1 | Dell EMC Isilon Swift Implementation Guide © 2017 Dell Inc. or its subsidiaries.

WHITEPAPER Isilon

WHITEPAPER

DELL EMC ISILON

Swift Implementation Guide

ABSTRACT This white paper describes the best practices for setting up and managing the Isilon SWIFT services on Dell EMC Isilon cluster as object storage interface compatible with the OpenStack Swift 1.0 application programming interface (API)

April 2018

2 | Dell EMC Isilon Swift Implementation Guide © 2017 Dell Inc. or its subsidiaries.

TABLE OF CONTENTS

INTRODUCTION ........................................................................................................................3

OVERVIEW ................................................................................................................................3

KEY CONCEPTS .............................................................................................................................. 3

KEY COMPONENTS ........................................................................................................................ 3

SWIFT USER ............................................................................................................................................. 3

SWIFT GROUP ......................................................................................................................................... 3

SWIFT ACCOUNT ..................................................................................................................................... 4

ISILON SWIFT – REST API COMMANDS ................................................................................5

ISILON SWIFT - IMPLEMENTATION STEPS ...........................................................................5

IMPLEMENTATION SCENARIOS & SAMPLE COMMANDS ..................................................6

SCENARIOS ..................................................................................................................................... 6

CYBERDUCK TOOL .................................................................................................................................. 6

SCENARIO A: LOCAL USERS IN SYSTEM ZONE ................................................................................... 7

SCENARIO B: LOCAL USERS IN ACCESS ZONE ................................................................................... 9

SCENARIO C: ACTIVE DIRECTORY USERS IN SYSTEM ZONE .......................................................... 11

SCENARIO D: ACTIVE DIRECTORY USERS IN ACCESS ZONE .......................................................... 13

TROUBLESHOOTING ............................................................................................................ 14

3 | Dell EMC Isilon Swift Implementation Guide © 2017 Dell Inc. or its subsidiaries.

INTRODUCTION Isilon OneFS supports Swift, an object storage interface compatible with the OpenStack Swift 1.0 application programming interface (API). Through Isilon Swift, you can access file-based data stored on your EMC Isilon cluster as objects. Isilon Swift stores content and metadata as objects through an application programming interface (API), which is implemented as a set of Representational State Transfer (REST) web services over HTTP or secure HTTP (HTTPS).

HTTP requests are sent to an internal web server listening on port 28080. This port is not configurable. HTTPS requests are proxied through the Apache web server listening on port 8083. This port is not configurable.

NOTE: Isilon Swift support was introduced in OneFS 7.2.x. OneFS 8.0.x introduces a lot of modifications & new enhancements in Isilon Swift OneFS APIs. These include changes in Swift provisioning mechanism & newly added commands. Since the Swift API is considered as a protocol, content and metadata can be ingested as objects and concurrently accessed through protocols configured on the EMC Isilon cluster. The Isilon Swift protocol service is a licensed feature. Storing object data on a new or existing EMC Isilon cluster through Isilon Swift provides the following benefits:

Consolidate storage for applications regardless of protocol Secure multi-tenancy for applications through access zones while uniformly protecting the data with enterprise storage

capabilities such as authentication, access control, and identity management Manage data through enterprise storage features such as deduplication, replication, tiering, performance monitoring,

snapshots, and NDMP backups Balance the work load across all of the nodes in a cluster through OneFS SmartConnect Store object data more efficiently with forward error correction instead of data replication Eliminate storage silos Automate the collection, storage, and management of petabytes of unstructured data in an Isilon data lake for later analysis Automate data-processing applications to store objects on an Isilon cluster and analyze the data with Hadoop through the

OneFS HDFS interface

For supported & unsupported libraries, SDKs, and interfaces; Please refer Isilon OneFS 8.0.0 - Isilon Swift Technical Note

OVERVIEW

KEY CONCEPTS In OneFS 8.0.0 and later releases, you can create Swift accounts. Access to Swift accounts is granted based on the identity and permissions for a specific user. Containers are assigned to Swift accounts. Objects that store user data reside within containers which are first-level directories below the account directories. Objects are identified by URIs in the form http://example.com/v1/account/container/object .In this example :

example.com identifies the cluster v1 is the protocol version /account/container/object is the object storage location

The actual object storage location within the file system is /ifs/<zoneroot>/ isi_lwswift/account/container/object Note: Though Isilon Swift works with System access zone, it’s always recommended implemented Isilon Swift in a user defined access

zone.

KEY COMPONENTS

SWIFT USER

In a multi-protocol access scenario, a Swift user is a file system user who owns files in the Swift account. Swift User(s) can be a Local / AD / LDAP User(s) in System/Access Zone.

SWIFT GROUP

In a multi-protocol access scenario, a Swift group is a file system group that owns files in the Swift account. Swift user/Swift group determines the ownership of files within the file system whereas the users assigned to the Swift account grant access to the account through the Swift protocol.

Swift Groups(s) should be a Local group in System/Access Zone with Local / AD / LDAP User(s) Groups added as its members.

4 | Dell EMC Isilon Swift Implementation Guide © 2017 Dell Inc. or its subsidiaries.

SWIFT ACCOUNT

A Swift account is the root of a Swift namespace and is the locus of administrative control. Swift accounts hold containers and containers hold objects. A Swift account must be provisioned in order for a user to add containers or objects. Access control in Isilon Swift is granted at the account level. Users authorized to access a Swift account can access any of the containers and objects within that account.

How Isilon Swift fixes Openstack Swift Challenges ?

1 Scale-Out Storage Platform

- Multiple applications & workflows 1 Dedicated Storage Infrastructure

- OpenStack Only

2 10+ Year Hardened Enterprise Storage - SWIFT APIs with Enterprise Storage 2 Immature Storage

- Must risk data for API innovation

3 End-to-End Data Protection - SnapshotIQ, SyncIQ, NDMP Backup 3 Lacking Enterprise Data Protection

- No Snapshots, replication, backup

4 Industry-Leading Storage Efficiency - >80% Storage Utilization 4 Poor Storage Efficiency

- 3X mirroring

5 Multi-Protocol

- Industry standard protocols - NFS, CIFS, FTP, HTTP, HDFS, Swift

5 Object-Only Infrastructure

- Siloed

6 Simple and Smart - OneFS and Isilon (Physical or Virtual) 6 Complex Environment

- RAID + ext4 + Linux + OpenStack Swift

5 | Dell EMC Isilon Swift Implementation Guide © 2017 Dell Inc. or its subsidiaries.

ISILON SWIFT – REST API COMMANDS GET - retrieve an account, object, or the contents of a container/sub-container PUT - upload an object; or create a container/sub-container DELETE - delete an object or container POST - store metadata on an object, container, or account HEAD - retrieve metadata on an object, container, or account COPY - server side copy of an object Authentication

TempAuth Libcloud OpenStack Keystone Rackspace Extension - get token request Normal Keystone Authentication - get token request SwAuth - get token request

Support’s PUT and GET on sub-containers (nested containers), which is a non-standard Openstack Swift functionality.

ISILON SWIFT - IMPLEMENTATION STEPS

S No. With Local Users With AD / LDAP Users

1 Create Local group in Isilon System/Access zone for Isilon local users

Create Local group in Isilon System/Access zone for Isilon AD/LDAP user(s)/group(s)

2 Create Local user(s) in Isilon System/Access zone. Add users to Local group created

Add Isilon AD/LDAP user(s)/group(s) to Isilon Local Group

3 Create Swift account and add the local user(s) created into swift account

Create Swift account and add the AD/LDAP user(s)/group(s) into swift account

4 Create containers in Isilon local user’s home directory Create containers in user’s home directory 5 Move data/containers from Isilon local users to Swift

account directory Move data/containers from Isilon local users to Swift account directory

6 Modify container directory ownership to Isilon local user(s) Modify container directory ownership to Isilon local user(s) 7 Validate Access to Swift account Validate Access to Swift account 8 Optional

Reconfigure home directory of Isilon local users to a sub directory in Swift account directory

6 | Dell EMC Isilon Swift Implementation Guide © 2017 Dell Inc. or its subsidiaries.

IMPLEMENTATION SCENARIOS & SAMPLE COMMANDS

SCENARIOS

Scenario Scenario Details Implementation Minimum Requirements

Scenario A Isilon Swift with Local Users in System Zone Isilon OneFS 8.0.X or above (Physical or Simulator) Linux Client Windows Client with Cyberduck (optional)

Scenario B Isilon Swift with Local Users in Access Zone Isilon OneFS 8.0.X or above (Physical or Simulator) Linux Client Windows Client with Cyberduck (optional)

Scenario C Isilon Swift with Active Directory Users in System Zone Isilon OneFS 8.0.X or above (Physical or Simulator) Linux Client Windows AD Server Windows Client with Cyberduck (optional)

Scenario D Isilon Swift with Active Directory Users in Access Zone Isilon OneFS 8.0.X or above (Physical or Simulator) Windows AD Server Linux Client Windows Client with Cyberduck (optional)

CYBERDUCK TOOL Cyberduck is a popular open source storage browser for several cloud storage platforms. For OpenStack Swift, Cyberduck is a neat and efficient client that enables users to upload/download objects to/from their Swift storage. Cyberduck is free and speaks many protocols: https://cyberduck.io/?l=en For HTTP: Change the default port to 28080 For HTTPS: Change the default port to 8083 You can get a Cyberduck profile from here: https://trac.cyberduck.io/wiki/help/en/howto/openstack#Authenticationwithswauth

AUTHENTICATION WITH SWAUTH Legacy authentication option

Download the Openstack Swift (Swauth HTTPS) profile for preconfigured settings Download the Openstack Swift (Swauth HTTP) profile for preconfigured settings

7 | Dell EMC Isilon Swift Implementation Guide © 2017 Dell Inc. or its subsidiaries.

SCENARIO A: LOCAL USERS IN SYSTEM ZONE Isilon IP Address: 192.168.100.231 Local User: USERA, USERB Local Group: SWIFTADMINS_L_SYS Swift Account Name: SWIFTACCOUNT_L_SYS S No. Local Users in System Zone

1

Create Local group in Isilon System Command : isi auth groups create <GROUP_NAME> Example : isi auth groups create SWIFTADMINS_L_SYS

2

Create Local user(s) in Isilon System. Add users to Local group created Command : isi auth users create <USER_NAME> --enabled 1 --password <PASSWORD> --primary-group <GROUP_NAME> Example : isi auth users create USERA --enabled 1 --password a --primary-group SWIFTADMINS_L_SYS isi auth users create USERB --enabled 1 --password a --primary-group SWIFTADMINS_L_SYS

3

Create Swift account and add the local user(s) created into swift account Command : isi swift accounts create <SWIFT_ACCOUNT_NAME> <USER_NAME> <GROUP_NAME> --users <USER_NAME>,<USER_NAME>,<USER_NAME>,.... isi swift accounts list --zone <ZONE> isi swift accounts view <SWIFT_ACCOUNT_NAME> --zone <ZONE> Example : isi swift accounts create SWIFTACCOUNT_L_SYS USERA SWIFTADMINS_L_SYS --users USERA,USERB isi swift accounts list isi swift accounts view SWIFTACCOUNT_L_SYS

4

Create containers in Isilon local user’s home directory Command : mkdir -p /ifs/home/<USER_HOME_DIR>/<CONTAINER_NAME> Example : mkdir -p /ifs/home/usera/USERA-container mkdir -p /ifs/home/userb/USERB-container

5

Move data/containers from Isilon local users to Swift account directory Command : mv /ifs/home/<USER_HOME_DIR>/<CONTAINER_NAME> /ifs/isi_lwswift/<SWIFT_ACCOUNT_NAME> Example : mv /ifs/home/usera/USERA-container /ifs/isi_lwswift/SWIFTACCOUNT_L_SYS mv /ifs/home/userb/USERB-container /ifs/isi_lwswift/SWIFTACCOUNT_L_SYS

6

Modify container directory ownership to Isilon local user(s) Command : chown -R <USER_NAME>:<GROUP_NAME> /ifs/isi_lwswift/<SWIFT_ACCOUNT_NAME>/<CONTAINER_NAME> Example : chown -R USERA:SWIFTADMINS_L_SYS /ifs/isi_lwswift/SWIFTACCOUNT_L_SYS/USERA-container chown -R USERB:SWIFTADMINS_L_SYS /ifs/isi_lwswift/SWIFTACCOUNT_L_SYS/USERB-container

7 Validate Access to Swift account

8 | Dell EMC Isilon Swift Implementation Guide © 2017 Dell Inc. or its subsidiaries.

S No. Local Users in System Zone

Command : curl -H "X-Auth-User:<SWIFT_ACCOUNT_NAME>:<USER_NAME>" -H "X-Auth-Key:<PASSWORD>" –v http://<ISILON_IP_ADDR>:<PORT>/auth/v1.0 -X GET

Capture "X-Auth-Token" value from output curl -H "X-Auth-Token: AUTH_ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx " -i http://<ISILON_IP_ADDR>:<PORT>/v1/AUTH_<SWIFT_ACCOUNT_NAME>?format=json -X GET Example with HTTP : curl -H "X-Auth-User:SWIFTACCOUNT_L_SYS:USERA" -H "X-Auth-Key:a" –v "http://192.168.100.231:28080/auth/v1.0" -X GET curl -H "X-Auth-Token: AUTH_tk1242cb91e7ac8bd59651f74c80341a67" -i "http://192.168.100.231:28080/v1/AUTH_SWIFTACCOUNT_L_SYS?format=json" -X GET Example with HTTPS : curl --insecure -H "X-Auth-User:SWIFTACCOUNT_L_SYS:USERB" -H "X-Auth-Key:a" -v "https://192.168.100.231:8083/auth/v1.0" -X GET curl --insecure -H "X-Auth-Token: AUTH_tkef70c1d674f1b1f6f4f8d5f41447c50f" -i "https://192.168.100.231:8083/v1/AUTH_SWIFTACCOUNT_L_SYS?format=json" -X GET

8

Optional Reconfigure home directory of Isilon local users to a sub directory in Swift account directory Command : isi auth users modify <USER_NAME> --home-directory /ifs/isi_lwswift/<SWIFT_ACCOUNT_NAME>/<CONTAINER_NAME> --force Example : isi auth users modify USERA --home-directory /ifs/isi_lwswift/SWIFTACCOUNT/USERA-container --force isi auth users modify USERB --home-directory /ifs/isi_lwswift/SWIFTACCOUNT/USERB-container --force

9 | Dell EMC Isilon Swift Implementation Guide © 2017 Dell Inc. or its subsidiaries.

SCENARIO B: LOCAL USERS IN ACCESS ZONE Isilon IP Address: 192.168.100.241 Local User: USERC, USERD Local Group: SWIFTADMINS_L_ZONE Swift Account Name: SWIFTACCOUNT_L_ZONE Access Zone: Zone-A Access Zone home directory: /ifs/CLUSTER-A/ZONE-A S No. Local Users in Access Zone

1

Create Local group in Isilon Access zone Command : isi auth groups create <GROUP_NAME> --zone <ZONE> Example : isi auth groups create SWIFTADMINS_L_ZONE --zone ZONE-A

2

Create Local user(s) in Isilon Access Zone. Add users to Local group created Command : isi auth users create <USER_NAME> --enabled 1 --password <PASSWORD> --primary-group <GROUP_NAME> --zone <ZONE> Example : isi auth users create USERC --enabled 1 --password a --primary-group SWIFTADMINS_L_ZONE --zone ZONE-A isi auth users create USERD --enabled 1 --password a --primary-group SWIFTADMINS_L_ZONE --zone ZONE-A

3

Create Swift account and add the local user(s) created into swift account Command : isi swift accounts create <SWIFT_ACCOUNT_NAME> <USER_NAME> <GROUP_NAME> --users <USER_NAME>,<USER_NAME>,<USER_NAME>,.... --zone <ZONE> isi swift accounts list --zone <ZONE> isi swift accounts view <SWIFT_ACCOUNT_NAME> --zone <ZONE> Example : isi swift accounts create SWIFTACCOUNT_L_ZONE USERC SWIFTADMINS_L_ZONE --users USERC,USERD --zone ZONE-A isi swift accounts list --zone ZONE-A isi swift accounts view SWIFTACCOUNT_L_ZONE --zone ZONE-A

4

Create containers in Isilon local user’s home directory Command : mkdir -p <ZONE_PATH>/home/<USER_HOME_DIR>/<CONTAINER_NAME> Example : mkdir -p /ifs/CLUSTER-A/ZONE-A/home/userc/USERC-container mkdir -p /ifs/CLUSTER-A/ZONE-A/home/userd/USERD-container

5

Move data/containers from Isilon local users to Swift account directory Command : mv <ZONE_PATH>/home/<USER_HOME_DIR>/<CONTAINER_NAME> <ZONE_PATH>/isi_lwswift/<SWIFT_ACCOUNT_NAME> Example : mv /ifs/CLUSTER-A/ZONE-A/home/userc/USERC-container /ifs/CLUSTER-A/ZONE-A/isi_lwswift/SWIFTACCOUNT_L_ZONE mv /ifs/CLUSTER-A/ZONE-A/home/userd/USERD-container /ifs/CLUSTER-A/ZONE-A/isi_lwswift/SWIFTACCOUNT_L_ZONE

6

Modify container directory ownership to Isilon local user(s) Command : isi_run -z <ZONE_ID> chown -R <USER_NAME>:<GROUP_NAME> <ZONE_PATH>/isi_lwswift/<SWIFT_ACCOUNT_NAME>/<CONTAINER_NAME> Example :

10 | Dell EMC Isilon Swift Implementation Guide © 2017 Dell Inc. or its subsidiaries.

S No. Local Users in Access Zone

isi_run -z 2 chown -R USERC:SWIFTADMINS_L_ZONE /ifs/CLUSTER-A/ZONE-A/isi_lwswift/SWIFTACCOUNT_L_ZONE/USERC-container isi_run -z 2 chown -R USERD:SWIFTADMINS_L_ZONE /ifs/CLUSTER-A/ZONE-A/isi_lwswift/SWIFTACCOUNT_L_ZONE/USERD-container

7

Validate Access to Swift account Command : curl -H "X-Auth-User:<SWIFT_ACCOUNT_NAME>:<USER_NAME>" -H "X-Auth-Key:<PASSWORD>" –v http://<ISILON_IP_ADDR>:<PORT>/auth/v1.0 -X GET

Capture "X-Auth-Token" value from output curl -H "X-Auth-Token: AUTH_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx " -i http://<ISILON_IP_ADDR>:<PORT>/v1/AUTH_<SWIFT_ACCOUNT_NAME>?format=json -X GET Example with HTTP : curl -H "X-Auth-User:SWIFTACCOUNT_L_ZONE:USERC" -H "X-Auth-Key:a" –v "http://192.168.100.241:28080/auth/v1.0" -X GET curl -H "X-Auth-Token: AUTH_tk64ab51196063d116a1a4dfae949072cf" -i "http://192.168.100.241:28080/v1/AUTH_SWIFTACCOUNT_L_ZONE?format=json" -X GET Example with HTTPS : curl --insecure -H "X-Auth-User:SWIFTACCOUNT_L_ZONE:USERD" -H "X-Auth-Key:a" -v "https://192.168.100.241:8083/auth/v1.0" -X GET curl --insecure -H "X-Auth-Token: AUTH_tk186360819aaa2a4d8eee524c12a1e6e0" -i "https://192.168.100.241:8083/v1/AUTH_SWIFTACCOUNT_L_ZONE?format=json" -X GET

8

Optional Reconfigure home directory of Isilon local users to a sub directory in Swift account directory Command : isi auth users modify <USER_NAME> --home-directory /ifs/isi_lwswift/<SWIFT_ACCOUNT_NAME>/<CONTAINER_NAME> --zone <ZONE> --force Example : isi auth users modify USERC --home-directory /ifs/isi_lwswift/SWIFTACCOUNT_L_ZONE/USERC-container --zone ZONE-A --force isi auth users modify USERD --home-directory /ifs/isi_lwswift/SWIFTACCOUNT_L_ZONE/USERD-container --zone ZONE-A --force

11 | Dell EMC Isilon Swift Implementation Guide © 2017 Dell Inc. or its subsidiaries.

SCENARIO C: ACTIVE DIRECTORY USERS IN SYSTEM ZONE

Isilon IP Address: 192.168.100.231 Active Directory Domain: TESTAD.LOCAL (NETBIOS: TESTAD) Active Directory User: TESTAD\USERW, TESTAD\USERX Active Directory Group: TESTAD\AD-ADMINS Local Group: SWIFTADMINS_A_SYS Swift Account Name: SWIFTACCOUNT_A_SYS S No. Active Directory Users in System Zone

1

Create Local group in Isilon System/Access zone for Isilon local users Command : isi auth groups create <GROUP_NAME> Example : isi auth groups create SWIFTADMINS_A_SYS

2

Add Isilon AD/LDAP user(s)/group(s) to Isilon Local Group Command : isi auth groups modify <GROUP_NAME> --add-user <AD_USER>@<AD_DOMAIN> --provider local OR isi auth groups modify <GROUP_NAME> --add-group <AD_GROUP>@<AD_DOMAIN> --provider local Example : isi auth groups modify SWIFTADMINS_A_SYS --add-user USERW@TESTAD.LOCAL --provider local isi auth groups modify SWIFTADMINS_A_SYS --add-user USERX@TESTAD.LOCAL --provider local OR isi auth groups modify SWIFTADMINS_A_SYS --add-group AD-ADMINS@TESTAD.LOCAL --provider local

3

Create Swift account and add the local user(s) created into swift account Command : isi swift accounts create <SWIFT_ACCOUNT_NAME> <USER_NAME> <GROUP_NAME> --users <USER_NAME>,<USER_NAME>,<USER_NAME>,.... isi swift accounts list isi swift accounts view SWIFTACCOUNT_A_SYS Example : isi swift accounts create SWIFTACCOUNT_A_SYS USERW@TESTAD.LOCAL SWIFTADMINS_A_SYS --users USERW@TESTAD.LOCAL,USERX@TESTAD.LOCAL isi swift accounts list isi swift accounts view SWIFTACCOUNT_A_SYS

4

Create containers in Isilon local user’s home directory Command : mkdir -p /ifs/home/<DOMAIN_NETBIOS>/<USER_HOME_DIR>/<CONTAINER_NAME> Example : mkdir -p /ifs/home/TESTAD/userw/USERW-container mkdir -p /ifs/home/TESTAD/userx/USERX-container

5

Move data/containers from Isilon local users to Swift account directory Command : mv /ifs/home/<USER_NAME>/<CONTAINER_NAME> /ifs/isi_lwswift/<SWIFT_ACCOUNT_NAME> Example : mv /ifs/home/TESTAD/userw/USERW-container /ifs/isi_lwswift/SWIFTACCOUNT_A_SYS mv /ifs/home/TESTAD/userx/USERX-container /ifs/isi_lwswift/SWIFTACCOUNT_A_SYS

6

Modify container directory ownership to Isilon local user(s) Command :

12 | Dell EMC Isilon Swift Implementation Guide © 2017 Dell Inc. or its subsidiaries.

S No. Active Directory Users in System Zone

chown -R <USER_NAME>:<GROUP_NAME> /ifs/isi_lwswift/<SWIFT_ACCOUNT_NAME>/<CONTAINER_NAME> Example : chown -R -s USERW@TESTAD.LOCAL:SWIFTADMINS_A_SYS /ifs/isi_lwswift/SWIFTACCOUNT_A_SYS/USERW-container chown -R -s USERX@TESTAD.LOCAL:SWIFTADMINS_A_SYS /ifs/isi_lwswift/SWIFTACCOUNT_A_SYS/USERX-container

7

Validate Access to Swift account Command : curl -H "X-Auth-User:<SWIFT_ACCOUNT_NAME>:<USER_NAME>" -H "X-Auth-Key:<PASSWORD>" –v http://<ISILON_IP_ADDR>:<PORT>/auth/v1.0 -X GET

Capture "X-Auth-Token" value from output curl -H "X-Auth-Token: AUTH_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx " -i http://<ISILON_IP_ADDR>:<PORT>/v1/AUTH_<SWIFT_ACCOUNT_NAME>?format=json -X GET Example with HTTP : curl -H "X-Auth-User:SWIFTACCOUNT_A_SYS:USERW@TESTAD.LOCAL" -H "X-Auth-Key:Test@12" –v "http://192.168.100.231:28080/auth/v1.0" -X GET curl -H "X-Auth-Token: AUTH_tk1242cb91e7ac8bd59651f74c80341a67" -i "http://192.168.100.231:28080/v1/AUTH_SWIFTACCOUNT_A_SYS?format=json" -X GET Example with HTTPS : curl --insecure -H "X-Auth-User:SWIFTACCOUNT_A_SYS:USERX@TESTAD.LOCAL" -H "X-Auth-Key:Test@12" -v "https://192.168.100.231:8083/auth/v1.0" -X GET curl --insecure -H "X-Auth-Token: AUTH_tkef70c1d674f1b1f6f4f8d5f41447c50f" -i "https://192.168.100.231:8083/v1/AUTH_SWIFTACCOUNT_A_SYS?format=json" -X GET

13 | Dell EMC Isilon Swift Implementation Guide © 2017 Dell Inc. or its subsidiaries.

SCENARIO D: ACTIVE DIRECTORY USERS IN ACCESS ZONE Isilon IP Address: 192.168.100.241 Active Directory Domain: TESTAD.LOCAL (NETBIOS: TESTAD) Active Directory User : TESTAD\USERY , TESTAD\USERZ Active Directory Group: TESTAD\AD-ADMINS Local Group: SWIFTADMINS_A_ZONE Swift Account Name: SWIFTACCOUNT_A_ZONE Access Zone: Zone-A Access Zone home directory: /ifs/CLUSTER-A/ZONE-A S No. Active Directory Users in Access Zone

1

Create Local group in Isilon System/Access zone for Isilon local users Command : isi auth groups create <GROUP_NAME> --zone <ZONE> Example : isi auth groups create SWIFTADMINS_A_ZONE --zone ZONE-A

2

Add Isilon AD/LDAP user(s)/group(s) to Isilon Local Group Command : isi auth groups modify <GROUP_NAME> --add-user <AD_USER>@<AD_DOMAIN> --provider local --zone <ZONE> OR isi auth groups modify <GROUP_NAME> --add-group <AD_GROUP>@<AD_DOMAIN> --provider local --zone <ZONE> Example : isi auth groups modify SWIFTADMINS_A_ZONE --add-user USERY@TESTAD.LOCAL --provider local --zone ZONE-A isi auth groups modify SWIFTADMINS_A_ZONE --add-user USERZ@TESTAD.LOCAL --provider local --zone ZONE-A OR isi auth groups modify SWIFTADMINS_A_ZONE --add-group AD-ADMINS@TESTAD.LOCAL --provider local --zone ZONE-A

3

Create Swift account and add the local user(s) created into swift account Command : isi swift accounts create <SWIFT_ACCOUNT_NAME> <USER_NAME> <GROUP_NAME> --users <USER_NAME>,<USER_NAME>,<USER_NAME>,.... --zone <ZONE> isi swift accounts list --zone <ZONE> isi swift accounts view SWIFTACCOUNT_A_ZONE --zone <ZONE> Example : isi swift accounts create SWIFTACCOUNT_A_ZONE USERY@TESTAD.LOCAL SWIFTADMINS_A_ZONE --users USERY@TESTAD.LOCAL,USERZ@TESTAD.LOCAL --zone ZONE-A isi swift accounts list --zone ZONE-A isi swift accounts view SWIFTACCOUNT_A_ZONE --zone ZONE-A

4

Create containers in Isilon local user’s home directory Command : mkdir -p /ifs/home/<DOMAIN_NETBIOS>/<USER_HOME_DIR>/<CONTAINER_NAME> Example : mkdir -p /ifs/home/TESTAD/usery/USERY-container mkdir -p /ifs/home/TESTAD/userz/USERZ-container

5

Move data/containers from Isilon local users to Swift account directory Command : mv /ifs/home/<USER_NAME>/<CONTAINER_NAME> /ifs/isi_lwswift/<SWIFT_ACCOUNT_NAME> Example : mv /ifs/home/TESTAD/usery/USERY-container /ifs/isi_lwswift/SWIFTACCOUNT_A_ZONE mv /ifs/home/TESTAD/userz/USERZ-container /ifs/isi_lwswift/SWIFTACCOUNT_A_ZONE

6 Modify container directory ownership to Isilon local user(s)

14 | Dell EMC Isilon Swift Implementation Guide © 2017 Dell Inc. or its subsidiaries.

S No. Active Directory Users in Access Zone

Command : isi_run -z <ZONE_ID> chown -R <USER_NAME>:<GROUP_NAME> /ifs/isi_lwswift/<SWIFT_ACCOUNT_NAME>/<CONTAINER_NAME> Example : isi_run -z 2 chown -R -s USERY@TESTAD.LOCAL:SWIFTADMINS_A_ZONE /ifs/isi_lwswift/SWIFTACCOUNT_A_ZONE/USERY-container isi_run -z 2 chown -R -s USERZ@TESTAD.LOCAL:SWIFTADMINS_A_ZONE /ifs/isi_lwswift/SWIFTACCOUNT_A_ZONE/USERZ-container

7

Validate Access to Swift account Command : curl -H "X-Auth-User:<SWIFT_ACCOUNT_NAME>:<USER_NAME>" -H "X-Auth-Key:<PASSWORD>" –v http://<ISILON_IP_ADDR>:<PORT>/auth/v1.0 -X GET

Capture "X-Auth-Token" value from output curl -H "X-Auth-Token: AUTH_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx " -i http://<ISILON_IP_ADDR>:<PORT>/v1/AUTH_<SWIFT_ACCOUNT_NAME>?format=json -X GET Example with HTTP : curl -H "X-Auth-User:SWIFTACCOUNT_A_ZONE:USERY@TESTAD.LOCAL" -H "X-Auth-Key:Test@12" –v "http://192.168.100.241:28080/auth/v1.0" -X GET curl -H "X-Auth-Token: AUTH_tk1242cb91e7ac8bd59651f74c80341a67" -i "http://192.168.100.241:28080/v1/AUTH_SWIFTACCOUNT_A_ZONE?format=json" -X GET Example with HTTPS : curl --insecure -H "X-Auth-User:SWIFTACCOUNT_A_ZONE:USERZ@TESTAD.LOCAL" -H "X-Auth-Key:Test@12" -v "https://192.168.100.241:8083/auth/v1.0" -X GET curl --insecure -H "X-Auth-Token: AUTH_tkef70c1d674f1b1f6f4f8d5f41447c50f" -i "https://192.168.100.241:8083/v1/AUTH_SWIFTACCOUNT_A_ZONE?format=json" -X GET

TROUBLESHOOTING Swift related logs are available at:

Errors with Look in

CLI / PAPI isi_papi_d.log

Swift lwswift.log

Auth lsassd.log

Account lookup isi_tardis_d.log

Additional Information:

Log level change: Increase logging level using isi_ilog or lwsm set-log-level