summaryrefslogtreecommitdiffstats
path: root/src/ceph/doc/radosgw/multitenancy.rst
diff options
context:
space:
mode:
Diffstat (limited to 'src/ceph/doc/radosgw/multitenancy.rst')
-rw-r--r--src/ceph/doc/radosgw/multitenancy.rst107
1 files changed, 0 insertions, 107 deletions
diff --git a/src/ceph/doc/radosgw/multitenancy.rst b/src/ceph/doc/radosgw/multitenancy.rst
deleted file mode 100644
index 95f22d7..0000000
--- a/src/ceph/doc/radosgw/multitenancy.rst
+++ /dev/null
@@ -1,107 +0,0 @@
-=================
-RGW Multi-tenancy
-=================
-
-.. versionadded:: Jewel
-
-The multi-tenancy feature allows to use buckets and users of the same
-name simultaneously by segregating them under so-called ``tenants``.
-This may be useful, for instance, to permit users of Swift API to
-create buckets with easily conflicting names such as "test" or "trove".
-
-From the Jewel release onward, each user and bucket lies under a tenant.
-For compatibility, a "legacy" tenant with an empty name is provided.
-Whenever a bucket is referred without an explicit tenant, an implicit
-tenant is used, taken from the user performing the operation. Since
-the pre-existing users are under the legacy tenant, they continue
-to create and access buckets as before. The layout of objects in RADOS
-is extended in a compatible way, ensuring a smooth upgrade to Jewel.
-
-Administering Users With Explicit Tenants
-=========================================
-
-Tenants as such do not have any operations on them. They appear and
-and disappear as needed, when users are administered. In order to create,
-modify, and remove users with explicit tenants, either an additional
-option --tenant is supplied, or a syntax "<tenant>$<user>" is used
-in the parameters of the radosgw-admin command.
-
-Examples
---------
-
-Create a user testx$tester to be accessed with S3::
-
- # radosgw-admin --tenant testx --uid tester --display-name "Test User" --access_key TESTER --secret test123 user create
-
-Create a user testx$tester to be accessed with Swift::
-
- # radosgw-admin --tenant testx --uid tester --display-name "Test User" --subuser tester:test --key-type swift --access full user create
- # radosgw-admin --subuser 'testx$tester:test' --key-type swift --secret test123
-
-.. note:: The subuser with explicit tenant has to be quoted in the shell.
-
- Tenant names may contain only alphanumeric characters and underscores.
-
-Accessing Buckets with Explicit Tenants
-=======================================
-
-When a client application accesses buckets, it always operates with
-credentials of a particular user. As mentioned above, every user belongs
-to a tenant. Therefore, every operation has an implicit tenant in its
-context, to be used if no tenant is specified explicitly. Thus a complete
-compatibility is maintained with previous releases, as long as the
-referred buckets and referring user belong to the same tenant.
-In other words, anything unusual occurs when accessing another tenant's
-buckets *only*.
-
-Extensions employed to specify an explicit tenant differ according
-to the protocol and authentication system used.
-
-S3
---
-
-In case of S3, a colon character is used to separate tenant and bucket.
-Thus a sample URL would be::
-
- https://ep.host.dom/tenant:bucket
-
-Here's a simple Python sample:
-
-.. code-block:: python
- :linenos:
-
- from boto.s3.connection import S3Connection, OrdinaryCallingFormat
- c = S3Connection(
- aws_access_key_id="TESTER",
- aws_secret_access_key="test123",
- host="ep.host.dom",
- calling_format = OrdinaryCallingFormat())
- bucket = c.get_bucket("test5b:testbucket")
-
-Note that it's not possible to supply an explicit tenant using
-a hostname. Hostnames cannot contain colons, or any other separators
-that are not already valid in bucket names. Using a period creates an
-ambiguous syntax. Therefore, the bucket-in-URL-path format has to be
-used.
-
-Swift with built-in authenticator
----------------------------------
-
-TBD -- not in test_multen.py yet
-
-Swift with Keystone
--------------------
-
-TBD -- don't forget to explain the function of
- rgw keystone implicit tenants = true
- in commit e9259486decab52a362443d3fd3dec33b0ec654f
-
-Notes and known issues
-----------------------
-
-Just to be clear, it is not possible to create buckets in other
-tenants at present. The owner of newly created bucket is extracted
-from authentication information.
-
-This document needs examples of administration of Keystone users.
-The keystone.rst may need to be updated.