mmobj command
Manages configuration of Object protocol service, and administers storage policies for object storage, unified file and object access, and multi-region object deployment.
Synopsis
mmobj swift base -g GPFSMountPoint --cluster-hostname CESHostName
[-o ObjFileset] [-i MaxNumInodes] [--ces-group CESGroup]
{{--local-keystone [--admin-token Token]} | [--remote-keystone-url URL]
[--configure-remote-keystone]}
[--admin-user AdminUser] [--swift-user SwiftUser ][--pwd-file PasswordFile]
[--enable-file-access] [--enable-s3] [--enable-multi-region]
[--join-region-file RegionFile] [--region-number RegionNumber]
or
mmobj config list --ccrfile CCRFile [--section Section [--property PropertyName]] [-Y]
or
mmobj config change --ccrfile CCRFile --section Section --property PropertyName --value Value
or
mmobj config change --ccrfile CCRFile --merge-file MergeFile
or
mmobj config manage --version-sync
or
mmobj policy list [{--policy-name PolicyName | --policy-function PolicyFunction}] [--verbose] [-Y]
or
mmobj policy create PolicyName [-f FilesetName]
[--file-system FilesystemName] [-i MaxNumInodes]
{[--enable-compression --compression-schedule CompressionSchedule]}
{[--enable-encryption --encryption-keyfile EncryptionKeyFileName [--force-rule-append]]}
[--enable-file-access]
or
mmobj policy change PolicyName --default
or
mmobj policy change PolicyName --deprecate State
or
mmobj policy change --add-local-region
or
mmobj policy change --remove-region-number RegionNumber
or
mmobj policy change --compression-schedule CompressionSchedule
or
mmobj file-access enable
or
mmobj file-access disable [--objectizer]
ormmobj file-access objectize
{ --object-path ObjectPath
| --storage-policy PolicyName
[ --account-name AccountName
[ --container-name ContainerName
[ --object-name ObjectName ]]]}
[ -N | --node NodeName ]
or
mmobj file-access link-fileset
--sourcefset-path FilesetPath
--account-name AccountName
--container-name ContainerName
--fileaccess-policy-name PolicyName
[--update-listing]
or
mmobj multiregion list [-Y]
or
mmobj multiregion enable
or
mmobj multiregion export --region-file RegionFile
or
mmobj multiregion import --region-file RegionFile
or
mmobj multiregion remove --region-number RegionNumber --force
or
mmobj s3 enable
or
mmobj s3 disable
or
mmobj s3 list [-Y]
Availability
Available on all IBM Spectrum Scale editions.
Description
Use the mmobj command to modify and change the Object protocol service configuration, and to administer storage policies for Object Storage, unified file and Object access, and multi-region Object deployment.
mmobj config list
and the mmobj config change
commands
are used to list and change the configuration values for the underlying Swift service that is stored
in the Cluster Configuration Repository (CCR).mmobj swift
base
command to set object_singleton_node
and
object_database_node
attributes. - The node with the
object_database_node
attribute runs the keystone database. - The node with the
object_singleton_node
attribute runs unique object services across the CES cluster.
mmces address list
. The IP address can
be added by using the mmces address add
command.If there is an existing Object authentication that is configured, use the mmuserauth service remove --data-access-method object command to remove the Object authentication. Then, use the mmces service disable OBJ command to perform the necessary cleanup before you run the mmobj swift base command again.
Object authentication can be either local or remote. If the Object authentication is local, the Keystone identity service and the Keystone database run in and are handled by the CES cluster. If the Object authentication is remote, the Keystone server must be fully configured and running before Object services are installed.
In the unified file and Object access environments, the ibmobjectizer
service makes files from the file interfaces such as POSIX, NFS, and CIFS accessible through Object
interfaces such as curl and SWIFT. The ibmobjectizer
service runs periodically and
makes files available for the Object interface. The file-access parameter of
the mmobj command can be used to enable and disable the file-access capability
and the ibmobjectizer
service. The ibmobjectizer
service runs on
the CES IP address with the object_singleton_node
attribute.
mmobj file-access link-fileset
command. This command can be used to make the existing fileset data accessible under a
unified file and Object access storage policy container. By default, this command allows the
existing fileset to have Object access without updating the container and metadata. However, you can
use the --update-listing option to update container listing with files that are
existing in the linked fileset. If the --update-listing option of the
mmobj file-access link-fileset command is used, then the
sourcefset-path must be the exact fileset junction path and the fileset
must be derived from the Object file system.Parameters
- swift
- Configures the underlying Swift services:
- base
- Specifies the configuration of the Object protocol service.
- -g GPFSMountPoint
- Specifies the mount path of the GPFS file system that is used by Swift.
- --cluster-hostname CESHostName
- Specifies the host name that is used to return one of the CES IP addresses. The returned CES IP address is used in the endpoint for the identity and Object-store values that are stored in Keystone.
- --local-keystone
- Specifies that a new Keystone server is installed and configured locally in the cluster.
- --admin-user User
- Specifies the name of the admin user in Swift. The default value is
admin
. - --admin-token Token
- Specifies the admin token to be used for the initial Keystone setup. If it is not specified, a random string is used.
- --swift-user User
- Specifies the user for the Swift services. The default value is
swift
. - --pwd-file PasswordFile
- Specifies the file that contains the administrative user passwords that are used for Object
access protocol authentication configuration. You must save the password file under
/var/mmfs/ssl/keyServ/tmp on the node from which you are running the command.
The password file is a security-sensitive file that must have the following characteristics:
- The password file must be a regular file.
- The password file must be owned by the root user.
- Only the root user must have permission to read or write it.
The password file for Object protocol configuration must have the following format:
In the example above:%objectauth: ksAdminPwd=ksAdminPwdpassword ksSwiftPwd=ksSwiftPwdpassword ksDatabasePwd=ksDatabasePassword
- objectauth
- Indicates the stanza name for the object protocol.
- ksAdminPwd
- Specifies the Keystone administrator's password.
- ksSwiftPwd
- Specifies the Swift user's password. If not specified, this value defaults to the Keystone administrator's password.
- ksDatabasePwd
- Specifies the password for the Keystone user in the
postgres
database. If not specified, this value defaults to the Keystone administrator's password.
- --remote-keystone-url URL
- Specifies the URL to an existing Keystone service.
- --configure-remote-keystone
- Specifies that when you use a remote Keystone and configure the remote Keystone as necessary. The required users, roles and endpoints that are needed by the Swift services are added to the Keystone server. Keystone authentication information needs to be specified with the --pwd-file or the --admin-token flag to enable the configuration. If this flag is not specified, the remote Keystone is not modified and the administrator must add the appropriate entries for the Swift configuration after the installation is complete.
- -o ObjFileset
- Specifies the name of the fileset to be created in GPFS for the Object Storage.
- -i
- Specifies the maximum number of inodes for the Object fileset.
- MaxNumInodes
- The maximum number of inodes for the Object fileset. By default, 8000000 is set.
- --ces-group
- Specifies the CES group that contains the IP addresses to be used for the Swift ring files. This allows you to specify a subset of the overall collection of CES IP addresses to be used by the object protocol.
- --enable-s3
- Sets the
s3
capability (Amazon S3 API support) totrue
. By default, S3 API is not enabled. - --enable-file-access
- Sets the file-access capability initially to
true
. Further configuration is still necessary by using the mmobj file-access command. By default, the file-access capability is not enabled. - --enable-multi-region
- Sets the multi-region capability initially to
true
. By default, multi-region capability is not enabled. - --join-region-file RegionFile
- Specifies that this object installation joins an existing object multi-region Swift cluster.
RegionFile is the region data file created by the mmobj multiregion
export command from the existing multi-region cluster.Note: The use of the --configure-remote-keystone flag is recommended so that the region-specific endpoints for this region are automatically created in Keystone.
- --region-number RegionNumber
- Specifies the Swift region number for this cluster. If it is not specified, the default value is to 1. In a multi-region configuration, this flag is required and must be a unique region number that is not used by another region in the multi-region environment.
- config
- Administers the Object configuration:
- list
- Lists configuration values of the underlying Swift or Keystone service stored in the CCR.
- --section Section
- Retrieves values for the specified section only.
- --property PropertyName
- Retrieves values for the specified property only.Note: Use the -Y parameter to display the command output in a parseable format with a colon (:) as a field delimiter.
- change
- Enables modifying Swift or Keystone configuration files. After you modify the configuration
files, the CES monitoring framework downloads them from the CCR and distributes them to all the CES
nodes in the cluster. The framework also automatically restarts the services that depend on the
modified configuration files.Note: It is recommended to not directly modify the configuration files in /etc/swift and /etc/keystone folders as they can be overwritten at any time by the files that are stored in the CCR.
- --section Section
- Specifies the section in the file that contains the parameter.
- --property PropertyName
- Specifies the name of the property to be set.
- --value NewValue
- Specifies the value of the PropertyName.
- --merge-file MergeFile
- Specifies a file in the openstack-config.conf format that contains multiple
values to be changed in a single operation. The properties in MergeFile can
represent new properties or properties to be modified. If a section or property name in
MergeFile begins with a '-' character, that section or property is deleted from
the file. For example, a MergeFile with the following contents would delete the
ldap
section, set the connections property to 512, and delete the noauth property from the database section.[-ldap] [database] connections = 512 -noauth =
- manage
- Performs management tasks on the object configuration.
- --version-sync
- After an upgrade of IBM Spectrum Scale, migrates the object configuration to be consistent with the level of installed packages.
- Parameter common for both mmobj config list and mmobj config change commands:
- --ccrfile CCRFile
- Indicates the name of the Swift, Keystone, or Object configuration file stored in the CCR.
- policy
- Administers the storage policies for Object Storage:
- list
- Lists storage policies for Object Storage.
- --policy-name PolicyName
- Lists details of the specified storage policy, if it exists.
- --policy-function PolicyFunction
- Lists details of the storage policies with the specified function, if any exist.
- --verbose
- Lists the functions that are enabled for the storage policies.
Note: Use the -Y parameter to display the command output in a parseable format with a colon (:) as a field delimiter.
- create
- Creates a storage policy for Object Storage. The associated configuration files are updated and
the ring files are created for the storage policy. The CES monitoring framework distributes the
changes to the protocol nodes and restarts the associated services.
- PolicyName
- Specifies the name of the storage policy.
- -f FilesetName
- Specifies the name of an existing fileset to be used for this storage policy. An existing fileset can be used provided it is not being used for an existing storage policy.
- --file-system FilesystemName
- Specifies the name of the file system on which the fileset is created.
- --i MaxNumInodes
- Specifies the inode limit for the new inode space.
- --enable-compression
- Enables a compression policy. The Swift policy type is replication. If --enable-compression is used, --compression-schedule must be specified too and vice versa.
- --compression-schedule: "MM:HH:dd:ww"
- Specifies the compression schedule if --enable-compression is used.
The schedule must be given in this format, MM:HH:dd:ww. For example:
- MM = 0-59 minutes
- Indicates the minute after the hour in which to run the job. The range is 0 - 59.
- HH = 0-23
- Indicates the hour in which to run the job. Hours are represented as numbers in the range 0 - 23.
- dd = 1-31
- Indicates the day of a month on which to run the job. Days are represented as numbers in the range 1 - 31.
- ww = 0-7 (0=Sun, 7=Sun)
- Indicates the days of the week on which to run the job. One or more values can be specified
(comma-separated). Days are represented as numbers in the range 0 - 7. 0 and 7 represent Sunday. All
days of a week are represented by
*
. This parameter is optional and the default is 0.
- Use
*
for specifying every instance of a unit. For example,dd = *
means that the job is scheduled to run every day. - Comma-separated lists are allowed. For example,
dd = 1,3,5
means that the job is scheduled to run on every first, third, fifth of a month. - If
ww
anddd
both are specified, the union is used. - Specifying a range that uses
-
is not supported. - Empty values are allowed for
dd
andww
. If empty,dd
and orww
are not considered. - Empty values for
mm
andhh
are treaded as*
.
- --enable-encryption
- Enables an encryption policy.
- --enable-file-access
- Enables a file-access policy. The file-access policies exist only in the region in which they were created. They do not support the multi-region capability. Objects stored within a container that is linked to this storage policy can be enabled for file protocol access.
- --encryption-keyfile EncryptionKeyFileName
-
Specifies the encryption key file.
- --force-rule-append
-
Specifies whether to append and establish the rule if other rules are existing.
Note: The enabled functions are displayed in the functions column of themmobj policy list
command output as follows:- --enable-compression compression
- --enable-file-access file-and-object-access
- change
- Changes the state of the specified storage policy.
- PolicyName
- Specifies the name of the storage policy that needs to be changed.
- --default
- Sets the specified storage policy to be the default policy.
- --deprecate State
- Deprecates the specified storage policy. State can be either
yes or no.
- yes
- Sets the state of the specified storage policy as deprecated.
- no
- Sets the state of the specified storage policy as not deprecated.
- --add-local-region
-
In a multi-region environment, adds the region of the current cluster to the specified storage policy. The associated fileset that is previously defined for the storage policy must exist or else it is created.
After the region is added, the multi-region configuration needs to be synced with the other regions by using the
mmobj multiregion
command.Note: By default, a storage policy stores only objects in the region on which it was created. If the cluster is defined as multi-region, a storage policy can also be made multi-region by adding more regions to its definition. - --remove-region-number RegionNumber
-
In a multi-region environment, removes a region from the specified storage policy. The associated fileset for the storage policy is not modified.
After the region is removed, the multi-region configuration needs to be synced with the other regions by using the
mmobj multiregion
command. - --compression-schedule: "MM:HH:dd:ww"
- Specifies the compression schedule if --enable-compression is used.
The schedule must be given in the format, MM:HH:dd:ww. For example:
- MM = 0-59 minutes
- Indicates the minute after the hour in which to run the job. The range is 0 - 59.
- HH = 0-23
- Indicates the hour in which to run the job. Hours are represented as numbers in the range 0 - 23.
- dd = 1-31
- Indicates the day of a month on which to run the job. Days are represented as numbers in the range 1 - 31.
- ww = 0-7 (0=Sun, 7=Sun)
- Indicates the days of the week on which to run the job. One or more values can be specified
(comma-separated). Days are represented as numbers in the range 0 - 7. 0 and 7 represent Sunday. All
days of a week are represented by
*
. This parameter is optional, and the default is 0.
- Use
*
for specifying every instance of a unit. For example,dd = *
means that the job is scheduled to run every day. - Comma-separated lists are allowed. For example, means
dd= 1,3,5
that the job is scheduled to run on every first, third, fifth of a month. - If
ww
anddd
both are specified, the union is used. - Specifying a range that uses
-
is not supported. - Empty values are allowed for
dd
andww
. If empty,dd
and orww
are not considered. - Empty values for
mm
andhh
are treaded as*
.
- file-access
- Manages file-access capability,
ibmobjectizer
service and object access for files (objectizes) in a unified file and object access environment.- enable
- Enables the file-access capability and the
ibmobjectizer
service.If the file access capability is already enabled and the
ibmobjectizer
service is stopped, this option starts theibmobjectizer
service.
- disable
- Disables the file-access capability and the
ibmobjectizer
service.- --objectizer
- This option stops only the
ibmobjectizer
service, it does not disable the file-access capabilities.
- objectize
- Enables files for object access (objectizes) in a unified file and object access environment.
- --object-path ObjectPath
- The fully qualified path of a file or a directory that you want to enable for access through the
object interface. If a fully qualified path to a directory is specified, the command enables all the
files from that directory for access through the object interface. This is a mandatory parameter for
the
mmobj file-access
command if the --storage-policy parameter is not specified. - --storage-policy PolicyName
- The name of the storage policy for which you want to enable files for the object interface. This
is a mandatory parameter for the
mmobj file-access
command if the --object-path parameter is not specified. If only this parameter is specified, the command enables all files for object interface from the fileset that is associated with the specified storage policy. - --account-name AcccountName
- The account name for which you want to enable files for access through the object interface. The --storage-policy parameter is mandatory if you are using this parameter.
- --container-name ContainerName
- The container name for which you want to enable files for access through the object interface. You must specify the --storage-policy and the --account-name with this parameter.
- --object-name ObjectName
- The object name for which you want to enable files for access through the object interface. You must specify --storage-policy, --account-name, and --container-name parameters with this parameter.
- -N | --node NodeName
- The node on which to run the command. This parameter is optional and if it is not specified, the command is run on the current node if it is a protocol node. If the current node is not a protocol node, an available protocol node is selected.
- link-fileset
-
Enables object access to the specified fileset path.
- --sourcefset-path FilesetPath
- The fully qualified non-object fileset path that must be enabled for object access.
- --account-name AccountName
- The name of the swift account or the keystone project. The contents of the fileset are accessible from this account when it is accessed by using the object interface.
- --container-name ContainerName
- The name of the container. The contents of the fileset belong to this container when it is accessed by using the object interface.
- --fileaccess-policy-name PolicyName
- The name of the file-access enabled storage policy.
- --update-listing
- Updates the container database with the existing files in the provided fileset.
If the --update-listing option is used, then the
sourcefset-path
must be the exact fileset junction path and the fileset must be derived from the object file system.
- multiregion
- Administers multi-region object deployment. For more information on multi-region object
deployment and capabilities, see Overview of multi-region object deployment in IBM
Spectrum Scale: Concepts,
Planning, and Installation Guide.
- list
- Lists the information about the region.Note: Use the -Y parameter to display the command output in a parseable format with a colon (:) as a field delimiter.
- enable
-
Enables the cluster for multi-region support.
Only the first cluster of the region can run the enable command. Subsequent regions join the multi-region cluster during installation with the use of the --join-region-file flag of the
mmobj swift base
command.
- export
-
Exports the multi-region configuration environment so that other regions can be installed into the multi-region cluster or other regions can be synced to this region.
If successful, a region checksum is printed in the output. This checksum can be used to ensure that different regions are in sync when the
mmobj multiregion import
command is run.Note: When region-related information changes, such as CES IPs and storage policies, all regions must be updated with the changes.- --region-file RegionFile
- Specifies a path to store the multi-region data.
- import
-
Imports the specified multi-region configuration environment into this region.
If successful, a region checksum for this region is printed in the output. If the local region configuration matches the imported configuration, the checksums match. If they differ, then it means that some configuration information in the local region needs to be synced to the other regions. This can happen when a configuration change in the local region, such as adding CES IPs or storage policies, is not yet synced with the other regions. If so, the multi-region configuration for the local region needs to be exported and synced to the other regions.
- --region-file RegionFile
- Specifies the path to a multi-region data file created by using the
mmobj multiregion export
command.
- remove
-
Completely removes a region from the multi-region environment. The removed region is no longer accessible by other regions.
After the region is removed, the remaining regions need to have their multi-region information that is synced with this change by using the
mmobj multiregion export
andmmobj multiregion import
commands.- --region-number RegionNumber
- Specifies the region number that you need to remove from the multi-region configuration.
- --force
- Indicates that all the configuration information for the specified region needs to be permanently deleted.
- s3
- Enables and disables the S3 API without manually changing the configuration.
- enable
- Enables the S3 API.
- disable
- Disables the S3 API.
- list
- Verifies whether the S3 API is enabled or disabled.Note: Use the -Y parameter to display the command output in a parseable format with a colon (:) as a field delimiter.
- -Y
- Displays headers and output in a machine-readable and colon-delimited format.Note: Fields that have a colon (:) are encoded to prevent confusion. For the set of characters that might be encoded, see the command documentation of mmclidecode. Use the mmclidecode command to decode the field.
Exit status
- 0
- Successful completion.
- nonzero
- A failure has occurred.
Security
You must have root authority to run the mmobj command.
The node on which the command is issued must be able to run remote shell commands on any other node in the cluster without the use of a password and without producing any extraneous messages. For more information, see Requirements for administering a GPFS file system.
Examples
- To specify configuration of Object protocol service with local keystone and S3 enabled, issue
the following
command:
The system displays output similar to this:mmobj swift base -g /gpfs/ObjectFS --cluster-hostname cluster-ces-ip.ibm --local-keystone --enable-s3 --pwd-file PasswordFile
mmobj swift base: Creating fileset /dev/ObjectFS object_fileset mmobj swift base: Configuring Keystone server in /gpfs/cesshared/ces/object/keystone mmobj swift base: Configuring Swift services Configuration complete
- To list object configuration settings for
proxy-server.conf
, DEFAULT section, issue the following command:
The system displays output similar to this:mmobj config list --ccrfile proxy-server.conf --section DEFAULT
[DEFAULT] bind_port = 8080 workers = auto user = swift log_level = ERROR
- To change the number of worker processes that each object server launches, update the
object-server.conf file as shown
here:
mmobj config change --ccrfile object-server.conf --section DEFAULT --property workers --value 16
- To change the configuration value of paste.filter_factory that is in the
filter:s3_extension
section of the keystone-paste.ini configuration file, issue the following command:mmobj config change --ccrfile keystone-paste.ini --section filter:s3_extension --property paste.filter_factory --value keystone.contrib.s3:S3Extension.factory
- To migrate the configuration data after an upgrade of IBM Spectrum
Scale, issue the following
command:
mmobj config manage --version-sync
The system displays output similar to this:mmobj config manage: Checking system state mmobj config manage: Processing Keystone mmobj config manage: Processing spectrum-scale-object.conf mmobj config manage: Processing object-server-sof.conf mmobj config manage: Processing spectrum-scale-objectizer.conf mmobj config manage: Processing object-server.conf mmobj config manage: Processing wsgi-keystone.conf mmobj config manage: Processing proxy-server.conf mmobj config manage: Processing keystone.conf mmobj config manage: Migration of configuration is complete. mmobj config manage: gpfs.base@5.0.3 mmobj config manage: spectrum-scale-object@5.0.3 mmobj config manage: Processing keystone-paste.ini
- To create a new storage policy CompressionTest with the compression
function enabled and with the compression schedule specified, issue the following
command:
mmobj policy create CompressionTest --enable-compression --compression-schedule '20:5,11,17,23:*:*'
The system displays output similar to this:
[I] Getting latest configuration from ccr [I] Creating fileset /dev/ObjectFS:obj_CompressionTest [I] Creating new unique index and build the object rings [I] Updating the configuration [I] Uploading the changed configuration
This compression schedule indicates that the fileset that is associated with the policy is compressed at the 20th minute of the 5th, 11th, 17th, and 23rd hour of the day on every day of every week.
- To list storage policies for Object Storage with details of functions available with those
storage policies, issue the following command:
The system displays output similar to this:mmobj policy list --verbose
Index Name Deprecated Fileset Fileset Path Functions Function Details File System ------------------------------------------------------------------------------------------------------------------------------------------------------ 0 SwiftDefault object_fileset /ibm/ObjectFS/object_fileset ObjectFS 11751509160 sof-policy obj_sof-policy /ibm/ObjectFS/obj_sof-policy file-and-object-access regions="1" ObjectFS 11751509230 mysofpolicy obj_mysofpolicy /ibm/ObjectFS/obj_mysofpolicy file-and-object-access regions="1" ObjectFS 11751510260 Test19 obj_Test19 /ibm/ObjectFS/obj_Test19 regions="1" ObjectFS
- To change the default storage policy, issue the following
command:
The system displaysmmobj policy change sof-policy --default
sof-policy
as the default storage policy. - To enable object access for an account, issue the following
command:
mmobj file-access --storage-policy sof_policy --account-name admin
The system displays output similar to the following:
Loading objectization configuration from CCR Fetching storage policy details Creating container to database map Performing objectization Objectization complete
- To enable object access for a container, issue the following
command:
mmobj file-access objectize --storage-policy sof_policy --account-name admin --container-name container1
- To enable object access on a file while specifying a storage policy, issue the following
command:
mmobj file-access objectize --storage-policy sof_policy --account-name admin --container-name container1 --object-name file1.txt
- To enable object access on a file, issue the following
command:
mmobj file-access objectize --object-path /ibm/ObjectFS/obj_sofpolicy1/s69931509221z1device1/AUTH_12345/container1/file1.txt
- To list the information about a region, issue the following
command:
mmobj multiregion list
The system displays output similar to this:
Region Endpoint Cluster Name Cluster Id ------ --------- --------------- ------------------- 1 RegionOne europe.gpfs.net 3694106483743716196 2 Region2 asia.gpfs.net 1860802811592373112
- To set up the initial multi-region environment on the first region, issue the following
command:
mmobj multiregion enable
The system displays output similar to this:
mmobj multiregion: Multi-region support is enabled in this cluster. Region number: 1
- To export multi-region data for use by other clusters to join multi-region, issue the following
command:
mmobj multiregion export --region-file /tmp/region2.dat
The system displays output similar to this:
mmobj multiregion: The Object multi-region export file was successfully created: /tmp/region2.dat mmobj multiregion: Region checksum is: 34632-44791
- To import the specified multi-region configuration environment created by the export command
into a region, issue the following
command:
mmobj multiregion import --region-file /tmp/region2.dat
The system displays output similar to this:
mmobj multiregion: The region config has been updated. mmobj multiregion: Region checksum is: 34632-44791
- To remove a region that is designated by region number 2 from a multi-region environment and to
remove all configuration information of the specified region, issue the following
command:
mmobj multiregion remove --remove-region-number 2 --force
The system displays output similar to this:
mmobj multiregion: Permanently removing region 2 (asia.gpfs.net 1860802811592373112) from multi-region configuration. mmobj multiregion: Updating ring files. mmobj multiregion: Successfully removed region 2. Object services on region 2 will need to be unconfigured and its endpoint removed from Keystone.
- To create a policy with no force add where only the default GPFS policy rule is established, issue the following
command:
mmobj policy create enc-policy-1 --enable-encryption --encryption-keyfile /root/enc/enc.key
The system creates the policy, adds and establishes the rule within the GPFS policy rules, and displays the following output:[I] Getting latest configuration from ccr [I] Creating fileset /dev/ObjectFS:obj_enc-policy-1 [I] Creating GPFS Encryption Rule [I] The following new encryption rule has been stored to file:/var/mmfs/ces/policyencryption.rule and is established within the GPFS policies. /* begin of the encryption rule for fileset obj_enc-policy-1 */ rule 'enc-1_enc-policy-1' set encryption 'encryption_enc-policy-1' for fileset('obj_enc-policy-1') where name like '%' rule 'enc-2_enc-policy-1' encryption 'encryption_enc-policy-1' is ALGO 'DEFAULTNISTSP800131A' KEYS('KEY-2712784a-d1ee-4c86-bf97-b88f918cbd12:sklm') /* end of the encryption rule for fileset obj_enc-policy-1 */ [I] Creating new unique index and building the object rings [I] Updating the configuration [I] Uploading the changed configuration
- To create a policy with force add, issue the following
command:
mmobj policy create enc-policy-2 --enable-encryption --encryption-keyfile /root/enc/enc.key --force-rule-add
The system creates the policy, adds and establishes the rule within GPFS policy rules, and displays the following output:[I] Getting latest configuration from ccr [I] Creating fileset /dev/ObjectFS:obj_enc-policy-2 [I] Creating GPFS Encryption Rule [I] The following new encryption rule has been stored to file:/var/mmfs/ces/policyencryption.rule and is established within the GPFS policies. /* begin of the encryption rule for fileset obj_enc-policy-2 */ rule 'enc-1_enc-policy-2' set encryption 'encryption_enc-policy-2' for fileset('obj_enc-policy-2') where name like '%' rule 'enc-2_enc-policy-2' encryption 'encryption_enc-policy-2' is ALGO 'DEFAULTNISTSP800131A' KEYS('KEY-2712784a-d1ee-4c86-bf97-b88f918cbd12:sklm') /* end of the encryption rule for fileset obj_enc-policy-2 */ [I] Creating new unique index and building the object rings [I] Updating the configuration [I] Uploading the changed configuration
- To create a policy with no force add, issue the following
command:
mmobj policy create enc-policy-3 --enable-encryption --encryption-keyfile /root/enc/enc.key
The system creates the policy, adds the rule but does not establish the rule within the GPFS policy rules, and displays the following output:
[I] Getting latest configuration from ccr [I] Creating fileset /dev/ObjectFS:obj_enc-policy-3 [I] Creating GPFS Encryption Rule [I] The following new encryption rule has been stored to file:/var/mmfs/ces/policyencryption.rule but is not established within the GPFS policies. /* begin of the encryption rule for fileset obj_enc-policy-3 */ rule 'enc-1_enc-policy-3' set encryption 'encryption_enc-policy-3' for fileset('obj_enc-policy-3') where name like '%' rule 'enc-2_enc-policy-3' encryption 'encryption_enc-policy-3' is ALGO 'DEFAULTNISTSP800131A' KEYS('KEY-2712784a-d1ee-4c86-bf97-b88f918cbd12:sklm') /* end of the encryption rule for fileset obj_enc-policy-3 */ [I] Creating new unique index and building the object rings [I] Updating the configuration [I] Uploading the changed configuration
- To enable the
ibmobjectizer
service, issue the following command:mmobj file-access enable
The system enables the file-access capability and starts the
ibmobjectizer
service. - To disable the
ibmobjectizer
service, issue the following command:mmobj file-access disable
The system disables the file-access capability and stops the
ibmobjectizer
service. - To use the disable --objectizer-daemon parameter, issue the following
command:
The system disables themmobj file-access disable --objectizer-daemon
ibmobjectizer
service. - To use the object-path parameter, issue the following
command:
The system objectizes file1.txt at /ibm/ObjectFS/fileset1/Auth_12345/container1/ and enables it for access through the object interface:mmobj file-access objectize --object-path /ibm/ObjectFS/fileset1/Auth_12345/container1/file1.txt
Loading objectization configuration from CCR Fetching storage policy details Performing objectization Objectization complete
- To use the storage-policy parameter for file objectization, issue the following
command:
The system objectizesmmobj file-access objectize --storage-policy sof_policy --account-name admin --container-name container1 --object-name file1.txt
file1.txt
from the container named container1:Loading objectization configuration from CCR Fetching storage policy details Performing objectization Objectization complete
- To use the node parameter for running the command on a remote node, issue the following
command:
The command is run on the gpfs_node1 node and all the files from all containers within the admin account are objectized. If --node or -N is not specified, themmobj file-access objectize --node gpfs_node1 --storage-policy sof_policy --account-name admin
mmobj file-access objectize
command checks if the current node is CES node or not. If the current node is a CES node, the command is run on the current node. If the current node is not a CES node, the command is run on a random remote CES node:Loading objectization configuration from CCR Fetching storage policy details Performing objectization Objectization complete
See also
Location
/usr/lpp/mmfs/bin