - Object Storage - Linux - S3


This post was born out of me needing an SFTP Server somewhere cheap that I could use quickly, immediately I thought about Oracle’s Always Free cloud tier and wondered if it was possible. It was. This post explains how to mount an Object Storage bucket on an Oracle Cloud Always Free compute instance.

To start with, you’ll need to have created an Oracle Cloud account, a simple google search will take you to the sign up page. It’s worth noting that if you only use the “Always Free” services, then you won’t be charged anything at all!

Cloud Resources

The resources that will be created during this post are:

  • 1 x Compute Instance (Always Free)
  • 1 x Object Storage Bucket (20GB Always Free)

Creating the Compute Instance

Okay, so assuming you have an account, sign in to the Oracle Cloud account and you should be on the landing/home page. From the home page expand the burger menu (top left corner) and then Compute -> Instances.

Click the blue button named “Create Instance” to get started, feel free to name the instance something friendly.

If you want to be super quick, skip to Step 4.

Step 1 - Placement

If you’re happy with the placement move on to Image and Shape, if not then you can click Edit to change the placement of your instance.

The Always Free offering has some restrictions meaning that you have certain restrictions on where you can place your compute instance. Being in the UK, my restriction is AD-1 in the London region for the E2.1 Micro instance.

Step 2 - Image and Shape

If you’re happy with the Image and Shape of your instance feel free to move on, again if not then you can click Edit to change things such as the Shape (More/Less CPU and Memory) or the OS (OL7, OL8).

Step 3 - Network

Again, if you’re happy with the default networking configuration skip ahead, if not then you can click Edit to create a new network and/or subnet for the new instance.

Step 4 - Add SSH Keys

Okay this is the important one, the quickest way to move forward is to simply choose “Generate a key pair for me” and then be sure to save the Public and Private keys. Without saving the private key you won’t be able to SSH onto your compute instance!

Step 5 - You’re done

Click Create.

Creating the Object Storage Bucket

Okay now you have your compute instance, whilst that’s being built and starting we can go ahead and create the Object Storage bucket.

Using the burger menu (Top Left) click Storage -> Object Storage & Archive Storage

The banner might tell you but just for a reminder, the always free tier gives you 20GB of storage so hopefully that should be enough!

Click the blue Create Bucket button to get started, optionally change the name to something friendly.

The new panel that appears is relatively short, for ease simply click Create at the bottom but this screen does allow you to edit some options such as turning on Events which can fire when files are uploaded for example.

Putting the bucket in the right place

Okay, so far pretty straightforward. The main gotcha and thing to watch out for, is that the bucket needs to be placed into the correct compartment. I might be missing something but to me, this isn’t really clear in the console. You have to find out which compartment is setup to be S3 compatible and you do this by finding the Object Storage administration page.

Now the only way I’ve found out how to view this information is baffling but here goes, click the little profile avatar in the top right corner, this expands a list of settings and the usual Sign Out option. Click on the word Tenancy: <your id> and it will take you to the Tenancy Details page.

And now magically in a super helpful location is the “Edit Object Storage Settings”, click this white button and it will bring up which compartment is setup for Amazon S3 Compatibility, I believe you can change this but for my purposes and this post, leaving it as the default is fine.

Okay so now you know which compartment is setup for S3 compatibility, now you need to ensure your new bucket is in the same compartment. Go back to the Object Storage page, and the three vertical dots at the end of the bucket name will allow you to “Move Resource” which lets you move the bucket to the S3 compatible compartment. Because that wasn’t painful right :sweat_smile:

Generating credentials to access your bucket

The final step in the cloud console is to generate some credentials so that the instance can access your Object Storage bucket.

To do this, click the profile avatar in the top right, and select “User Settings”.

Scroll down and on the left side menu, select “Customer Secret Keys”.

Now you can click the blue “Generate Secret Key” button, give it a name and click “Generate”.

Important: make sure to click Copy and/or Show to make a note of your secret key, you’re going to need this so make sure to save it somewhere safe. After saving the key, click Close.

The final step is to copy the Access Key, simply hover over the newly created key, in the Access Key column a popup should appear which allows you to copy the Access Key, again this is needed in a later step so be sure to document it somewhere safely.

Putting it all together

Okay so now we have a Compute Instance and an Object Storage bucket (in the right S3 compatible compartment) and a Customer Secret key, now we simply need to mount the bucket onto the Compute Instance.

SSH into your Instance

SSH into your Compute instance, you can find the IP address on the Compute->Instances page, the username is usually opc. You’ll have the private ssh key saved on your machine somewhere from the earlier steps.

ssh -i <path to private key> opc@<ip>

For example

ssh -i /home/jneate/.ssh/ocfree opc@123.567.789.012

Installing s3fs-fuse

If you’re reading this, chances are you’re on OL7 or OL8, if you’re using another Linux distro, google the alternative package manager commands to install the s3fs-fuse package.

OL7:

yum-config-manager --enable ol7_developer_EPEL
yum install s3fs-fuse

OL8:

dnf install s3fs-fuse

Create s3fs-fuse credential file

Assuming installation was successful, we can now create a configuration file that gives s3fs-fuse the permissions to interact with Object Storage, this is done using the Customer Secret and Access Key you saved earlier.

echo <ACCESS KEY>:<CUSTOMER SECRET> > <safe location>/.passwd-s3fs
chmod 600 <safe location>/.passwd-s3fs

For example:

echo cb565b020ec8c79b29d7bba9c0c190751826964c:AHngx8boS5jiBM3Ex/tQxMs797g+uKmSUvIBF8U23FM= > ${HOME}/.passwd-s3f3
chmod 600 ${HOME}/.passwd-s3f3

Mounting the Bucket

Finally we’re almost there, now it’s just a case of running the s3fs-fuse command to actually mount the bucket.

You can run this manually in your shell window to mount the directory now, or instead you can update your “/etc/fstab” file to ensure the bucket is mounted every time the instance is restarted (As mounts are removed on restart)

The commands are slightly different so the first one will be to execute immediately and the second to add into your “/etc/fstab” file.

Both commands require certain information:

  • Bucket Name (Get this from your Object Storage console page)
  • Mount directory (Choose any empty directory or create a new one of your choosing)
  • Object Storage Region (Get this from your Object Storage console page)
  • Namespace (This is on the bucket details page in the cloud console, it’s usually the first line in the General tab once you’ve drilled into your bucket)
  • S3fs Credential File (This is the file generated from the step above)

If you intend to use the bucket for things such as SFTP, you need to make sure you include the option “Allow Others” to your s3fs command, this ensures other users are able to manipulate files and gives the directory 777 permissions.

Mount Immediately

s3fs <bucket name> <mount directory> -o endpoint=<object storage region> -o passwd_file=<credential file> -o url=https://<namespace>.compat.objectstorage.<object storage region>.oraclecloud.com/ -o use_path_request_style -o allow_other

For Example

s3f3 bucket-20220106-2122 /mnt/os/data -o endpoint=uk-london-1 -o passwd_file=${HOME}/.passwd-s3f3 -o url=https://lrrtoseqzaig.compat.objectstorage.uk-london-1.oraclecloud.com/ -o use_path_request_style -o allow_other

Mount on Boot

echo "s3fs#<bucket-name> <mount directory> fuse _netdev,allow_other,use_path_request_style,passwd_file=<credential file>,url=https://<namespace>.compat.objectstorage.<object storage region>.oraclecloud.com/ 0 0" >> /etc/fstab
mount -a

For Example

echo "s3fs#bucket-20220106-2122 /mnt/os/data fuse _netdev,allow_other,use_path_request_style,passwd_file=${HOME}/.passwd-s3f3,url=https://lrrtoseqzaig.compat.objectstorage.uk-london-1.oraclecloud.com/ 0 0" >> /etc/fstab
mount -a

Conclusion

That’s it you’re done! A bit painful trying to find fields and settings in the Cloud Console but once you’ve got those details it’s relatively straightforward to mount the bucket. Thanks for reading, hopefully you found it interesting and helpful.

TL;DR:- Create compute instance, create an Object Storage bucket, use the s3fs-fuse package to mount your bucket to the desired location.

Useful Links: