No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor 9000 V300R006C00 Object Storage Service (Compatible with Amazon S3 APIs) Administrator Guide 07

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Initializaing the System Autentication Mode

Initializaing the System Autentication Mode

This section explains how to quickly configure cluster authentication.

Context

Currently, only Single-Cluster Authentication is supported.

Configuring the cluster authentication generates some alarms. The following three types of alarms can be ignored: process uds_s3fs exits, partial services are abnormal and health status of storage cluster (OceanStor9000) downgrades.

Procedure

  • Configure authentication of a single cluster.
    1. Log in to DeviceManager.

      Go to Configure Cluster Authentication.

    2. Select Single-Cluster Authentication, configure the authentication mode, and click Next.

      Table 4-1 describes related parameters.

      Table 4-1  Authentication mode

      Parameter

      Description

      Value

      Authentication Mode

      Authentication mode of a single-cluster.

      • Keystone: The authentication is provided outside of clusters. This authentication mode applies to private cloud scenarios.
        NOTE:
        Keystone does not support AWS Signature Version 4.
      • POE: The authentication is provided inside clusters. This authentication mode applies to private cloud scenarios.

      [Example]

      IAM

    3. Configure authentication information and click Finish.

      Table 4-2 describes related parameters.

      Table 4-2  Keystone authentication parameters

      Parameter

      Description

      Value

      Not configure now

      If you select this option, you do not need to configure Keystone authentication parameters right now.

      NOTE:
      If you want to configure IAM authentication parameters after selecting this option, choose Settings > Storage Settings > Object Storage Service > Authentication Settings.

      [Example]

      None

      URL

      URL of the Keystone authentication server.

      [Value range]

      • The total length of the URL cannot exceed 255 characters.
      • The URL must contain at least two levels of domain names. Each level of the domain name contains a maximum of 63 characters, including uppercase letters, lowercase letters, digits, hyphens (-), and periods (.). A child domain name cannot start or end with a hyphen (-), and a top-level domain name cannot contain a hyphen (-).
      • IPv4 and IPv6 addresses are supported.
      • Ports 1 to 65535 are supported.
      • The path supports the RFC3986 standard, that is, supports uppercase letters, lowercase letters, digits, and special characters including !#$&'()*+,/:;=?@[]-_.~.

      [Example]

      192.168.159.200:30443/identity-admin or www.test.com:30443

      Access Protocol

      Protocol used to access the Keystone authentication server.

      [Example]

      https

      UserName

      User name used to log in to the Keystone authentication server.

      [Value range]

      The user name contains 1 to 127 characters.

      Password

      Password of the logged in user.

      [Value range]

      The password contains 8 to 63 characters.

      Domain ID

      Domain ID of the Keystone authentication server.

      [Value range]

      The domain ID contains 1 to 127 characters.

      Project Name

      Project name of Keystone authentication.

      [Value range]

      The project name contains 1 to 63 characters.

      NOTE:
      If you select the POE authentication mode, click Finish. You do not need to configure other parameters.

  • Configure authentication of multiple clusters.
    1. Log in to DeviceManager.

      Go to Configure Cluster Authentication.

    2. Select Multi-Cluster Authentication, configure the authentication mode, and click Next.

      Table 4-3 describes related parameters.

      Table 4-3  Authentication mode

      Parameter

      Description

      Value

      Authentication Mode

      Authentication mode of multiple clusters.

      • IAM: The authentication is provided outside of clusters. This authentication mode applies to public cloud scenarios.
      • Keystone: The authentication is provided outside of clusters. This authentication mode applies to private cloud scenarios.
        NOTE:
        Keystone does not support AWS Signature Version 4.
      • POE: The authentication is provided inside clusters. This authentication mode applies to private cloud scenarios.

      [Example]

      IAM

    3. Configure authentication information and click Finish.

      • Table 4-4 describes IAM authentication parameters.
        Table 4-4  IAM authentication parameters

        Parameter

        Description

        Value

        Not configure now

        If you select this option, you do not need to configure IAM authentication parameters right now.
        NOTE:
        If you want to configure IAM authentication parameters after selecting this option, choose Settings > Storage Settings > Object Storage Service > Authentication Settings.

        [Example]

        None

        URL

        URL of the IAM authentication server.

        [Value range]

        • The total length of the URL cannot exceed 255 characters.
        • The URL must contain at least two levels of domain names. Each level of the domain name contains a maximum of 63 characters, including uppercase letters, lowercase letters, digits, hyphens (-), and periods (.). A child domain name cannot start or end with a hyphen (-), and a top-level domain name cannot contain a hyphen (-).
        • IPv4 and IPv6 addresses are supported.
        • Ports 1 to 65535 are supported.
        • The path supports the RFC3986 standard, that is, supports uppercase letters, lowercase letters, digits, and special characters including !#$&'()*+,/:;=?@[]-_.~.

        [Example]

        192.168.159.200:30443 or www.test.com:30443

        Access Protocol

        Protocol used to access the IAM authentication server.

        [Example]

        https

        UserName

        User name used to log in to the IAM authentication server.

        [Value range]

        The user name contains 1 to 127 characters.

        Password

        Password of the logged in user.

        [Value range]

        The password contains 8 to 63 characters.

        Domain ID

        Domain ID of the IAM authentication server.

        [Value range]

        The domain ID contains 1 to 127 characters.

        Project Name

        Project name of IAM authentication.

        [Value range]

        The project name contains 1 to 63 characters.

      • Table 4-5 describes Keystone authentication parameters.
        Table 4-5  Keystone authentication parameters

        Parameter

        Description

        Value

        Not configure now

        If you select this option, you do not need to configure Keystone authentication parameters right now.

        NOTE:
        If you want to configure IAM authentication parameters after selecting this option, choose Settings > Storage Settings > Object Storage Service > Authentication Settings.

        [Example]

        None

        URL

        URL of the Keystone authentication server.

        [Value range]

        • The total length of the URL cannot exceed 255 characters.
        • The URL must contain at least two levels of domain names. Each level of the domain name contains a maximum of 63 characters, including uppercase letters, lowercase letters, digits, hyphens (-), and periods (.). A child domain name cannot start or end with a hyphen (-), and a top-level domain name cannot contain a hyphen (-).
        • IPv4 and IPv6 addresses are supported.
        • Ports 1 to 65535 are supported.
        • The path supports the RFC3986 standard, that is, supports uppercase letters, lowercase letters, digits, and special characters including !#$&'()*+,/:;=?@[]-_.~.

        [Example]

        192.168.159.200:30443/identity-admin or www.test.com:30443

        Access Protocol

        Protocol used to access the Keystone authentication server.

        [Example]

        https

        UserName

        User name used to log in to the Keystone authentication server.

        [Value range]

        The user name contains 1 to 127 characters.

        Password

        Password of the logged in user.

        [Value range]

        The password contains 8 to 63 characters.

        Domain ID

        Domain ID of the Keystone authentication server.

        [Value range]

        The domain ID contains 1 to 127 characters.

        Project Name

        Project name of Keystone authentication.

        [Value range]

        The project name contains 1 to 63 characters.

      • Table 4-6 describes POE authentication parameters.
        Table 4-6  POE authentication parameters

        Parameter

        Description

        Value

        Not configure now

        If you select this option, you do not need to configure POE authentication parameters right now.

        NOTE:
        If you want to configure IAM authentication parameters after selecting this option, choose Settings > Storage Settings > Object Storage Service > Authentication Settings.

        [Example]

        None

        Active URL

        Active URL of the POE authentication server.

        [Value range]

        • The total length of the URL cannot exceed 127 characters.
        • The URL must contain at least two levels of domain names. Each level of the domain name contains a maximum of 63 characters, including uppercase letters, lowercase letters, digits, hyphens (-), and periods (.). A child domain name cannot start or end with a hyphen (-), and a top-level domain name cannot contain a hyphen (-).
        • IPv4 and IPv6 addresses are supported.
        • Ports 1 to 65535 are supported.
        • The path supports the RFC3986 standard, that is, supports uppercase letters, lowercase letters, digits, and special characters including !#$&'()*+,/:;=?@[]-_.~.

        [Example]

        192.168.159.200:30443 or www.test.com:30443

        Standby URL

        Standby URL of the POE authentication server.

        [Value range]

        • The total length of the URL cannot exceed 127 characters.
        • The URL must contain at least two levels of domain names. Each level of the domain name contains a maximum of 63 characters, including uppercase letters, lowercase letters, digits, hyphens (-), and periods (.). A child domain name cannot start or end with a hyphen (-), and a top-level domain name cannot contain a hyphen (-).
        • IPv4 and IPv6 addresses are supported.
        • Ports 1 to 65535 are supported.
        • The path supports the RFC3986 standard, that is, supports uppercase letters, lowercase letters, digits, and special characters including !#$&'()*+,/:;=?@[]-_.~.

        [Example]

        192.168.159.200:30443 or www.test.com:30443

        Access Certificate

        Certificate of the POE authentication server.

        NOTE:
        You can use the SSH client software to log in to the system through the management floating IP address of the system, and run the sh /opt/obs/scritps/poe/getAdminInfo.sh command. In the command output, the value of AccessKey is the access certificate.

        [Example]

        None

        Security Certificate

        Certificate password of the POE authentication server.

        NOTE:
        You can use the SSH client software to log in to the system through the management floating IP address of the system, and run the sh /opt/obs/scritps/poe/getAdminInfo.sh command. In the command output, the value of SecretKey is the security certificate.

        [Example]

        None

Translation
Download
Updated: 2019-04-28

Document ID: EDOC1000122523

Views: 12149

Downloads: 84

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next