Maximo

Maximo

Come for answers, stay for best practices. All we're missing is you.

 View Only
  • 1.  MAS - Customization Archive in Azure for ARO

    Posted Tue February 11, 2025 01:30 AM

    Hi Experts,

    We are using MAS9 on ARO. Need to know if someone has used Azure storage for customization archive?

    I tried using Azure blob storage with SAS token, but it did not work. There is also no article at the moment, how to use Azure storage for customization archive.

    I am curious to know how one is using customization archive on Azure.

    Please share your expertise.



    ------------------------------
    Ritesh Ranjan
    ------------------------------


  • 2.  RE: MAS - Customization Archive in Azure for ARO

    Posted Wed February 12, 2025 02:08 AM

    Hi Ritesh,

    You can use SFTP with Azure Blob Storage as described here: SFTP support for Azure Blob Storage - Azure Storage | Microsoft Learn
    The one downside is that You will need to modify ManageWorkspace CRD, because for now it does not accept ftps urls, despite the docs stating that is does.

    If You are on ARO You can also deploy a pod (container) with FTP or HTTPS server with PVC as backing storage in the ARO itself.



    ------------------------------
    Witold Wierzchowski
    Solution Architect
    Cohesive Poland
    ------------------------------



  • 3.  RE: MAS - Customization Archive in Azure for ARO

    Posted 20 days ago

    Hi Ritesh,

    I am currently trying to use azure blob for customizations archive and facing issues. If it worked for you, can you please share the steps.



    ------------------------------
    Vikalpa Shetkar
    ------------------------------



  • 4.  RE: MAS - Customization Archive in Azure for ARO

    Posted 20 days ago

    Hi Ritesh,

    If this worked for you, can you please share the steps.



    ------------------------------
    Vikalpa Shetkar
    ------------------------------



  • 5.  RE: MAS - Customization Archive in Azure for ARO

    Posted 20 days ago

    Hi Vikalpa,

    We have recently implemented it for one of our client. Cloud admin can generate a SAS token URL for the container or folder  or Customization zip file available on Azure Blob and this URL can be used in MAS Core. SAS url generally have special character and doesn't work with wget command (build pipeline use wget to download the customization archive) even if you do a URL encoding. To overcome this, you may need to provide the url in "" (double quotes). Also, you may need to update ManageWorkspace CRD to allow double quote ("), otherwise an error saying "Only ftp, ftps http and https protocols are allowed" will be thrown.

    At high level following is the list steps to be followed:

    1- Go to Manage Workspace CRD YAML (not the instance YAML).

    2- Search for customizationArchiveUrl and find the key named 'pattern'.

    3- Replace its value with '^"?((http|https|ftp)://.*)"?$'

    4- Save the file, then provide the Customization URL through the UI or OpenShift console, ensuring it is enclosed in single quotes first and then double quotes.

    There is another solution, which may be a cleaner approach, is to expose Azure Blob behind some http/ftp layer (which can be additional http server) or exposing it using s3 api (this will also require additional infra component/container to expose s3 api). As Witold Wierzchowski mentioned already, these http/ftp or s3 api layers can be exposed using a separate pod on OpenShift cluster itself or can be on separate VM.



    ------------------------------
    Gaurav Gupta
    ------------------------------



  • 6.  RE: MAS - Customization Archive in Azure for ARO

    Posted 19 days ago

    Hi Gaurav,

     

    Thank you so much for your help. I have followed all the steps. I guess I have missed providing Blob SAS URL in single and then double quotes. I will try this.

     

    Regards,

    Vikalpa

     






  • 7.  RE: MAS - Customization Archive in Azure for ARO

    Posted 12 days ago

    @Vikalpa Shetkar

    The SAS token will eventually expire. It may expire when no one remembers that a new token needs to be reissued.

    Here is my approach to avoid the SAS token for Blob:

    1. Change your blob access level to Blob (anonymous read access for blobs only)
    2. Change your storage account network settings to "Enabled from selected virtual networks and IP addresses", and map your OCP virtual networks.
    3. Add any external IP ranges to access the Blob to upload your archives
    4. In MAS, update your custom archive URL with https://<storageaccount Blob URL>/blob-name/FILENAME.zip
    Suppose your storage account is used for other Blobs or File Shares. In that case, I recommend creating a dedicated one for the MAS customisations archives, as these settings may impact other applications connecting to your storage account.
    I believe this is simpler and safer than using FTP or SAS tokens.
    Hopefully, it can help you.
    Cheers,
    Maycon


    ------------------------------
    If this post helps, please consider accepting it as a solution to help other members find it more quickly.

    Maycon Belfort
    Cloud and Infrastructure Engineer
    Naviam
    Melbourne
    ------------------------------