search

storj / edge

Storj edge services (including multi-tenant, S3-compatible server to interact with the Storj network)
GNU Affero General Public License v3.0
48 stars 18 forks source link

Review Veeam Ready Script #410

Closed ferristocrat closed 3 months ago

ferristocrat commented 4 months ago

Objective

Review the Veeam Ready script to see if there is anything useful to glean regarding Object Lock requirements.

Acceptance Criteria

ferristocrat commented 4 months ago

Notes on Veeam Ready Script:

Line 875 - Adds the S3 account:

Add-VBRAmazonAccount -AccessKey $AccessKey -SecretKey $SecretKey -Description "Veeam Ready Repo Testing"

Line 876 - Looks like the description is key in Veeam:

$account = Get-VBRAmazonAccount | Where-Object {$_.Description -eq "Veeam Ready Repo Testing"}

Line 877 - Region is required, but defaults to us-east-1 -- as of now this is fine with Storj, but should probably have customers define this explicitly as global or us-select-1 so we don't run into any issues in the future:

#$regioncode = Read-Host "Please provide the Region ID for S3 (Default if blank: us-east-1)"
$regioncode = DataEntryBox -EntryName "Region Code" -DialogText "Default Region: us-east-1
`nPlease provide the Region you wish to use"
if ($regioncode -eq "No Data"){$regioncode = "us-east-1"}

Line 881 - Service endpoint required, so we'll need to guide customers to use gateway.storjshare.io

#WriteOut -text "Example service points 192.168.1.XXX, 192.168.1.XXX:443, s3.company.org, s3.company.org:443" -color Yellow
#$servicepoint = Read-Host "Please provide the Service Point for S3 (DO NOT INCLUDE HTTP/HTTPS)"
$servicepoint = DataEntryBox -EntryName "Service Point" -DialogText "Example service points 192.168.1.XXX, 192.168.1.XXX:443, s3.company.org, s3.company.org:443
`nPlease provide the Service Point for S3 (DO NOT INCLUDE HTTP/HTTPS)"

Line 2733 - This appears to be a check for the "Non-immutability" use case since it issues if a warning if object versioning is enabled, and if lock is also enabled, throws an error.

$versioningstatus = $null
$objectlockstatus = $null
$versioningstatus = aws s3api get-bucket-versioning --no-verify-ssl --bucket $bucketname --endpoint-url $endpoint | Select-String -SimpleMatch "Enabled"
$objectlockstatus = aws s3api get-object-lock-configuration --no-verify-ssl --endpoint-url $endpoint --bucket $bucketname | Select-String -Pattern "ObjectLockEnabled"
if ($versioningstatus -ne $null)
{
    if ($versioningstatus -like "*Enabled*")
    {
        if ($objectlockstatus -eq $null) {
            WriteOut -text 'Versioning is ON Testing will continue.'
            WriteToLogFileResults "TEST WARNING: Versioning is enabled for the bucket used"
            #Exit
        }
        else {
            WriteOut -text 'Versioning and Object Lock are ON Testing will NOT continue.'
            WriteToLogFileResults "TEST FAILURE: Versioning and Object Lock are enabled for the bucket used"
            Exit
        }
    } else {WriteOut -text 'Versioning is OFF, testing will continue.'}
}
else {WriteOut -text "Versioning = OFF"}