Bug 1637540
| Summary: | [Doc RFE] Document interoperability improvements for RGW tenant/buckets (Tech Preview) | ||
|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat Ceph Storage | Reporter: | Anjana Suparna Sriram <asriram> |
| Component: | Documentation | Assignee: | John Brier <jbrier> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Tejas <tchandra> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 3.2 | CC: | agunn, hnallurv, jbrier, kdreyer, tchandra, vimishra |
| Target Milestone: | rc | ||
| Target Release: | 3.2 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Technology Preview | |
| Doc Text: |
.Improved interoperability with S3 and Swift via a unified tenant namespace
This enhancement allows buckets to be moved between tenants. It also allows buckets to be renamed.
In Red Hat Ceph Storage 2 `rgw_keystone_implicit_tenants` only applied to Swift. As of Red Hat Ceph Storage 3 this option applies to s3 also. Sites that used this feature with Red Hat Ceph Strage 2 now have outstanding data that depends on the old behavior. To accomodate that issue this enhancement also expands `rgw_keystone_implicit_tenants` so it can be set to any of "none", "all", "s3" or "swift".
For more information, see Bucket management in the link:{object-gw-rhel-guide}#bucket-management[Object Gateway Guide for Red Hat Enterprise Linux] or link:{object-gw-ubuntu-guide}#bucket-management[Object Gateway Guide for Ubuntu] depending on your distribution. The `rgw_keystone_implicit_tenants` setting is documented in link:{rgw-to-keystone}#configuring_civetweb[Using Keystone to Authenticate Ceph Object Gateway Users].
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-01-23 09:59:35 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1629585 | ||
|
Description
Anjana Suparna Sriram
2018-10-09 12:55:22 UTC
More useful info:
bool split_mode = implicit_value.is_split_mode();
/* Normally, empty "tenant" field of acct_user means the authenticated
* identity has the legacy, global tenant. However, due to inclusion
* of multi-tenancy, we got some special compatibility kludge for remote
* backends like Keystone.
* If the global tenant is the requested one, we try the same tenant as
* the user name first. If that RGWUserInfo exists, we use it. This way,
* migrated OpenStack users can get their namespaced containers and nobody's
* the wiser.
* If that fails, we look up in the requested (possibly empty) tenant.
* If that fails too, we create the account within the global or separated
* namespace depending on rgw_keystone_implicit_tenants.
* For compatibility with previous versions of ceph, it is possible
* to enable implicit_tenants for only s3 or only swift.
* in this mode ("split_mode"), we must constrain the id lookups to
* only use the identifier space that would be used if the id were
* to be created. */
--- https://github.com/ceph/ceph/pull/22363/files#diff-15b9f415d50309d52c852a37f9f97705R477
Thanks for writing up a Doc Text. I will format it properly and clean it up and it will be included in the Release Notes. FWIW, we don't normally put Doc Text in Doc bugs. Usually the Doc Text goes in the engineering bug and we add those as blockers to our Release Notes tracker BZ. In this case the engineering bug associated with this Doc RFE is already closed (1595379), and that bug had "Documented with BZ#1564520" in its Doc Text. Bug 1564520 is also closed and its Doc Text was about internal changes related to this Doc RFE (IIUC). So we will use this Doc bug for this Doc Text but that's not normally how we do it. Note to self, this bug is filtered by the CoRN script probably because it has component set to Documentation. I added it directly to corn-template/technology-previews.adoc.
.Improved interoperability with S3 and Swift via a unified tenant namespace
This enhancement allows buckets to be moved between tenants. It also allows buckets to be renamed.
In Red Hat Ceph Storage 2 `rgw_keystone_implicit_tenants` only applied to Swift. As of Red Hat Ceph Storage 3 this option applies to s3 also. Sites that used this feature with Red Hat Ceph Strage 2 now have outstanding data that depends on the old behavior. To accomodate that issue this enhancement also expands `rgw_keystone_implicit_tenants` so it can be set to any of "none", "all", "s3" or "swift".
For more information, see Bucket management in the link:{object-gw-rhel-guide}#bucket-management[Object Gateway Guide for Red Hat Enterprise Linux] or link:{object-gw-ubuntu-guide}#bucket-management[Object Gateway Guide for Ubuntu] depending on your distribution. The `rgw_keystone_implicit_tenants` setting is documented in link:{rgw-to-keystone}#configuring_civetweb[Using Keystone to Authenticate Ceph Object Gateway Users].
Published on the customer portal as part of the RHCS 3.2 GA on 3rd Jan 2019 |