ISILON SWIFT MADE EASY! (ONEFS 8.X AND LATER)€¦ · Swift user/Swift group determines the ownership of files within the file system whereas the users assigned to the Swift account

ISILON SWIFT MADE EASY!(ONEFS 8.X AND LATER)

Akshay [email protected]

Knowledge Sharing Article © 2018 Dell Inc. or its subsidiaries.

2018 Dell EMC Proven Professional Knowledge Sharing 2

Table of Contents

Abstract ............................................................................................................................................................ 3

Introduction ..................................................................................................................................................... 3

Overview .......................................................................................................................................................... 4 Key Concepts ................................................................................................................................................ 4

Swift User .................................................................................................................................................. 4

Swift Group ................................................................................................................................................ 4

Swift Account ............................................................................................................................................. 5

How Isilon Swift Fixes Openstack Swift Challenges ..................................................................................... 5

Isilon Swift – REST API Commands ............................................................................................................... 5

Implementation Steps ..................................................................................................................................... 6

Implementation Scenarios, Infrastructure Required And Sample Commands ........................................... 6 Scenarios ...................................................................................................................................................... 6

Cyberduck Tool ............................................................................................................................................. 6

Scenario A: Isilon Swift with Local Users in System Zone .......................................................................... 7

Scenario B: Isilon Swift with Local Users in Access Zone .......................................................................... 9

Scenario C: Isilon Swift with Active Directory Users in System Zone........................................................ 11

Scenario D: Isilon Swift with Active Directory Users in Access Zone ........................................................ 13

Troubleshooting ............................................................................................................................................ 14

Disclaimer: The views, processes or methodologies published in this article are those of the author. They do not necessarily reflect Dell EMC’s views, processes or methodologies.


Abstract

This document describes the best practices for setting up and managing the Isilon SWIFT services on Dell EMC Isilon cluster as object storage interface compatible with the OpenStack Swift 1.0 application programming interface (API)

Introduction

Isilon OneFS supports Swift, an object storage interface compatible with the OpenStack Swift 1.0 application programming interface (API). Through Isilon Swift, you can access file-based data stored on your Dell EMC Isilon cluster as objects. Isilon Swift stores content and metadata as objects through an application programming interface (API), which is implemented as a set of Representational State Transfer (REST) web services over HTTP or secure HTTP (HTTPS).

HTTP requests are sent to an internal web server listening on port 28080. This port is not configurable.

HTTPS requests are proxied through the Apache web server listening on port 8083. This port is not configurable.

NOTE: Isilon Swift support was introduced in OneFS 7.2.x. OneFS 8.0.x introduces a lot of modifications and new enhancements in Isilon Swift OneFS APIs. These include changes in Swift provisioning mechanism and newly added commands. Since the Swift API is considered a protocol, content and metadata can be ingested as objects and concurrently accessed through protocols configured on the Isilon cluster. The Isilon Swift protocol service is a licensed feature. Storing object data on a new or existing Isilon cluster through Isilon Swift provides the following benefits:

Consolidate storage for applications regardless of protocol

Secure multi-tenancy for applications through access zones while uniformly protecting the data with enterprise storage capabilities such as authentication, access control, and identity management

Manage data through enterprise storage features such as deduplication, replication, tiering, performance monitoring, snapshots, and NDMP backups

Balance the workload across all of the nodes in a cluster through OneFS SmartConnect

Store object data more efficiently with forward error correction instead of data replication

Eliminate storage silos

Automate collection, storage, and management of petabytes of unstructured data in an Isilon data lake for later analysis

Automate data-processing applications to store objects on an Isilon cluster and analyze the data with Hadoop through the OneFS HDFS interface

For supported and unsupported libraries, SDKs, and interfaces, please reference Isilon OneFS 8.0.0 - Isilon Swift Technical Note

https://www.emc.com/collateral/TechnicalDocument/docu65071.pdf

https://www.emc.com/collateral/TechnicalDocument/docu65071.pdf


Overview

Key Concepts

In OneFS 8.0.0 and later releases, you can create Swift accounts. Access to Swift accounts is granted based on the identity and permissions for a specific user. Containers are assigned to Swift accounts. Objects that store user data reside within containers which are first-level directories below the account directories. Objects are identified by URIs in the form http://example.com/v1/account/container/object. In this example:

example.com identifies the cluster

v1 is the protocol version

/account/container/object is the object storage location The actual object storage location within the file system is /ifs/<zoneroot>/ isi_lwswift/account/container/object Note: Though Isilon Swift works with System access zone, it’s always recommended to implement Isilon Swift in a user defined access zone.

Key Components

Swift User

In a multi-protocol access scenario, a Swift user is a file system user who owns files in the Swift account.

Swift User(s) can be a Local / AD / LDAP User(s) in System/Access Zone.

Swift Group

In a multi-protocol access scenario, a Swift group is a file system group that owns files in the Swift account. Swift user/Swift group determines the ownership of files within the file system whereas the users assigned to the Swift account grant access to the account through the Swift protocol.

Swift Groups(s) should be a Local group in System/Access Zone with Local / AD / LDAP User(s) Groups added as its members.

http://example.com/v1/account/container/object


Swift Account

A Swift account is the root of a Swift namespace and is the locus of administrative control. Swift accounts hold containers and containers hold objects. A Swift account must be provisioned in order for a user to add containers or objects. Access control in Isilon Swift is granted at the account level. Users authorized to access a Swift account can access any of the containers and objects within that account.

How Isilon Swift fixes Openstack Swift Challenges

1 Scale-Out Storage Platform

- Multiple applications & workflows 1 Dedicated Storage Infrastructure

- OpenStack Only

2 10+ Year Hardened Enterprise Storage

- SWIFT APIs with Enterprise Storage 2 Immature Storage

- Must risk data for API innovation

3 End-to-End Data Protection

- SnapshotIQ, SyncIQ, NDMP Backup 3 Lacking Enterprise Data Protection

- No Snapshots, replication, backup

4 Industry-Leading Storage Efficiency

- >80% Storage Utilization 4 Poor Storage Efficiency

- 3X mirroring

5 Multi-Protocol

- Industry standard protocols - NFS, CIFS, FTP, HTTP, HDFS, Swift

5

Object-Only Infrastructure

- Siloed

6 Simple and Smart

- OneFS and Isilon (Physical or Virtual) 6 Complex Environment

- RAID + ext4 + Linux + OpenStack Swift

Isilon Swift – REST API Commands

GET - retrieve an account, object, or the contents of a container/sub-container PUT - upload an object; or create a container/sub-container DELETE - delete an object or container POST - store metadata on an object, container, or account HEAD - retrieve metadata on an object, container, or account COPY - server side copy of an object Authentication

TempAuth

Libcloud OpenStack Keystone Rackspace Extension - get token request

Normal Keystone Authentication - get token request

SwAuth - get token request Support’s PUT and GET on sub-containers (nested containers), which is a non-standard Openstack Swift functionality.


Implementation Steps

S No. With Local Users With AD / LDAP Users

1 Create Local group in Isilon System/Access zone for Isilon local users

Create Local group in Isilon System/Access zone for Isilon AD/LDAP user(s)/group(s)

2 Create Local user(s) in Isilon System/Access zone. Add users to Local group created

Add Isilon AD/LDAP user(s)/group(s) to Isilon Local Group

3 Create Swift account and add the local user(s) created into swift account

Create Swift account and add the AD/LDAP user(s)/group(s) into swift account

4 Create containers in Isilon local user’s home directory Create containers in user’s home directory

5 Move data/containers from Isilon local users to Swift account directory

Move data/containers from Isilon local users to Swift account directory

6 Modify container directory ownership to Isilon local user(s) Modify container directory ownership to Isilon local user(s)

7 Validate Access to Swift account Validate Access to Swift account

8 Optional

Reconfigure home directory of Isilon local users to a sub directory in Swift account directory

Implementation scenarios, infrastructure required and sample commands

Scenarios

Scenario Scenario Details Implementation Minimum Requirements

Scenario A Isilon Swift with Local Users in System Zone Isilon OneFS 8.0.X or above (Physical or Simulator)

Linux Client

Windows Client with Cyberduck (optional)

Scenario B Isilon Swift with Local Users in Access Zone Isilon OneFS 8.0.X or above (Physical or Simulator)

Linux Client


Scenario C Isilon Swift with Active Directory Users in System Zone Isilon OneFS 8.0.X or above (Physical or Simulator)

Linux Client

Windows AD Server


Scenario D Isilon Swift with Active Directory Users in Access Zone Isilon OneFS 8.0.X or above (Physical or Simulator)

Windows AD Server

Linux Client


Cyberduck Tool

Cyberduck is a popular open source storage browser for several cloud storage platforms. For OpenStack Swift, Cyberduck is a neat and efficient client that enables users to upload/download objects to/from their Swift storage. Cyberduck is free and speaks many protocols: https://cyberduck.io/?l=en For HTTP: Change the default port to 28080 For HTTPS: Change the default port to 8083 You can get a Cyberduck profile from here: https://trac.cyberduck.io/wiki/help/en/howto/openstack#Authenticationwithswauth

Authentication with Swauth

Legacy authentication option

Download the Openstack Swift (Swauth HTTPS) profile for preconfigured settings

Download the Openstack Swift (Swauth HTTP) profile for preconfigured settings

https://cyberduck.io/?l=en

https://trac.cyberduck.io/wiki/help/en/howto/openstack#Authenticationwithswauth

https://svn.cyberduck.io/trunk/profiles/Openstack%20Swift%20(Swauth).cyberduckprofile

https://svn.cyberduck.io/trunk/profiles/Openstack%20Swift%20(Swauth%20HTTP).cyberduckprofile


Scenario A: Isilon Swift with Local Users in System Zone

Isilon IP Address: 192.168.100.231 Local User: USERA, USERB Local Group: SWIFTADMINS_L_SYS Swift Account Name: SWIFTACCOUNT_L_SYS

S No. With Local Users in System Zone

1

Create Local group in Isilon System

Command :

isi auth groups create <GROUP_NAME> Example :

isi auth groups create SWIFTADMINS_L_SYS

2

Create Local user(s) in Isilon System. Add users to Local group created

Command :

isi auth users create <USER_NAME> --enabled 1 --password <PASSWORD> --primary-group <GROUP_NAME> Example :

isi auth users create USERA --enabled 1 --password a --primary-group SWIFTADMINS_L_SYS isi auth users create USERB --enabled 1 --password a --primary-group SWIFTADMINS_L_SYS

3

Create Swift account and add the local user(s) created into swift account

Command :

isi swift accounts create <SWIFT_ACCOUNT_NAME> <USER_NAME> <GROUP_NAME> --users <USER_NAME>,<USER_NAME>,<USER_NAME>,.... isi swift accounts list --zone <ZONE> isi swift accounts view <SWIFT_ACCOUNT_NAME> --zone <ZONE> Example :

isi swift accounts create SWIFTACCOUNT_L_SYS USERA SWIFTADMINS_L_SYS --users USERA,USERB isi swift accounts list isi swift accounts view SWIFTACCOUNT_L_SYS

4

Create containers in Isilon local user’s home directory

Command :

mkdir -p /ifs/home/<USER_HOME_DIR>/<CONTAINER_NAME> Example :

mkdir -p /ifs/home/usera/USERA-container mkdir -p /ifs/home/userb/USERB-container

5


Command :

mv /ifs/home/<USER_HOME_DIR>/<CONTAINER_NAME> /ifs/isi_lwswift/<SWIFT_ACCOUNT_NAME> Example :

mv /ifs/home/usera/USERA-container /ifs/isi_lwswift/SWIFTACCOUNT_L_SYS mv /ifs/home/userb/USERB-container /ifs/isi_lwswift/SWIFTACCOUNT_L_SYS

6

Modify container directory ownership to Isilon local user(s)

Command :

chown -R <USER_NAME>:<GROUP_NAME> /ifs/isi_lwswift/<SWIFT_ACCOUNT_NAME>/<CONTAINER_NAME> Example :

chown -R USERA:SWIFTADMINS_L_SYS /ifs/isi_lwswift/SWIFTACCOUNT_L_SYS/USERA-container chown -R USERB:SWIFTADMINS_L_SYS /ifs/isi_lwswift/SWIFTACCOUNT_L_SYS/USERB-container

7

Validate Access to Swift account

Command :


S No. With Local Users in System Zone

curl -H "X-Auth-User:<SWIFT_ACCOUNT_NAME>:<USER_NAME>" -H "X-Auth-Key:<PASSWORD>" –v http://<ISILON_IP_ADDR>:<PORT>/auth/v1.0 -X GET

Capture "X-Auth-Token" value from output curl -H "X-Auth-Token: AUTH_ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx " -i http://<ISILON_IP_ADDR>:<PORT>/v1/AUTH_<SWIFT_ACCOUNT_NAME>?format=json -X GET Example with HTTP :

curl -H "X-Auth-User:SWIFTACCOUNT_L_SYS:USERA" -H "X-Auth-Key:a" –v "http://192.168.100.231:28080/auth/v1.0" -X GET curl -H "X-Auth-Token: AUTH_tk1242cb91e7ac8bd59651f74c80341a67" -i "http://192.168.100.231:28080/v1/AUTH_SWIFTACCOUNT_L_SYS?format=json" -X GET Example with HTTPS :

curl --insecure -H "X-Auth-User:SWIFTACCOUNT_L_SYS:USERB" -H "X-Auth-Key:a" -v "https://192.168.100.231:8083/auth/v1.0" -X GET curl --insecure -H "X-Auth-Token: AUTH_tkef70c1d674f1b1f6f4f8d5f41447c50f" -i "https://192.168.100.231:8083/v1/AUTH_SWIFTACCOUNT_L_SYS?format=json" -X GET

8

Optional Reconfigure home directory of Isilon local users to a sub directory in Swift account directory

Command :

isi auth users modify <USER_NAME> --home-directory /ifs/isi_lwswift/<SWIFT_ACCOUNT_NAME>/<CONTAINER_NAME> --force

Example :

isi auth users modify USERA --home-directory /ifs/isi_lwswift/SWIFTACCOUNT/USERA-container --force isi auth users modify USERB --home-directory /ifs/isi_lwswift/SWIFTACCOUNT/USERB-container --force

http://inside.dell.com/


http://192.168.100.231:28080/auth/v1.0

http://192.168.100.231:28080/v1/AUTH_SWIFTACCOUNT_L_SYS?format=json

https://192.168.100.231:8083/auth/v1.0

https://192.168.100.231:8083/v1/AUTH_SWIFTACCOUNT_L_SYS?format=json


Scenario B: Isilon Swift with Local Users in Access Zone

Isilon IP Address: 192.168.100.241 Local User: USERC, USERD Local Group: SWIFTADMINS_L_ZONE Swift Account Name: SWIFTACCOUNT_L_ZONE Access Zone: Zone-A Access Zone home directory: /ifs/CLUSTER-A/ZONE-A

S No. With Local Users in Access Zone

1

Create Local group in Isilon Access zone

Command :

isi auth groups create <GROUP_NAME> --zone <ZONE> Example :

isi auth groups create SWIFTADMINS_L_ZONE --zone ZONE-A

2

Create Local user(s) in Isilon Access Zone. Add users to Local group created

Command :

isi auth users create <USER_NAME> --enabled 1 --password <PASSWORD> --primary-group <GROUP_NAME> --zone <ZONE> Example :

isi auth users create USERC --enabled 1 --password a --primary-group SWIFTADMINS_L_ZONE --zone ZONE-A isi auth users create USERD --enabled 1 --password a --primary-group SWIFTADMINS_L_ZONE --zone ZONE-A

3


Command :

isi swift accounts create <SWIFT_ACCOUNT_NAME> <USER_NAME> <GROUP_NAME> --users <USER_NAME>,<USER_NAME>,<USER_NAME>,.... --zone <ZONE> isi swift accounts list --zone <ZONE> isi swift accounts view <SWIFT_ACCOUNT_NAME> --zone <ZONE> Example :

isi swift accounts create SWIFTACCOUNT_L_ZONE USERC SWIFTADMINS_L_ZONE --users USERC,USERD --zone ZONE-A isi swift accounts list --zone ZONE-A isi swift accounts view SWIFTACCOUNT_L_ZONE --zone ZONE-A

4


Command :

mkdir -p <ZONE_PATH>/home/<USER_HOME_DIR>/<CONTAINER_NAME> Example :

mkdir -p /ifs/CLUSTER-A/ZONE-A/home/userc/USERC-container mkdir -p /ifs/CLUSTER-A/ZONE-A/home/userd/USERD-container

5


Command :

mv <ZONE_PATH>/home/<USER_HOME_DIR>/<CONTAINER_NAME> <ZONE_PATH>/isi_lwswift/<SWIFT_ACCOUNT_NAME> Example :

mv /ifs/CLUSTER-A/ZONE-A/home/userc/USERC-container /ifs/CLUSTER-A/ZONE-A/isi_lwswift/SWIFTACCOUNT_L_ZONE mv /ifs/CLUSTER-A/ZONE-A/home/userd/USERD-container /ifs/CLUSTER-A/ZONE-A/isi_lwswift/SWIFTACCOUNT_L_ZONE

6


Command :

isi_run -z <ZONE_ID> chown -R <USER_NAME>:<GROUP_NAME> <ZONE_PATH>/isi_lwswift/<SWIFT_ACCOUNT_NAME>/<CONTAINER_NAME> Example :


S No. With Local Users in Access Zone

isi_run -z 2 chown -R USERC:SWIFTADMINS_L_ZONE /ifs/CLUSTER-A/ZONE-A/isi_lwswift/SWIFTACCOUNT_L_ZONE/USERC-container isi_run -z 2 chown -R USERD:SWIFTADMINS_L_ZONE /ifs/CLUSTER-A/ZONE-A/isi_lwswift/SWIFTACCOUNT_L_ZONE/USERD-container

7


Command :


Capture "X-Auth-Token" value from output curl -H "X-Auth-Token: AUTH_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx " -i http://<ISILON_IP_ADDR>:<PORT>/v1/AUTH_<SWIFT_ACCOUNT_NAME>?format=json -X GET Example with HTTP :

curl -H "X-Auth-User:SWIFTACCOUNT_L_ZONE:USERC" -H "X-Auth-Key:a" –v "http://192.168.100.241:28080/auth/v1.0" -X GET curl -H "X-Auth-Token: AUTH_tk64ab51196063d116a1a4dfae949072cf" -i "http://192.168.100.241:28080/v1/AUTH_SWIFTACCOUNT_L_ZONE?format=json" -X GET Example with HTTPS :

curl --insecure -H "X-Auth-User:SWIFTACCOUNT_L_ZONE:USERD" -H "X-Auth-Key:a" -v "https://192.168.100.241:8083/auth/v1.0" -X GET curl --insecure -H "X-Auth-Token: AUTH_tk186360819aaa2a4d8eee524c12a1e6e0" -i "https://192.168.100.241:8083/v1/AUTH_SWIFTACCOUNT_L_ZONE?format=json" -X GET

8

Optional Reconfigure home directory of Isilon local users to a sub directory in Swift account directory

Command :

isi auth users modify <USER_NAME> --home-directory /ifs/isi_lwswift/<SWIFT_ACCOUNT_NAME>/<CONTAINER_NAME> --zone <ZONE> --force Example :

isi auth users modify USERC --home-directory /ifs/isi_lwswift/SWIFTACCOUNT_L_ZONE/USERC-container --zone ZONE-A --force isi auth users modify USERD --home-directory /ifs/isi_lwswift/SWIFTACCOUNT_L_ZONE/USERD-container --zone ZONE-A --force



http://192.168.100.241:28080/auth/v1.0

http://192.168.100.241:28080/v1/AUTH_SWIFTACCOUNT_L_ZONE?format=json

https://192.168.100.241:8083/auth/v1.0

https://192.168.100.241:8083/v1/AUTH_SWIFTACCOUNT_L_ZONE?format=json


Scenario C: Isilon Swift with Active Directory Users in System Zone

Isilon IP Address: 192.168.100.231 Active Directory Domain: TESTAD.LOCAL (NETBIOS: TESTAD) Active Directory User: TESTAD\USERW, TESTAD\USERX Active Directory Group: TESTAD\AD-ADMINS Local Group: SWIFTADMINS_A_SYS Swift Account Name: SWIFTACCOUNT_A_SYS

S No. With Active Directory Users in System Zone

1

Create Local group in Isilon System/Access zone for Isilon local users

Command :

isi auth groups create <GROUP_NAME> Example :

isi auth groups create SWIFTADMINS_A_SYS

2


Command :

isi auth groups modify <GROUP_NAME> --add-user <AD_USER>@<AD_DOMAIN> --provider local OR isi auth groups modify <GROUP_NAME> --add-group <AD_GROUP>@<AD_DOMAIN> --provider local

Example :

isi auth groups modify SWIFTADMINS_A_SYS --add-user [email protected] --provider local isi auth groups modify SWIFTADMINS_A_SYS --add-user [email protected] --provider local OR isi auth groups modify SWIFTADMINS_A_SYS --add-group [email protected] --provider local

3


Command :

isi swift accounts create <SWIFT_ACCOUNT_NAME> <USER_NAME> <GROUP_NAME> --users <USER_NAME>,<USER_NAME>,<USER_NAME>,.... isi swift accounts list isi swift accounts view SWIFTACCOUNT_A_SYS Example :

isi swift accounts create SWIFTACCOUNT_A_SYS [email protected] SWIFTADMINS_A_SYS --users [email protected],[email protected] isi swift accounts list isi swift accounts view SWIFTACCOUNT_A_SYS

4


Command :

mkdir -p /ifs/home/<DOMAIN_NETBIOS>/<USER_HOME_DIR>/<CONTAINER_NAME> Example :

mkdir -p /ifs/home/TESTAD/userw/USERW-container mkdir -p /ifs/home/TESTAD/userx/USERX-container

5


Command :

mv /ifs/home/<USER_NAME>/<CONTAINER_NAME> /ifs/isi_lwswift/<SWIFT_ACCOUNT_NAME> Example :

mv /ifs/home/TESTAD/userw/USERW-container /ifs/isi_lwswift/SWIFTACCOUNT_A_SYS mv /ifs/home/TESTAD/userx/USERX-container /ifs/isi_lwswift/SWIFTACCOUNT_A_SYS

6


Command :



chown -R <USER_NAME>:<GROUP_NAME> /ifs/isi_lwswift/<SWIFT_ACCOUNT_NAME>/<CONTAINER_NAME> Example :

chown -R -s [email protected]:SWIFTADMINS_A_SYS /ifs/isi_lwswift/SWIFTACCOUNT_A_SYS/USERW-container chown -R -s [email protected]:SWIFTADMINS_A_SYS /ifs/isi_lwswift/SWIFTACCOUNT_A_SYS/USERX-container

7


Command :



curl -H "X-Auth-User:SWIFTACCOUNT_A_SYS:[email protected]" -H "X-Auth-Key:Test@12" –v "http://192.168.100.231:28080/auth/v1.0" -X GET curl -H "X-Auth-Token: AUTH_tk1242cb91e7ac8bd59651f74c80341a67" -i "http://192.168.100.231:28080/v1/AUTH_SWIFTACCOUNT_A_SYS?format=json" -X GET Example with HTTPS :

curl --insecure -H "X-Auth-User:SWIFTACCOUNT_A_SYS:[email protected]" -H "X-Auth-Key:Test@12" -v "https://192.168.100.231:8083/auth/v1.0" -X GET curl --insecure -H "X-Auth-Token: AUTH_tkef70c1d674f1b1f6f4f8d5f41447c50f" -i "https://192.168.100.231:8083/v1/AUTH_SWIFTACCOUNT_A_SYS?format=json" -X GET



http://192.168.100.231:28080/auth/v1.0

http://192.168.100.231:28080/v1/AUTH_SWIFTACCOUNT_A_SYS?format=json

https://192.168.100.231:8083/auth/v1.0

https://192.168.100.231:8083/v1/AUTH_SWIFTACCOUNT_A_SYS?format=json


Scenario D: Isilon Swift with Active Directory Users in Access Zone

Isilon IP Address: 192.168.100.241 Active Directory Domain: TESTAD.LOCAL (NETBIOS: TESTAD) Active Directory User : TESTAD\USERY , TESTAD\USERZ Active Directory Group: TESTAD\AD-ADMINS Local Group: SWIFTADMINS_A_ZONE Swift Account Name: SWIFTACCOUNT_A_ZONE Access Zone: Zone-A Access Zone home directory: /ifs/CLUSTER-A/ZONE-A


1

Create Local group in Isilon System/Access zone for Isilon local users

Command :

isi auth groups create <GROUP_NAME> --zone <ZONE> Example :

isi auth groups create SWIFTADMINS_A_ZONE --zone ZONE-A

2


Command :

isi auth groups modify <GROUP_NAME> --add-user <AD_USER>@<AD_DOMAIN> --provider local --zone <ZONE> OR isi auth groups modify <GROUP_NAME> --add-group <AD_GROUP>@<AD_DOMAIN> --provider local --zone <ZONE> Example :

isi auth groups modify SWIFTADMINS_A_ZONE --add-user [email protected] --provider local --zone ZONE-A isi auth groups modify SWIFTADMINS_A_ZONE --add-user [email protected] --provider local --zone ZONE-A OR isi auth groups modify SWIFTADMINS_A_ZONE --add-group [email protected] --provider local --zone ZONE-A

3


Command :

isi swift accounts create <SWIFT_ACCOUNT_NAME> <USER_NAME> <GROUP_NAME> --users <USER_NAME>,<USER_NAME>,<USER_NAME>,.... --zone <ZONE> isi swift accounts list --zone <ZONE> isi swift accounts view SWIFTACCOUNT_A_ZONE --zone <ZONE> Example :

isi swift accounts create SWIFTACCOUNT_A_ZONE [email protected] SWIFTADMINS_A_ZONE --users [email protected],[email protected] --zone ZONE-A isi swift accounts list --zone ZONE-A isi swift accounts view SWIFTACCOUNT_A_ZONE --zone ZONE-A

4


Command :

mkdir -p /ifs/home/<DOMAIN_NETBIOS>/<USER_HOME_DIR>/<CONTAINER_NAME> Example :

mkdir -p /ifs/home/TESTAD/usery/USERY-container mkdir -p /ifs/home/TESTAD/userz/USERZ-container

5


Command :

mv /ifs/home/<USER_NAME>/<CONTAINER_NAME> /ifs/isi_lwswift/<SWIFT_ACCOUNT_NAME> Example :

mv /ifs/home/TESTAD/usery/USERY-container /ifs/isi_lwswift/SWIFTACCOUNT_A_ZONE mv /ifs/home/TESTAD/userz/USERZ-container /ifs/isi_lwswift/SWIFTACCOUNT_A_ZONE

6


Command :



isi_run -z <ZONE_ID> chown -R <USER_NAME>:<GROUP_NAME> /ifs/isi_lwswift/<SWIFT_ACCOUNT_NAME>/<CONTAINER_NAME> Example :

isi_run -z 2 chown -R -s [email protected]:SWIFTADMINS_A_ZONE /ifs/isi_lwswift/SWIFTACCOUNT_A_ZONE/USERY-container isi_run -z 2 chown -R -s [email protected]:SWIFTADMINS_A_ZONE /ifs/isi_lwswift/SWIFTACCOUNT_A_ZONE/USERZ-container

7


Command :



curl -H "X-Auth-User:SWIFTACCOUNT_A_ZONE:[email protected]" -H "X-Auth-Key:Test@12" –v "http://192.168.100.241:28080/auth/v1.0" -X GET curl -H "X-Auth-Token: AUTH_tk1242cb91e7ac8bd59651f74c80341a67" -i "http://192.168.100.241:28080/v1/AUTH_SWIFTACCOUNT_A_ZONE?format=json" -X GET Example with HTTPS :

curl --insecure -H "X-Auth-User:SWIFTACCOUNT_A_ZONE:[email protected]" -H "X-Auth-Key:Test@12" -v "https://192.168.100.241:8083/auth/v1.0" -X GET curl --insecure -H "X-Auth-Token: AUTH_tkef70c1d674f1b1f6f4f8d5f41447c50f" -i "https://192.168.100.241:8083/v1/AUTH_SWIFTACCOUNT_A_ZONE?format=json" -X GET

Troubleshooting

Swift-related logs are available at:

Errors with Look in

CLI / PAPI isi_papi_d.log

Swift lwswift.log

Auth lsassd.log

Account lookup isi_tardis_d.log

Additional Information: Log level change: Increase logging level using isi_ilog or lwsm set-log-level



http://192.168.100.241:28080/auth/v1.0

http://192.168.100.241:28080/v1/AUTH_SWIFTACCOUNT_A_ZONE?format=json

https://192.168.100.241:8083/auth/v1.0

https://192.168.100.241:8083/v1/AUTH_SWIFTACCOUNT_A_ZONE?format=json


Dell EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS.” DELL EMC MAKES NO RESPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Use, copying and distribution of any Dell EMC software described in this publication requires an applicable software license. Dell, EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries.

Documents

ISILON SWIFT MADE EASY! (ONEFS 8.X AND LATER)€¦ · Swift user/Swift group determines the ownership of files within the file system whereas the users assigned to the Swift account