Information
This article describes how to change the authorization URL for the S3 cluster.
In order to change the S3 hostname URL you should do the following actions:
1. Change the domain name in the postgres s3_clusters table:
Log into vstoradmin shell, run postgres and list all S3 clusters id's and domain names:
[root@cloud02 ~]# su vstoradmin bash-4.2$ psql vstoradmin= select id,domain_name from s3_clusters; id | domain_name ------------------+-------------------- 0100000000000002 | s3.old.cluster.com 0100000000000003 | s3.testcluster.com (2 rows)
Pick the id of the one you want to change the URL of (0100000000000002 in this case) and update its corresponding domain_name value:
vstoradmin= update s3_clusters set domain_name='s3.new.cluster.com' where id='0100000000000002'; UPDATE 1
2. Change the server_name value in the nginx configuration files on all s3 nodes and restart nginx service:
# vi /etc/nginx/conf.d/s3-gateway-0100000000000002.conf
before:
server {
listen 443 ssl;
server_name s3.old.cluster.com;
ssl_certificate /etc/nginx/ssl/s3-0100000000000002.crt;
ssl_certificate_key /etc/nginx/ssl/s3-0100000000000002.key;
ssl_protocols TLSv1.2;
after:
server {
listen 443 ssl;
server_name s3.new.cluster.com;
ssl_certificate /etc/nginx/ssl/s3-0100000000000002.crt;
ssl_certificate_key /etc/nginx/ssl/s3-0100000000000002.key;
ssl_protocols TLSv1.2;
# systemctl restart nginx
Repeat for every S3 node.
3. Check that server name is changed in nginx s3 certificates:
[root@cloud02 ~]# grep new.cluster.com /etc/nginx/ssl/s3-0100000000000002.crt subject=/CN=*.new.cluster.com
or
[root@cloud02 ~]# openssl x509 -in /etc/nginx/ssl/s3-0100000000000002.crt -text | grep -Ei 'subject:|dns:' Subject: CN=*.new.cluster.com DNS:*.new.cluster.com, DNS:new.cluster.com
And in vinfra:
[root@cloud02 ~]# vinfra service s3 show | grep s3gw | s3gw_domain | s3.new.cluster.com
Note: New hostname configuration has to be propagated by DNS so changes may not come into effect immediately due to DNS server/browser cache.