[gpfsug-discuss] Self service creation of filesets

Wed Mar 3 17:14:37 GMT 2021

Sounds like I am not the only one that needs this. The REST API has everything needed to do this, but the problem is we can’t restrict the GUI role account to just the commands they need. They need “storage administrator” access which means the could also make/delete filesystems. I guess you could use sudo and wrap the CLI, but I am told that’s old fashioned :)  Too bad we can’t make a API role with specific POST commands tied to it. I am surprised there is no RFE for that yet. The closest I see is
http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=148244 <http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=148244> am I missing something. 

What I would want is to be able to grant the the following calls + maybe a few more. 

The related REST API calls.
https://www.ibm.com/support/knowledgecenter/STXKQY_5.0.1/com.ibm.spectrum.scale.v5r01.doc/bl1adm_apiv2postfilesystemfilesets.htm <https://www.ibm.com/support/knowledgecenter/STXKQY_5.0.1/com.ibm.spectrum.scale.v5r01.doc/bl1adm_apiv2postfilesystemfilesets.htm>
https://www.ibm.com/support/knowledgecenter/STXKQY_5.0.1/com.ibm.spectrum.scale.v5r01.doc/bl1adm_apiv2postfilesystemfilesetlink.htm <https://www.ibm.com/support/knowledgecenter/STXKQY_5.0.1/com.ibm.spectrum.scale.v5r01.doc/bl1adm_apiv2postfilesystemfilesetlink.htm>

Russell

> On Mar 3, 2021, at 3:06 AM, Loic Tortay <tortay at cc.in2p3.fr> wrote:
> 
> On 02/03/2021 20:31, Russell Nordquist wrote:
>> Hi all
>> We are trying to use filesets quite a bit, but it’s a hassle that only the admins can create them. To the users it’s just a directory so it slows things down. Has anyone deployed a self service model for creating filesets? Maybe using the API? This feels like shared pain that someone has already worked on….
> Hello,
> We have a quota management delegation (CLI) tool that allows "power-users" (PI and such) to create and remove filesets and manage users quotas for the groups/projects they're heading.
> 
> Like someone else said, from their point of view they're just directories, so they create a "directory with quotas".
> In our experience, "directories with quotas" are the most convenient way for end-users to understand and use quotas.
> 
> This is a tool written in C, about 13 years ago, using the GPFS API (and a few calls to GPFS commands where there is no API or it's lacking).
> 
> Delegation authorization (identifying "power-users") is external to the tool.
> 
> Permissions & ACLs are also set on the junction when a fileset is created so that it's both immediately usable ("instant processing") and accessible to "power-users" (for space management purposes).
> 
> There are extra features for staff to allow higher-level operations (e.g. create an independent fileset for a group/project, change the group/project quotas, etc.)
> 
> The dated looking user documentation is https://ccspsmon.in2p3.fr/spsquota.html
> 
> Both the tool and the documentation have a few site-specific things, so it's not open-source (and it has become a "legacy" tool in need of a rewrite/refactoring).
> 
> 
> Loïc.
> -- 
> |   Loïc Tortay <tortay at cc.in2p3.fr>  -     IN2P3 Computing Centre     |
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20210303/ea0d47bb/attachment-0002.htm>