Identity management modes for unified file and Swift Object access

The following section gives information about the two identity management modes for unified file and Swift Object access: local mode and unified mode. The information in this section also describes how to configure these modes for a system.

Important:
  • CES Swift Object protocol feature is not supported from IBM Storage Scale 5.2.0 onwards.
  • IBM Storage Scale 5.1.8 is the last release that has CES Swift Object protocol.
  • IBM Storage Scale 5.2.0 will tolerate the update of a CES node from IBM Storage Scale 5.1.8.
    • Tolerate means:
      • The CES node will be updated to 5.2.0.
      • Swift Object support will not be updated as part of the 5.2.0 update.
      • You may continue to use the version of Swift Object protocol that was provided in IBM Storage Scale 5.1.8 on the CES 5.2.0 node.
      • IBM will provide usage and known defect support for the version of Swift Object that was provided in IBM Storage Scale 5.1.8 until you migrate to a supported object solution that IBM Storage Scale provides.
      • CES Swift Object is replaced with IBM Storage Scale S3. For more details, refer S3 support overview.
      • For more information about Swift Object in IBM Storage Scale, refer to the IBM Storage Scale 5.2.0 documentation.
  • Contact IBM for further details and migration planning.

Unified file and Swift Object access comprises the following two modes:

  • local_mode: Separate identity between Swift Object and file (Default mode)
  • unified_mode: Shared identity between Swift Object and file

The mode is represented by the id_mgmt configuration parameter in the object-server-sof.conf file:

id_mgmt = local_mode | unified_mode

You can change this parameter by using the mmobj config change command. For more information, see Configuring authentication and setting identity management modes for unified file and object access.

Note:

  • Only one mode can be effective at a specified time and it must be configured by the administrator for the entire system. id_mgmt = local_mode is the default setting.

  • If you plan to use unified_mode, the authentication mechanism for file and Swift Object must be the same. If you set id_mgmt to unified_mode and the file authentication and object authentication are not common, then the ID resolution of the users does not work correctly.

    This leads to either Swift Object not being created with 503 error* return code or the Swift Object that is being created with an improper user ID. So, it is important that administrators make sure that a common authentication with appropriate ID mapping is configured for file and Swift Object.

    * if you are using swift client, instead of 503, you might get an error similar to the following error:

    'put_object('container_name', 'object_name', ..) failure and no ability to reset contents for reupload.'

    For more information about validating the ID mapping, see Validating shared authentication ID mapping.