Integrating with Keystone Identity Service
The object protocol uses the keystone service to authenticate object users. When configuring the IBM Storage Scale system, you must specify that either an internal keystone server or an external keystone server will be used. In either case, the keystone server can use a local database or a separate LDAP or AD system for managing user credentials. If you are using an external keystone server, you are responsible for the configuration of this service. For more information, refer to the OpenStack documentation.
Before you configure authentication for object, ensure that the object services are enabled. To enable object services, use the mmces service enable obj command.
Prerequisites
Ensure that you have the following
details before you start configuring local authentication for object
access:
- The keystone host name must be defined and configured on all protocol nodes of the cluster. This host name returns one of the CES IP addresses, such as a round-robin DNS. It could also be a fixed IP of a load balancer that distributes requests to one of the CES nodes. This host name is also used to create the keystone endpoints.
Note: By default, the IBM Storage Scale installation
process configures object authentication with a local keystone authentication
method.