6.5 HP StoreAll OS User Guide

ManualsBrandsHP ManualsStorageHP X9320 1GbE 192TB Network Storage System

121

122

123

124

125

126

127

128

129

130

9 Using Object Store

Object Store provides the flexibility of being based on the open source OpenStack Cloud Software

with the additional functionality of StoreAll. Object Store lets you store items in the cloud with the

security of Keystone authentication. Authorization is at a centralized location, which tracks all

modifications to any object store resource through an authentication token.

Authorization can only be configured at the container level. For example, you can configure access

so that only developers can access one set of containers and accounting can only access another

set of containers. Note that only one Object Store is supported per cluster.

StoreAll supports authentication of Active Directory, LDAP, StoreAll local users, and Keystone

database users. Active Directory, LDAP, and StoreAll local users can be granted administrative

privileges using the HP StoreAll Management console or the HP StoreAll CLI. Keystone database

users can be only be created/modified/deleted and granted administrative privileges through the

Keystone client or REST API; however, the Keystone client or REST API does not support

creation/modification/deletion of AD, LDAP, or StoreAll local users. For information about the

Keystone client, see The client API at http://docs.openstack.org/developer/python-keystoneclient/

using-api.html# located on the OpenStack website (http://docs.openstack.org).

StoreAll also lets you set up redundancy across Object Store, so that information is always backed

up every five minutes.

The following table provides an overview of the required steps so that you and your users can

begin uploading content to Object Store.

Table 12 Overview for implementing Object Store

For additional informationDescriptionStep

“Creating an Object Store” (page 129)Create an Object Store by using the HP StoreAll

Management Console.

To create the Object Store through the CLI, use the

ibrix_objectstore command. See the HP StoreAll

OS CLI Reference Guide for more information.

“Creating administrator groups and assigning users”

(page 138)

Create an administrator group for an Object Store,

and then add users to the group by using the HP

StoreAll Management Console. By default, all users

added to the Object Store administrator group will be

administrators. You can also provide administrative

privilege to an individual user of a non-administrative

group. Users must have administrative privileges to be

able to create, delete, and manage containers and

objects in the containers.

To manage administrative privileges for LDAP, AD,

and/or local StoreAll users through the CLI, use the

ibrix_objectstoreadmin command. See the HP

StoreAll OS CLI Reference Guide for more information.

You can also grant users access to a container without

granting them administrative privileges by setting ACLs

(access control lists). See “Permission levels” (page 137)

for more information.

“Creating tokens for authentication” (page 143)Each user must have an authentication token before

they can access an Object Store. Authentication tokens

must be renewed every 24 hours. So create tokens for

yourself and others right before the need to access an

Object Store.

128 Using Object Store