Generated-by: ChatGPT o4-mini. Prompt:

Write a user tutorial for accessing Ozone S3 using Cyberduck.

Here’s a step‑by‑step guide to mounting and managing your Apache Ozone object store’s S3 interface using Cyberduck.

Prerequisites

1. Running Ozone S3 Gateway

   Make sure your Ozone cluster is up and the S3 Gateway (s3g) is running. By default it listens on port 9878 over HTTP (and 9879 for HTTPS) at the host where you started it ozone.apache.org.

2. Credentials

   • No security: You can use any values for AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY.

   • With Kerberos security enabled:

     bash
     CopyEdit
     kinit -kt /etc/security/keytabs/<user>.keytab <user>@YOUR.REALM
     ozone s3 getsecret
     # → awsAccessKey=<user>@YOUR.REALM
     #   awsSecret=<long‑hex‑string>
     

   These exports give you the Access Key ID and Secret you’ll plug into Cyberduck ozone.apache.org.

1. Install Cyberduck

1. Download Cyberduck from https://cyberduck.io and install it on your Mac or Windows machine.
2. Launch Cyberduck.

2. Create a New S3 Connection

1. The bundled S3 profile in Cyberduck does not permit a custom network port, and does not allow HTTP. You may need to install additional profiles to allow those.
   1. Select a profile from here: https://gist.github.com/jojochuang/9e15acee99b528ee879f7a280b8f79f7#file-ozone-s3-cyberduck-profiles-md
   2. For example, download the **Ozone S3 HTTP.cyberduckprofile** if your gateway is HTTP.
   3. Or download the **Ozone S3 (HTTP) with path-style addressing.cyberduckprofile.**
   4. Installing the file by double-clicking a .cyberduckprofile file
   5. Check out the Cyberduck user documentation for more details.
2. In Cyberduck, click Open Connection (or press ⌘ N).
3. From the Protocol dropdown choose Ozone S3 (HTTP) if your gateway is configured for HTTP), or Apache Ozone S3 HTTP path style if the gateway is configured with Path-Style Addressing.
4. Fill in the fields:
   • Server: <ozone‑s3‑host> (e.g. ozone.example.com)
   • Port: 9878 (or 9879 for HTTPS)
   • Access Key ID: the awsAccessKey you obtained
   • Secret Access Key: the awsSecret you obtained
5. Click the little ▶ triangle next to More Options and ensure Use SSL is unchecked if you’re connecting over plain HTTP.
6. Path‑Style Addressing (default) vs Virtual‑Host Style:
   • By default Ozone uses path‑style (http://host:9878/bucket) ozone.apache.org.
   • If you’ve set ozone.s3g.domain.name in your ozone-site.xml, you can switch to virtual‑host style and Cyberduck will use bucket.host:9878 URLs.