Creating containers

The Object Storage organizes data in account, container, and object. Each account and container is an individual database that is distributed across the cluster. An account database contains the list of containers in that account. A container database contains the list of objects in that container.

It is the responsibility of the Keystone server administrator to create and manage accounts. The account defines a namespace for containers. A container must be unique within the owning account and account must use a unique name within the project. The admin account is created by default.

To work with this function in the IBM Storage Scale GUI, log on to the GUI and select Object > Containers.

Use the following procedure to create containers:

  1. Run the swift post container command to create a container by using the Swift command-line client.
    In the following example, the Keystone administrator creates a public_readOnly container in admin account:
    # swift post public_readOnly  --os-auth-url http://tully-ces-ip.adcons.spectrum:35357/v3 
--os-project-name admin --os-project-domain-name Default --os-username admin 
--os-user-domain-name Default --os-password Passw0rd --auth-version 3
  2. Run the following command to list the containers that are available for the account.
    In the following example, the system lists the containers that are available in the admin project:
    # swift list --os-auth-url http://tully-ces-ip.adcons.spectrum:35357/v3 
--os-project-name admin --os-project-domain-name Default --os-username admin 
--os-user-domain-name Default --os-password Passw0rd --auth-version 3
public_readOnly
  3. Run the following command to list the accounts, containers, or objects details.
    In the following example, the system displays the admin account details: 
    # swift stat -v --os-auth-url http://tully-ces-ip.adcons.spectrum:35357/v3 
--os-project-name admin --os-project-domain-name Default --os-username admin 
--os-user-domain-name Default --os-password Passw0rd --auth-version 3
                     StorageURL: http://tully-ces-ip.adcons.spectrum:8080/v1
/AUTH_bea5a0c632e54eaf85e9150a16c443ce
                     Auth Token: 1f6260c4f8994581a465b8225075c932
                        Account: AUTH_bea5a0c632e54eaf85e9150a16c443ce
                     Containers: 1
                        Objects: 0
                          Bytes: 0
Containers in policy "policy-0": 1
Objects in policy "policy-0": 0
     Bytes in policy "policy-0": 0
    X-Account-Project-Domain-Id: default
                    X-Timestamp: 1432766053.43581
                     X-Trans-Id: tx9b96c4a8622c40b3ac69a-0055677ce7
                   Content-Type: text/plain; charset=utf-8
                  Accept-Ranges: bytes
    In the following example, the system displays the public_readOnly' container details, on the admin account: 
    # swift stat public_readOnly -v --os-auth-url http://tully-ces-ip.adcons.spectrum:35357/v3 
--os-project-name admin --os-project-domain-name Default --os-username admin 
--os-user-domain-name Default --os-password Passw0rd --auth-version 3
URL: http://tully-ces-ip.adcons.spectrum:8080/v1/AUTH_bea5a0c632e54eaf85e9150a16c443ce
/public_readOnly
      Auth Token: 957d6c37155b44d3a476441bc927835d
         Account: AUTH_bea5a0c632e54eaf85e9150a16c443ce
       Container: public_readOnly
         Objects: 0
           Bytes: 0
        Read ACL:
       Write ACL:
         Sync To:
        Sync Key:
   Accept-Ranges: bytes
X-Storage-Policy: Policy-0
     X-Timestamp: 1432795292.10297
      X-Trans-Id: tx9b05c2135a9c4034b910c-0055677dad
    Content-Type: text/plain; charset=utf-8

    By default, only users who are having a Keystone role that is specified in the proxy-server.conf operator_roles option are allowed to create container on an account.

    Run the following command to list operator_roles on the IBM Storage Scale system during installation: 
    mmobj config list --ccrfile proxy-server.conf --section filter:keystoneauth --property operator_roles
    Run the following command to list operator_roles in all other cases:
    mmobj config list --ccrfile proxy-server.conf --section filter:keystone --property operator_roles
    Keystone administrator can also use the container to control access to the objects by using an access control list (ACL). In the following example, a member of the admin account tries to display the details of public_readOnly account. However, the process fails because it does not have an operator role or access control defined: 
    # swift stat public_readOnly -v --os-auth-url http://tully-ces-ip.adcons.spectrum:35357/v3 
--os-project-name admin --os-project-domain-name Default --os-username member 
--os-user-domain-name Default --os-password Passw0rd --auth-version 3
Container HEAD failed: http://tully-ces-ip.adcons.spectrum:8080/v1
/AUTH_bea5a0c632e54eaf85e9150a16c443ce/public_readOnly 403 Forbidden