Unified file and object access allows use cases where you can access data using object as well as file interfaces. In this blog, we will learn about how to use this feature and show a demo of it.

Unified file and object access comprises the following two identity management modes:

• local_mode: Separate identity between object and file (Default mode)


• unified_mode: Shared identity between object and file

Authentication configuration in local_mode: separate identity between object and file

In this mode, all the objects created continue to be owned by the swift user, that is an administrator under whose context the object server runs on the system. Because in this mode there is no ID mapping of objects to user ID, object authentication can be configured to any supported authentication schemes and file authentication can continue to be configured to any supported authentication scheme.

Authentication configuration in unified_mode: shared identity between object and file

This mode allows objects and files to be owned by the users' UID and the corresponding GID that created them. This mode mandatorily requires both the object protocol and the file protocol to be configured with the same authentication scheme. The supported authentication schemes for the unified mode are:

• AD for Authentication + RFC 2307 for ID mapping


• LDAP for authentication as well as for ID mapping

Enabling the file-access object capability

Before you can use unified file and object access, you must enable the file-access object capability on the whole cluster.

1. Enable the file-access object capability using the mmobj config change as follows.
       mmobj file-access enable


2. Verify that the file-access object capability is enabled using the mmobj config list as follows.
       mmobj config list --ccrfile spectrum-scale-object.conf --section capabilities --property file-access-enabled
   

   The system displays output similar to the following:

   
   

    file-access-enabled = true

Creating or using a unified file and object access storage policy

Use the following steps to create or use a unified file and object access storage policy.

1. Create a unified file and object access storage policy using the mmobj policy create command. This step also creates a fileset.

   For example:
      

    mmobj policy create sof-policy1 --enable-file-access
   
       The system displays output similar to the following:
   
       [I] Getting latest configuration from ccr
       [I] Creating fileset /dev/gpfs0:obj_sof-policy1
       [I] Creating new unique index and build the object rings
       [I] Updating the configuration
       [I] Uploading the changed configuration




2. List the available storage policies using the mmobj policy list command and determine which policies are for unified file and object access by viewing the Functions column of the output.
      

    For example:
   
       mmobj policy list --verbose
   
       The system displays output similar to the following:
   
       Index       Name          Deprecated  Fileset           Fileset Path                        Functions                Function Details
       ------------------------------------------------------------------------------------------------------------------------------------
       0           SwiftDefault              object_fileset    /ibm/cesSharedRoot/object_fileset
       11751509160 sof-policy1               obj_sof-policy1   /ibm/cesSharedRoot/obj_sof-policy1  file-and-object-access   regions="1"
       11751509230 mysofpolicy               obj_mysofpolicy   /ibm/cesSharedRoot/obj_mysofpolicy  file-and-object-access   regions="1"
       11751510260 Test19                    obj_Test19        /ibm/cesSharedRoot/obj_Test19                                regions="1"

   
   


3. Start using one of these storage policies to create data in a unified file and object access environment.
   

Start using one of these storage policies to create data in a unified file and object access environment.

Use the following steps to associate a container with a unified file and object access storage policy.

1. Use the openrc file to define environment setting
       source ~/openrc


2. Associate a container with a unified file and object access storage policy using the following command.
   
       swift post container1 --header "X-Storage-Policy: sof-policy1"
   
       In this swift post example, the storage policy is specified with the customized header X-Storage-Policy using the --header option.
3. Upload an object in the container associated with the unified file and object access storage policy using the following command.
       swift upload container1 imageA.JPG

Creating exports on container associated with unified file and object access storage policy

Use the following steps to create an NFS or SMB export on the directory that maps to the container associated with the unified file and object access storage policy.

Create an SMB or NFS export on the directory that maps to the container associated with the unified file and object access storage policy.

1. Create the NFS export as follows:

   
       mmnfs export add “/ibm/gpfs0/obj_sofpolicy1/s69931509221z1device1/
       AUTH_763476384728498323747/cont“

   
   
2. Create the SMB share as follows:

   
       mmsmb export add smbexport "/ibm/gpfs0/obj_sofpolicy1/s69931509221z1device1/
       AUTH_763476384728498323747/cont"

Source: http://www.ibm.com/support/knowledgecenter/STXKQY_4.2.1/com.ibm.spectrum.scale.v4r21.doc/bl1adm_manageunifiedaccess.htm

The below video gives a demonstration of the Unified File and Object access capability: