Creating accounts with NamespaceStore file system configuration
Before you begin
Download the Multicloud Object Gateway (MCG) command-line interface:
subscription-manager repos --enable=rh-odf-4-for-rhel-8-x86_64-rpms
yum install mcg
About this task
You can either create a new account with
NamespaceStore
file system
configuration or convert an existing normal account into a NamespaceStore
file
system account by editing the YAML.Note: You cannot remove a
NamespaceStore
file
system configuration from an account.Procedure
Create a new account with
NamespaceStore
file system configuration by
using the MCG command-line interface. noobaa account create <noobaa-account-name> [flags]
For example:
noobaa account create testaccount --full_permission --nsfs_account_config --gid 10001 --uid 10001 –default_resource fs_namespacestore
allow_bucket_create
|
Indicates whether the account is allowed to create new buckets.
Supported values are true or false . Default value is
true . |
allowed_buckets
|
A comma-separated list of bucket names to which the user is allowed to have access and management rights. |
default_resource
|
The NamespaceStore resource on which the new buckets will be created when using the S3 CreateBucket operation. The NamespaceStore must be backed by a rwx (ReadWriteMany) persistent volume claim (PVC). |
full_permission
|
Indicates whether the account should be allowed full permission or not.
Supported values are true or false . Default value is
false . |
new_buckets_path
|
The file system path where directories corresponding to new buckets will be created. The path is inside the file system of NamespaceStore file system PVCs where new directories are created to act as the file system mapping of newly created object bucket classes. |
nsfs_account_config
|
A mandatory field that indicates if the account is used for NamespaceStore file system. |
nsfs_only
|
Indicates whether the account is used only for NamespaceStore file
system or not. Supported values are true or false . Default value is
false . If it is set to 'true', it limits you from accessing other types of
buckets. |
uid
|
The user ID of the file system to which the MCG account will be mapped and it is used to access and manage data on the file system. |
gid
|
The group ID of the file system to which the MCG account will be mapped and it is used to access and manage data on the file system. |
The MCG system sends a response with the account configuration and its S3
credentials:
NooBaaAccount spec:
allow_bucket_creation: true
Allowed_buckets:
full_permission: true
permission_list: []
default_resource: noobaa-default-namespace-store
Nsfs_account_config:
gid: 10001
new_buckets_path: /
nsfs_only: true
uid: 10001
INFO[0006] ✅ Exists: Secret "noobaa-account-testaccount"
Connection info:
AWS_ACCESS_KEY_ID : <aws-access-key-id>
AWS_SECRET_ACCESS_KEY : <aws-secret-access-key>
What to do next
You can list all the custom resource definition (CRD) based accounts by using the following
command:
noobaa account list
NAME ALLOWED_BUCKETS DEFAULT_RESOURCE PHASE AGE
testaccount [*] noobaa-default-backing-store Ready 1m17s
If you are interested in a particular account, you can read its custom resource definition (CRD)
directly by the account name:
oc get noobaaaccount/testaccount -o yaml
spec:
allow_bucket_creation: true
allowed_buckets:
full_permission: true
permission_list: []
default_resource: noobaa-default-namespace-store
nsfs_account_config:
gid: 10001
new_buckets_path: /
nsfs_only: true
uid: 10001