<html><body><p>Hi Leslie,<br>For the issues you list below:<br>1. AD configuration - there is a known issue with quoted names passed to mmuserauth - we are investigating how to correct this.<br>2. Can you provide more details on how you configured file access? The normal procedure is to use "mmobj file-access enable", and this will set up the required settings in the config file. Can you send us:<br>- the steps used to configure file access<br>- the resulting /etc/swift/object-server-sof.conf<br>- log files from /var/log/swift or output of "systemctl status openstack-swift-object-sof"<br><br>We can schedule a short call to help debug if needed.<br><br>Here is a more detailed description of enabling file access to object data:<br><br><b>Enable unified file and object access</b><br>See: <a href="http://www.ibm.com/support/knowledgecenter/STXKQY_4.2.1/com.ibm.spectrum.scale.v4r21.doc/bl1adm_enablefileaccess.htm">http://www.ibm.com/support/knowledgecenter/STXKQY_4.2.1/com.ibm.spectrum.scale.v4r21.doc/bl1adm_enablefileaccess.htm</a><br><br>1. enable & configure:<br># mmobj file-access enable<br><br># mmobj config list --ccrfile spectrum-scale-object.conf --section capabilities --property file-access-enabled<br>file-access-enabled = true<br><br>Different user id mapping approaches are supporting. The simplest is id_mgmt = local_mode. This example leaves that default in place.<br><br>Verify id_mgmt mode:<br># mmobj config list --ccrfile object-server-sof.conf --section DEFAULT --property id_mgmt<br>id_mgmt = local_mode<br><br>At this point, you can create a storage policy that will be used for file & object access containers. We'll create a new fileset for this step (in 4.2.2 we will support objectizing existing filesets). In this example, we create the fileset with 1M inodes initially allocated:<br># mmobj policy create fileaccess --enable-file-access -i 1000000<br>[I] Getting latest configuration from ccr<br>[I] Creating fileset fs2-1m-03:obj_fileaccess<br>[I] Creating new unique index and building the object rings<br>[I] Updating the configuration<br>[I] Uploading the changed configuration<br><br>The new storage policy is listed:<br><tt># mmobj policy list</tt><br><br><tt>Index Name Default Deprecated Fileset Functions</tt><br><tt>--------------------------------------------------------------------------------</tt><br><tt>0 policy-0 yes Object_Fileset default</tt><br><tt>87811608170 fileaccess obj_fileaccess file-and-object-access</tt><br><br><br>The new fileset called obj_fileaccess is shown below:<br><tt># mmlsfileset fs2-1m-03 obj_fileaccess -L</tt><br><tt>Filesets in file system 'fs2-1m-03':</tt><br><tt>Name Id RootInode ParentId Created InodeSpace MaxInodes AllocInodes Comment</tt><br><tt>obj_fileaccess 6 134217731 0 Wed Aug 17 10:08:51 2016 4 1000192 1000192</tt><br><br>2. Create one or more containers that are file-access enabled:<br>Next, you can create one or more containers that use this storage policy (and have file access enabled):<br><tt># source openrc</tt><br><tt># swift post fileaccess_container --header "x-storage-policy: fileaccess"</tt><br><tt># swift stat fileaccess_container</tt><br><tt> Account: AUTH_acad33df8cdf402ebab6bfb87b1674af</tt><br><tt> Container: fileaccess_container</tt><br><tt> Objects: 0</tt><br><tt> Bytes: 0</tt><br><tt> Read ACL:</tt><br><tt> Write ACL:</tt><br><tt> Sync To:</tt><br><tt> Sync Key:</tt><br><tt> Accept-Ranges: bytes</tt><br><tt>X-Storage-Policy: fileaccess</tt><br><tt> X-Timestamp: 1471456287.21609</tt><br><tt> X-Trans-Id: tx0f305353a20a4ac1ab927-0057b4a428</tt><br><tt> Content-Type: text/plain; charset=utf-8</tt><br><br>Objects can be added to the container from the object or file interface, the file path is structured like this: <mount point>/<fileset>/<device>/<account>/<container>/<br><br>In our example it would be:<br>/ibm/fs2-1m-03/obj_fileaccess/s87811608170z1device1/AUTH_acad33df8cdf402ebab6bfb87b1674af/fileaccess_container/<br><br>For convenience, create a soft link:<br>ln -s /ibm/fs2-1m-03/obj_fileaccess/s87811608170z1device1/AUTH_acad33df8cdf402ebab6bfb87b1674af/fileaccess_container/ /ibm/fs2-1m-03/unified_file_object<br><br>3. Verify access from both file & object interface:<br>Upload a file from object interface, it will be readable from file interface, owned by swift user. For example:<br># date > test1.obj<br># swift upload fileaccess_container test1.obj<br>test1.obj<br><br># ls -l /ibm/fs2-1m-03/unified_file_object/<br>total 0<br>-rwxr-xr-x 1 swift swift 29 Aug 17 11:03 test1.obj<br><br><br>Similarly, create an example object (or set of objects) from file interface:<br># date > /ibm/fs2-1m-03/unified_file_object/test2.obj<br><br>The object must be readable by swift user - either by setting file ownership or using file acls:<br># chown swift:swift /ibm/fs2-1m-03/unified_file_object/test2.obj<br># ls -l /ibm/fs2-1m-03/unified_file_object/<br>-rwxr-xr-x 1 swift swift 29 Aug 17 11:03 test1.obj<br>-rw-r--r-- 1 swift swift 29 Aug 17 11:05 test2.obj<br><br>New files will be "objectized" (made visible to the object interface) by a periodic process. The default period for this is 30 min, but can be changed using mmob config change command. This process can be resource intensive, so don't see to run too often if there are many containers & files.<br><br># mmobj config list --ccrfile spectrum-scale-objectizer.conf --section DEFAULT --property objectization_interval<br>objectization_interval = 1800<br><br>After waiting the objectizer interval, the new object shows up from the object interface, and can be accessed like any other object:<br># swift list fileaccess_container<br>test1.obj<br>test2.obj<br><br># swift download fileaccess_container test2.obj<br>test2.obj [auth 0.229s, headers 0.862s, total 0.862s, 0.000 MB/s]<br><br>Verify the contents match <br># cat test2.obj<br>Wed Aug 17 11:05:00 PDT 2016<br><br># cat /ibm/fs2-1m-03/unified_file_object/test2.obj<br>Wed Aug 17 11:05:00 PDT 2016<br><br>And update from file interface:<br># echo "bill was here" >> /ibm/fs2-1m-03/unified_file_object/test2.obj<br><br>Redownload from object interface and confirm:<br># swift download fileaccess_container test2.obj<br>test2.obj [auth 0.230s, headers 0.729s, total 0.729s, 0.000 MB/s]<br>[<br># cat test2.obj<br>Wed Aug 17 11:05:00 PDT 2016<br>bill was here<br><br><b>Use Case Example:</b><br>One usecase is adding/expanding an archive file in file interface, and results can be accessed from file interface. <br><br>For example, create a set of test files:<br># mkdir test<br>[root@client22 ~]# for i in {1..10}; do date > test/smallobj$i ; done<br>[root@client22 ~]# ll test<br>total 40<br>-rw-r--r-- 1 root root 29 Aug 17 11:31 smallobj1<br>-rw-r--r-- 1 root root 29 Aug 17 11:31 smallobj10<br>-rw-r--r-- 1 root root 29 Aug 17 11:31 smallobj2<br>-rw-r--r-- 1 root root 29 Aug 17 11:31 smallobj3<br>-rw-r--r-- 1 root root 29 Aug 17 11:31 smallobj4<br>-rw-r--r-- 1 root root 29 Aug 17 11:31 smallobj5<br>-rw-r--r-- 1 root root 29 Aug 17 11:31 smallobj6<br>-rw-r--r-- 1 root root 29 Aug 17 11:31 smallobj7<br>-rw-r--r-- 1 root root 29 Aug 17 11:31 smallobj8<br>-rw-r--r-- 1 root root 29 Aug 17 11:31 smallobj9<br># tar -cf databag.tar test<br><br>Expand the file into file interface and set ownership to swift:<br># cd /ibm/fs2-1m-03/unified_file_object/<br># tar -xf ~/databag.tar<br># chown -R swift:swift test<br><br>After objectizer runs, all files are available from object interface:<br># swift list fileaccess_container<br>test/smallobj1<br>test/smallobj10<br>test/smallobj2<br>test/smallobj3<br>test/smallobj4<br>test/smallobj5<br>test/smallobj6<br>test/smallobj7<br>test/smallobj8<br>test/smallobj9<br>test1.obj<br>test2.obj<br><br>Regards,<br>Bill Owen <br>billowen@us.ibm.com<br>Spectrum Scale Object Storage <br>520-799-4829<br><br><br><img width="16" height="16" src="cid:1__=88BB0AC9DFDD62138f9e8a93df938690918c88B@" border="0" alt="Inactive hide details for leslie elliott ---10/25/2016 03:01:55 PM---Hi We are in the process of trying to configure unified fi"><font color="#424282">leslie elliott ---10/25/2016 03:01:55 PM---Hi We are in the process of trying to configure unified file and object</font><br><br><font size="2" color="#5F5F5F">From: </font><font size="2">leslie elliott <leslie.james.elliott@gmail.com></font><br><font size="2" color="#5F5F5F">To: </font><font size="2">gpfsug-discuss@spectrumscale.org</font><br><font size="2" color="#5F5F5F">Date: </font><font size="2">10/25/2016 03:01 PM</font><br><font size="2" color="#5F5F5F">Subject: </font><font size="2">[gpfsug-discuss] unified file and object</font><br><font size="2" color="#5F5F5F">Sent by: </font><font size="2">gpfsug-discuss-bounces@spectrumscale.org</font><br><hr width="100%" size="2" align="left" noshade style="color:#8091A5; "><br><br><br><font size="4">Hi</font><br><br><font size="4">We are in the process of trying to configure unified file and object storage in unified_mode and have a few problems</font><br><br><font size="4">We are running 4.2.1 and do not have any current issues the file access protocols setting up the authentication</font><br><br><font size="4">First issue we do have is binding the object data to our Active Directory, we seem to be hitting a road block due to the fact that the bind DN has spaces in it, if we enclose the DN in quotes it still fails, if we escape them with the appropriate RFC value we can get the mmuserauth to complete but the lookups from the local keystone fail for the authentication of the users </font><br><br><font size="4">The DN for the swift user and swift admin also have quotes in them, so just doing it on the command line is not enough to get the mmuserauth command to complete</font><br><br><font size="4">Second problem is </font><br><br><font size="4">OBJ:openstack-swift-object-sof is not running</font><br><br><font size="4">This seems to be due to the config file not having bind_ip and bind_port values, if these are added then the error turns to pipeline of other settings in the config file missing </font><br><br><font size="4">This particular issue occurs no matter what the auth type is set to be for object</font><br><br><font size="4">Hopefully this make some sense to someone </font><br><br><font size="4">Thanks</font><br><br><font size="4">leslie</font><br><br><br><font size="4">Leslie Elliott, Infrastructure Support Specialist, Faculty Infrastructure and Applications Support</font><br><font size="4">Information Technology Services, The University of Queensland</font><br><tt>_______________________________________________<br>gpfsug-discuss mailing list<br>gpfsug-discuss at spectrumscale.org<br></tt><tt><a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a></tt><tt><br></tt><br><br><BR>
</body></html>