Use the following steps to configure object access with the Keystone server that is
available in the IBM Storage Scale system with Secure Sockets
Layer (SSL) enabled.
- Obtain certificates from the certificate authority (CA) and place them at the following
location on the current node from where you run the mmuserauth service create
command:
/var/mmfs/tmp/ssl_cert.pem
/var/mmfs/tmp/ssl_key.pem
/var/mmfs/tmp/ssl_cacert.pem
Note:
- Self-signed certificates can be used for testing and demonstration purposes. However, the use of
externally signed certificates is suggested for production environments.
- The name in the SSL certificate must match the Keystone endpoint name.
- Run the following command to remove existing local authentication for object
access:
mmuserauth service remove --data-access-method object
- Run the following command to configure local authentication with SSL for object
access:
mmuserauth service create --data-access-method object --type local --enable-ks-ssl
Local authentication is now configured for object access
with SSL enabled.
To disable SSL and configure local authentication
for object access again, use the following steps.
- Run the following command to remove existing local authentication for object
access:
mmuserauth service remove --data-access-method object
If you are also changing authentication type, run the following commands (in sequence) to remove
authentication and ID mappings:
mmuserauth service remove --data-access-method object
mmuserauth service remove --data-access-method object --idmapdelete
- Run the following command to configure local authentication without SSL for object
access:
mmuserauth service create --data-access-method object --type local