OpenStack SwiftOnFile: User Identity for Cross Protocol Access Demystified Dean Hildebrand, Sasikanth Eda Sandeep Patil, Bill Owen IBM

Similar documents
Storage for HPC, HPDA and Machine Learning (ML)

Welcome to Manila: An OpenStack File Share Service. May 14 th, 2014

GlusterFS Architecture & Roadmap

OpenStack Integration

IBM Spectrum NAS, IBM Spectrum Scale and IBM Cloud Object Storage

IBM Spectrum Scale in an OpenStack Environment

Introduction to Digital Archiving and IBM archive storage options

Deploying Software Defined Storage for the Enterprise with Ceph. PRESENTATION TITLE GOES HERE Paul von Stamwitz Fujitsu

Amalgamating Manila and Swift for

Evaluating Cloud Storage Strategies. James Bottomley; CTO, Server Virtualization

Genomics on Cisco Metacloud + SwiftStack

Part2: Let s pick one cloud IaaS middleware: OpenStack. Sergio Maffioletti

AUTOMATING IBM SPECTRUM SCALE CLUSTER BUILDS IN AWS PROOF OF CONCEPT

TECHNICAL OVERVIEW OF NEW AND IMPROVED FEATURES OF EMC ISILON ONEFS 7.1.1

An Introduction to GPFS

Object storage platform How it can help? Martin Lenk, Specialist Senior Systems Engineer Unstructured Data Solution, Dell EMC

Commvault Backup to Cloudian Hyperstore CONFIGURATION GUIDE TO USE HYPERSTORE AS A STORAGE LIBRARY

Cloud Storage. Patrick Osborne Director of Product Management. Sam Fineberg Distinguished Technologist.

Why software defined storage matters? Sergey Goncharov Solution Architect, Red Hat

Elastic Cloud Storage (ECS)

Technical Note. Isilon OneFS. Isilon Swift Technical Note. Release number July, 2015

RAIDIX Data Storage Solution. Clustered Data Storage Based on the RAIDIX Software and GPFS File System

Ceph Rados Gateway. Orit Wasserman Fosdem 2016

An introduction to IBM Spectrum Scale

HPSS Treefrog Introduction.

SwiftStack and python-swiftclient

A product by CloudFounders. Wim Provoost Open vstorage

HPSS Treefrog Summary MARCH 1, 2018

Scality RING on Cisco UCS: Store File, Object, and OpenStack Data at Scale

Cloud object storage : the right way. Orit Wasserman Open Source Summit 2018

Dell EMC Isilon with Cohesity DataProtect

Introducing SUSE Enterprise Storage 5

IBM Active Cloud Engine/Active File Management. Kalyan Gunda

AWS Storage Gateway. Not your father s hybrid storage. University of Arizona IT Summit October 23, Jay Vagalatos, AWS Solutions Architect

IBM Storwize V7000 Unified

BIG DATA READY WITH ISILON JEUDI 19 NOVEMBRE Bertrand OUNANIAN: Advisory System Engineer

Cloud object storage in Ceph. Orit Wasserman Fosdem 2017

Storage Made Easy Enterprise File Share and Sync Fabric Architecture

THE CEPH POWER SHOW. Episode 2 : The Jewel Story. Daniel Messer Technical Marketing Red Hat Storage. Karan Singh Sr. Storage Architect Red Hat Storage

How To Guide: Long Term Archive for Rubrik. Using SwiftStack Storage as a Long Term Archive for Rubrik

OpenStack Cloud Storage. PRESENTATION TITLE GOES HERE Sam Fineberg HP Storage

Hybrid Cloud NAS for On-Premise and In-Cloud File Services with Panzura and Google Cloud Storage

THE EMC ISILON STORY. Big Data In The Enterprise. Deya Bassiouni Isilon Regional Sales Manager Emerging Africa, Egypt & Lebanon.

DELL EMC ISILON F800 AND H600 I/O PERFORMANCE

Hedvig as backup target for Veeam

GlusterFS and RHS for SysAdmins

Data Movement & Tiering with DMF 7

1. What is Cloud Computing (CC)? What are the Pros and Cons of CC? Technologies of CC 27

StorageCraft OneXafe and Veeam 9.5

An ESS implementation in a Tier 1 HPC Centre

Storage Performance Validation for Panzura

Data Protection for Cisco HyperFlex with Veeam Availability Suite. Solution Overview Cisco Public

StorageCraft OneBlox and Veeam 9.5 Expert Deployment Guide

Next Generation Storage for The Software-Defned World

Best Practices Guide for using IBM Spectrum Protect with Cohesity

Copyright 2012 EMC Corporation. All rights reserved.

Ceph Intro & Architectural Overview. Abbas Bangash Intercloud Systems

IBM Active Cloud Engine centralized data protection

November 7, DAN WILSON Global Operations Architecture, Concur. OpenStack Summit Hong Kong JOE ARNOLD

SOLUTION BRIEF Fulfill the promise of the cloud

Choosing an Interface

Vendor: IBM. Exam Code: Exam Name: IBM Midrange Storage Technical Support V3. Version: Demo

Storage Industry Resource Domain Model

IBM Storage Software Strategy

Quobyte The Data Center File System QUOBYTE INC.

GlusterFS Cloud Storage. John Mark Walker Gluster Community Leader, RED HAT

Infinite Volumes Management Guide

Outline: ONTAP 9 Cluster Administration and Data Protection Bundle (CDOTDP9)

Enterprise Ceph: Everyway, your way! Amit Dell Kyle Red Hat Red Hat Summit June 2016

Nasuni UniFS a True Global File System

Build Cloud like Rackspace with OpenStack Ansible

Optimizing and Managing File Storage in Windows Environments

The Fastest Scale-Out NAS

ONTAP 9 Cluster Administration. Course outline. Authorised Vendor e-learning. Guaranteed To Run. DR Digital Learning. Module 1: ONTAP Overview

1Z0-433

High Availability for Enterprise Clouds: Oracle Solaris Cluster and OpenStack

powered by Cloudian and Veritas

Introduction to Ceph Speaker : Thor

A New Key-value Data Store For Heterogeneous Storage Architecture Intel APAC R&D Ltd.

Provisioning with SUSE Enterprise Storage. Nyers Gábor Trainer &

TECHNICAL OVERVIEW OF NEW AND IMPROVED FEATURES OF DELL EMC ISILON ONEFS 8.0

Balakrishnan Nair. Senior Technology Consultant Back Up & Recovery Systems South Gulf. Copyright 2011 EMC Corporation. All rights reserved.

RED HAT CEPH STORAGE ROADMAP. Cesar Pinto Account Manager, Red Hat Norway

Scale-out Storage Solution and Challenges Mahadev Gaonkar igate

Object Storage Analytics: Leveraging Cognitive Computing For Deriving Insights And Relationship

IBM Spectrum Protect Version Introduction to Data Protection Solutions IBM

Configuring IBM Spectrum Protect for IBM Spectrum Scale Active File Management

The Nasuni Security Model

Oracle IaaS, a modern felhő infrastruktúra

HPC File Systems and Storage. Irena Johnson University of Notre Dame Center for Research Computing

Cloud Storage with AWS: EFS vs EBS vs S3 AHMAD KARAWASH

An introduction to GPFS Version 3.3

Build your own Cloud on Christof Westhues

INTRODUCTION TO CEPH. Orit Wasserman Red Hat August Penguin 2017

Software Defined Storage for the Evolving Data Center

DELL EMC ISILON ONEFS OPERATING SYSTEM

Parallel File Systems. John White Lawrence Berkeley National Lab

SONAS Best Practices and options for CIFS Scalability

WHITE PAPER Software-Defined Storage IzumoFS with Cisco UCS and Cisco UCS Director Solutions

IBM Spectrum Scale Archiving Policies

Transcription:

OpenStack SwiftOnFile: User Identity for Cross Protocol Access Demystified Dean Hildebrand, Sasikanth Eda Sandeep Patil, Bill Owen IBM 2015 Storage Developer Conference. Insert Your Company Name. All Rights Reserved.

Overview OpenStack Swift Architecture Swift-on-File Architecture Spectrum Scale for Object Storage Architecture File and Object Use Cases OpenStack Swift ACL Vs. File ACL semantics Modes to Support Compatibility Non-Unified Identity Between Object and File Interface Unified Identity Between Object and File Interface Implementation approaches 2

OpenStack Swift Architecture: Overview OpenStack Swift is a highly available, distributed, eventually consistent object/blob store [1]. Wide range of usecases including web / mobile applications, backups, active archiving One of 3 OpenStack storage services (Cinder block & Manila file) 100% python 35 kloc with over 70 kloc more in unit, function & EI test code Vibrant community, top contributing companies for Juno include: SwiftStack, Rackspace, Redhat, HP, Intel, IBM, Box [1] http://docs.openstack.org/developer/swift/ 3

OpenStack Swift Features Multi-tenancy ACLs Role-based Auth HTTP/HTTPS Mac/Windows/Linux Swift and S3 API support SDKs User-defined metadata Storage automation Cost Savings through simplified management and use of cheapest and densest storage Geo-replication High-Availability Flat namespace Extensible Middleware Versioning Quotas Expiration Rate Limiting Rolling upgrades 4 4

OpenStack Swift Architecture: Overview Proxy Tier Traditional Swift Storage Policy object ring Swift storage path: -rwxr-xr-x 1 swift swift 29 Aug 22 09:25 /mnt/sdb1/2/node/sdb2/objects/981/f79/ d7b843bf79/1401254393.89313.data Swift user Orphaned Storage nodes User request -> Proxy tier -> Storage policy -> Ring -> storage location / path 5

File Access to Objects Use Cases 1. Use file API as transition to object API 2. Create and Share Create data via file interface and share globally using object interface Example use cases include HPC, video, legacy API access to objects 3. Sync/Archive and Analyze Running Analytics directly through Swift/S3 API limits functionality While HDFS connectors exist for Swift/S3, they have Limited functionality since Hive and HBase (among others) are not supported due to file append requirement Poor performance due to loss of data location on writes, load imbalances etc. 4. Simplified management plane Manage file and object within single system 6

OpenStack Swift Architecture: Problem Not Designed for File Access to Objects Proxy Tier Traditional Swift Storage Policy Swift user NAS GW object ring Orphaned Storage nodes Poor performance due to inefficient NAS copy and change gateways Users mistakenly think they can do POSIX 7

Swift-on-File Architecture: Overview Swift Object Server implementation (Diskfile) [2] Data can be stored and retrieved through Swift and S3 and from NAS Enabled as a Swift Storage Policy Stores objects on any scale-out file system Stores objects once in scale-out file system Leverages Scale-out File System data protection Stores objects following the same path as the object's URL [2] https://github.com/stackforge/swiftonfile/blob/master/readme.md#swift-on-file 8

Swift-on-File Architecture: Overview Proxy Tier Swift user Object-1 ring Swift on File Storage policy Scale-out File System SwiftOnFile storage path: -rwxr-xr-x 1 swift swift 29 Aug 22 09:25 /mnt/swiftonfile/cont/obj1 Path accessible via NFS / CIFS / POSIX User request -> Proxy tier -> Swift on File policy -> Swift on File Ring -> storage location / path 9

Swift-on-File Architecture: Overview This object: http://swift.example.com/v1/acct/cont/obj was stored with Swift here: /mnt/sdb1/2/node/sdb2/objects/981/f79/f566bd022b9285b05e665fd7 b843bf79/1401254393.89313.data But is now stored with SwiftonFile here: /mnt/scaleoutfs/acct/cont/obj 10

Co-Existence of Traditional and Swift- On-File Object Placement Not useful for Analytic / File workloads Traditional Swift Storage policy Swift storage path: Swift user Proxy Tier Object ring Object-1 ring Swift on File Storage policy Scale-out File System -rwxr-xr-x 1 swift swift 29 Aug 22 09:25 /mnt/sdb1/2/node/sdb2/objects/981/f79/ d7b843bf79/1401254393.89313.data Appropriate for Analytic / File workloads SwiftOnFile storage path: -rwxr-xr-x 1 swift swift 29 Aug 22 09:25 /mnt/swiftonfile/container/object1 11

Swift-on-File Usecase 1: Video Capture and Analysis NFS / SMB / POSIX Path Legacy Application Production Location-1 / Camera-1 HTTP (Object PUT) Feed from cameras to Object storage Swift on File Interface /cont1/obj1 /cont2/obj8 Existing video library (Ex: Video transcode, Post-production etc.) Share results to next workflow component Production Location-2 / Camera-2 IBM Spectrum Scale (GPFS) 12

Swift-on-File Usecase 2: Secure Analytics (End-to-End Life Cycle Management) NFS / SMB Storage NFS / SMB Path Analytics Platform Objectification Device Guest Scientist-1 Organization-1 On-premise storage Experiment raw data /data1/data0/file /data4/file6 /data5/file11 /data36/file800 Account Account Results Sync back results to respective account / devices Results NFS / SMB Storage IBM Spectrum Scale (GPFS) Device Guest Scientist-N Organization-N On-premise storage Experiment raw data Tape SSD SAS SATA Intelligent Life cycle Management

Spectrum Scale for Object Storage Combine strengths of Spectrum Scale and OpenStack Swift Eliminate data migration through native File and Object integration POSIX/NFS/SMB/S3/Swift High performance and scalability Authentication integration (LDAP/AD) Data protection Snapshots, Backup, Disaster Recovery POSIX HDFS NFS Spectrum Scale SMB Swift/S3 Encryption Compression Integrated or software-only solutions SSD Fast Disk Slow Disk Tape External storage integration TSM, LTFS, Optical 14 14

Spectrum Scale for Object Storage Detailed Architecture Run all Swift and Scale processes on all front-end object servers HTTP Swift/S3 Requests Load Balancer Front-end servers access data directly from storage system Objects are erasure coded on storage cluster using Additional Services in Cluster Keystone Authentication Service Swift Services Proxy Service Object Service Scale Memcached.. Proxy Service Object Service Scale Front-end Object Servers Spectrum Scale Native RAID Storage Network Use Swift policies to map containers to Spectrum Scale Filesets with specific features e.g. encryption, SSD Fast Disk Slow Disk Tape compression. 15 15

OpenStack Swift ACL Semantics Swift ACL enables owner to set READ/WRITE access rights ACL s are set and stored at container level (db) SWIFT ACL s are not associated with the user s User ID or Group ID, unlike the File world Controllable via headers X-Container-Read, X-Container-Write, X-Remove-Container-Read, X-Remove-Controllable-Write Example (Read ACL): Example (Write ACL): $ swift stat container1 Account: AUTH_test Container: container1 Objects: 17 Bytes: 29 Read ACL: test:tester2 Write ACL: Sync To: Sync Key: Accept-Ranges: bytes X-Storage-Policy: SwiftOnFile X-Timestamp: 1440323340.30419 X-Trans-Id: txd285be9a47d940018e1fd-0055e26f81 $ swift stat container2 Account: AUTH_test Container: container2 Objects: 9 Bytes: 261 Read ACL: Write ACL: test:tester2 Sync To: Sync Key: Accept-Ranges: bytes X-Storage-Policy: SwiftOnFile X-Timestamp: 1439524393.73931 X-Trans-Id: tx6e2d8962e3e5431bbf7e6-0055cdf823 16

File ACL Semantics In file world, there exits predominantly two kinds of ACL support; POSIX ACLs - Associated with three sets of permissions that define access for the owner, the owning group, and for others. Each set may contain Read (r), Write (w), and Execute (x) permissions NFSv4 ACLs - Provides finer granularity than typical POSIX read/write/execute permissions and are similar to SMB ACLs. Both these ACL s are based on User s User ID and Group ID Other features that are tied with User ID properties include Quota, Backup, ILM functionalities. In contrast to Object ACL s, File ACL s are: Granular and comprehensive Supports Inheritance (file inherits its parent directory permissions at the time of creation) ACL s can be set at both file as well as directory level 17

Modes to Support Compatibility In order to achieve compatibility, the first step is to provide an ability to have File User ID mapping with the SWIFT users. Two proposed modes: Mode 1: Non-Unified Identity Mode 2: Unified Identity 18

Mode 1: Non-Unified Identity Between Object and File Application running analytics on Object Data Object Users File Authentication Object Authentication via keystone Object Access SwiftOnFile device File Access NFS / CIFS POSIX AD / LDAP IBM Spectrum Scale AD / LADP Data created via object API will be available for application via file API using; Root Newly defined special user User given explicit ACLs Data created via file API will be accessible via object API Must elevate swift user permissions For this mode, if the auth server is AD/LDAP, it can be same or different 19

Mode 1: Non-Unified Identity Between Object and File Object authentication setup is independent of File Authentication setup End user can make use the common authentication server incase of AD/LDAP Data created by Object API owned by swift user or must have full access to swift user data Application processing object data from file API needs the required file ACL to access the data File access should ensure that object data always retains full access to swift user (can be achieved using DAC_OVERRIDE CAPABILITIES). Keystone user (John) Object user PUT/GET request OpenStack SWIFT Storage Unit Elevated swift user permissions $ mmgetacl.../swiftonfile/container1/obj1 #owner:swift #group:swift (Object PUT) $ mmgetacl.../swiftonfile/container1/obj2 #owner:root #group:root (File write via POSIX if written by root) 20

Mode 2: Unified Identity Between Object and File Object Authentication via keystone Object Access SwiftOnFile device File Access NFS / CIFS POSIX File Authentication IBM Spectrum Scale Common AD/LDAP Common set of Object and File users using same directory service (AD+RFC 2307 or LDAP) Objects created using Swift API will be owned by the user performing the Object operation (PUT) Design Decision: If object already exists, existing ownership of File will be retained 21

Unified Identity Between Object and File Design Decision (Authorization): Object access will follow Object ACL semantics File access will follow File ACL semantics Retaining ACL and XATTR If an object update is performed then existing file ACL and XATTR will be retained For an object update operation No explicit file ACL will be set for that user For initial PUT operation of an object over a nested directory Object owned by user but no explicit ACL will be set for that user over the nested directories Keystone user (John) Object user PUT/GET request OpenStack SWIFT Storage Unit $ mmgetacl.../swiftonfile/container1/obj1 #owner:john #group:john user::rw-c group::---- other::---- mask::rwxc 22

Quick Swift Terminology Aside Middleware [3] is used to add additional functionality to Proxy, Object, and Container/Account WSGI servers Inject code on both the request and response paths Easy way to customize a Swift deployment Numerous supported Middleware features as well as several other middleware modules available E.g., Swift3, Rate Limiting Diskfile [4] forms a disk abstraction layer for the object server Customizes the API and layout of how objects are stored Example APIs: POSIX, Kinetic Example layout: Standard Swift, Swift on File [3] http://docs.openstack.org/developer/swift/development_ondisk_backends.html [4] http://docs.openstack.org/developer/swift/development_middleware.html 23

Accessing Objects via File without Ownership: Implementation 1. Proxy Server Middleware Collect username from request (or obtain it using Auth token) and pass to object server 2. Object Server DiskFile module Perform ACL inheritance / append operation on object with obtained username [3] http://docs.openstack.org/developer/swift/development_ondisk_backends.html [4] http://docs.openstack.org/developer/swift/development_middleware.html 24

Accessing Objects via File without Ownership: Architecture Bob Object PUT Proxy Server Storage Policy Object rings Obj.ring Obj1.ring Object-1 Server Object Server PUT operation Object COMMIT success Proposed Object server Middleware 1. Obtain current ACL template 2. Append mask::rwcx\nuser:bob:rwxc 3. Apply new ACL template $ mmgetacl /objects/c24/18.72.data #owner:swift #group:swift user::rw-c group::---- other::---- Traditional Swift Fileset Swift-on-File Fileset IBM Spectrum IBM Spectrum Scale (GPFS Scale Filesystem) $ mmgetacl.../sof/container1/obj1 #owner:swift #group:swift user::rw-c group::---- other::---- mask::rwxc user:bob:rwxc 25

Accessing Objects via File WITH Ownership Implementation 1. Elevate permissions to user configured with Swift Typically swift user 2. Proxy Server Middleware Collect username from request (or obtain it using Auth token) and pass it to object server 3. Object Server DiskFile module Perform chown operation on object with the obtained username 26

Accessing Objects via File WITH Ownership Architecture Bob Object PUT Proxy Server Storage Policy Elevated swift user permissions Object rings Obj.ring Obj1.ring Object-1 Server Object Server PUT operation Object COMMIT success Proposed Object server Middleware 1. Obtain current user 2. Perform chown operation using obtained user $ mmgetacl /objects/c24/18.72.data #owner:swift #group:swift user::rw-c group::---- other::---- Traditional Swift Fileset Swift-on-File Fileset IBM Spectrum IBM Spectrum Scale (GPFS Scale Filesystem) $ mmgetacl.../sof/container1/obj1 #owner:bob #group:bob user::rw-c group::---- other::---- 27

IBM Spectrum Scale Data management at scale OpenStack and Spectrum Scale helps clients manage data at scale Business: I need virtually unlimited storage An open & scalable cloud platform HDFS POSIX NFS SMB Glance Manila Cinder Swift Spectrum Scale Operations: I need a flexible infrastructure that supports both object and file based storage Operations: I need to minimize the time it takes to perform common storage management tasks A single data plane that supports Cinder, Glance, Swift, Manila as well as NFS, et. al. A fully automated policy based data placement and migration tool SSD Fast Disk Slow Disk Tape Collaboration: I need to share data between people, departments and sites with low latency. Sharing with a variety of WAN caching modes Avoid vendor lock-in with true Software Defined Storage and Open Standards Seamless performance & capacity scaling Automate data management at scale Enable global collaboration 28 Results Converge File and Object based storage under one roof Employ enterprise features to protect data, e.g. Snapshots, Backup, and Disaster Recovery Support native file, block and object sharing to data [coming in 2015]

Thank you

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback