This blog post goes through a feature of the ZFS Appliance that has been around for at least 3 years now. The Openstack Swift Object store.
When looking at the S3 API, and the OCI API, I forgot all about where it started.. With the Swift API.
I will go through the 3 APIs, and how they came about (from what I can find by reading through articles)..
It all started with the Swift API. Swift (V1) has simple authentication and a simple interface.
A URI to manage/access objects has the format of
HTTP://{object store server}/object/v1/{Account}/{bucket name}/{object name}.
In the case of ZFS,
- Account - this is the share name.. "/export/swiftshare" for example
- Bucket name - The name of the bucket that was created
- Object name - name of the object.
Authentication with Swift while using curl is typically a 2 step process.
First the authorization URI is called
HTTP://{object store server}/auth/v1.0/{Account}
The username and password is sent with the authentication URI. The URI then returns an auth token which is used in the curl command line to manage buckets/objects.
Username/password authentication (v1.0) is one of the 3 choices.
- Local username/password created on the ZDLRA.
- LDAP user ZFS ties to
- Keystone authentication server.
For all the testing I am doing on my ZFS simulator, I use a local user.
Before I go into how to configure and use the Swift interface on ZFS, I'll share what I was able to find out.
The Swift API has some limitations, and these limitations is what drove the move to S3.
As you probably noticed, the authentication and tracking of objects does not have enough details to support the segregation of users, and billing.
The S3 API takes the Swift API, and adds the ability to create separate tenants, set up billing, etc. All the things an enterprise needs to do.
With S3, you probably noticed that the authentication layer changed. It is based on secret name/secret rather than a username/password returning an auth token..
Well lets go through what it takes to configure the Swift interface.
First, most of the steps around configuring ZFS for an object store, I documented in my previous blog posts.
If you look the posts below you see the steps on configuring a share,creating a local user on ZFS, and configuring the http service.
ZFS Appliance - Your on-premise cloud store
For Swift, I will just go the steps specific to Swift.
All I need to do is enable swift. That's it !
Swift gets enabled just like enabling the S3 API, and the OCI API. Because I do not have a Keystone Authentication Server (which would be the OpenStack Identity Service), I didn't fill those values in.
NOTE: Authentication for swift is a little different from S3, or OCI. Both of the other APIs do not tie directly to the local user. S3 uses "secrets", and OCI uses a PEM file, and a Fingerprint.
Accessing my Swift bucket.
First some links to documentation that will give you examples of these ways of connecting.
Swift Guide for ZFS OS 8.8 release -- Current release as of writing.
Using ZFS as an object store -- This is old, but has a lot of detail and great detail
API Guide OS 8.8 for Swift Docs -- Current documentation guide
Also, since the Swift implementation is OpenStack, there is a lot of examples and documentation (non-oracle) available across the web.
I was able to access my bucket one of 3 ways
The first 2 ways are very similar
Swift command line tool - python based tool to connect to swift and manage buckets
CURL - Command line took similar to swift.
In order to create a bucket, and upload an object ......
First I execute the curl command to get the authentication token.
NOTE: my ZFS emulator is 10.0.0.110 and my share is /export/short
curl -i http://10.0.0.110/auth/v1.0/export/short -X GET -H "X-Auth-User: oracle" -H "X-Auth-Key: oracle123"
HTTP/1.1 200 OK
Date: Thu, 21 Jan 2021 18:54:38 GMT
Server: Apache
X-Content-Type-Options: nosniff
X-Storage-Url: http://10.0.0.110:80/object/v1/export/short
X-Auth-Token: ZFSSA_522d6355-9056-4a95-9060-c88648007993
X-Storage-Token: ZFSSA_522d6355-9056-4a95-9060-c88648007993
Content-Length: 0
X-Trans-Id: tx62e2f031f21640c29a2bf-006009cdee
Content-Type: text/html; charset=utf-8
Next I execute create a bucket .
From the output above I can get the "Auth Token", and the Storage URL to manage the object store in curl. Note that the Auth Token will expire.
Create a container in curl
curl -i http://10.0.0.110:80/object/v1/export/short/bucketswift -X PUT -H "Content-Length: 0" -H "X-Auth-Token: ZFSSA_522d6355-9056-4a95-9060-c88648007993"
Create a container in swift
swift post container -A http://10.0.0.110:80/object/v1/export/short -U oracle -K oracle123
That's all there is to it with the Swift Object Store on ZFS.
No comments:
Post a Comment