Rgw multi-tenancy » History » Version 1
Yehuda Sadeh, 06/29/2015 08:52 PM
1 | 1 | Yehuda Sadeh | h1. Summary |
---|---|---|---|
2 | |||
3 | Currently RGW follows the S3 scheme, in which users and buckets all reside in a single global tenant. |
||
4 | Swift, on the other hand has a distinct tenant entity. Note that the swift tenant is closer to the rgw user in functionality, whereas the swift users are closer to the rgw subusers. |
||
5 | All swift users within the same tenant share the same data (as with subusers under rgw user). |
||
6 | Buckets names don’t need to be unique across different tenants (unlike rgw). |
||
7 | Owners |
||
8 | |||
9 | Yehuda (Red Hat) |
||
10 | |||
11 | h1. Interested Parties |
||
12 | |||
13 | Name (affiliation) |
||
14 | |||
15 | h1. Current Status |
||
16 | |||
17 | |||
18 | h1. Detailed Description |
||
19 | |||
20 | The suggested solution: |
||
21 | |||
22 | h2. Basic |
||
23 | |||
24 | * add ‘tenant’ property to rgw users |
||
25 | * add ‘tenant’ property to rgw buckets |
||
26 | * any bucket that a user creates will reside under the user’s tenant |
||
27 | * buckets will not need to be unique across tenants |
||
28 | * user could be referred to as <tenant>:<user> |
||
29 | * bucket could be referred to as <tenant>#<bucket> or <tenant>/<bucket> (can’t use <tenant>:<bucket>) |
||
30 | for backward compatibility, the global tenant also exists, in which the tenant name is empty. Accessing a bucket through the virtual dns bucket naming scheme (e.g., bucket.dreamhost.com), will got to the bucket in the global region. A configurable will make it possible to change this scheme to be able to specify a tenant, e.g. <bucket>.<tenant>.<domain>. |
||
31 | when a user refers to a user or a bucket, if the tenant is not specified its own tenant will be used; when a user specifies permissions on object / bucket, each acl that specifies another user will refer to its own tenant by default. E.g., |
||
32 | |||
33 | User sage under the redhat tenant (redhat:sage) gives greg permissions, sage could either specify redhat:greg <- READ_ONLY, or just greg <- READ_ONLY, as greg and sage are on the same tenant. |
||
34 | a tenant entity will also exist, and would have several optional configurables |
||
35 | default placement target (storage policy) |
||
36 | quota (per user in the tenant, for the entire tenant -- if implemented) |
||
37 | name[s] of dns entry point[s] for the tenant |
||
38 | |||
39 | Advanced functionality, not necessarily part of initial solution |
||
40 | ability to list users that belong to each tenant |
||
41 | tenant admin users that can administer their tenant |
||
42 | quota per tenant, statistics per tenant |