[
https://issues.apache.org/jira/browse/HDDS-4944?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17366379#comment-17366379
]
Prashant Pogde commented on HDDS-4944:
--------------------------------------
Based on multiple questions raised here, in few community meetings and folks
who are using Ozone, we took a fresh look the requirements and have revised the
documents. I just uploaded the following documents
*
(v2)_Apache_Ozone_MultiTenant_Feature__Updated_Requirements_and_Abstractions.pdf
* Apache_Ozone_options_for_Volume_Access_and_User_Management.pdf
* (v2)_Apache-S3-compatible-Multi-Tenant-Ozone_High_level_Design.pdf
* Ozone_APIs_for_MultiTenancy.pdf
* Ozone_S3_Multi-Tenant_Cross-Tenant_Bucket_Sharing_with_Symbolic_Links.pdf
Some of the highlights are
* We will not support any new authentication system as part building
multi-tenant Ozone feature
* No support for Ozone only S3 users. Only users with valid kerberos
credentials can create \{S3-access-id, shared-secret}. Earlier, A security
review highlighted that all Ozone users need to be in some central database
e.g. kerberos configured with LDAP.
* In order to provide full compatibility with S3 APIs and bucket naming
convention, we will allow volumes to be accessed based on the context of the
user issuing the S3 request.
* Multi-tenancy will be a way to provide access to Ozone volumes over S3 APIs.
> Multi-Tenant Support in Ozone
> -----------------------------
>
> Key: HDDS-4944
> URL: https://issues.apache.org/jira/browse/HDDS-4944
> Project: Apache Ozone
> Issue Type: New Feature
> Components: Ozone CLI, Ozone Datanode, Ozone Manager, S3, SCM,
> Security
> Affects Versions: 1.2.0
> Reporter: Prashant Pogde
> Assignee: Prashant Pogde
> Priority: Major
> Labels: pull-request-available
> Attachments:
> (v2)_Apache-S3-compatible-Multi-Tenant-Ozone_High_level_Design.pdf,
> (v2)_Apache_Ozone_MultiTenant_Feature__Updated_Requirements_and_Abstractions.pdf,
> Apache-S3-compatible-Multi-Tenant-Ozone-short.pdf.gz,
> Apache_Ozone_options_for_Volume_Access_and_User_Management.pdf, Ozone
> MultiTenant Feature _ Requirements and Abstractions-3.pdf, Ozone,
> Multi-tenancy, S3, Kerberos....pdf, Ozone_APIs_for_MultiTenancy.pdf,
> Ozone_S3_Multi-Tenant_Cross-Tenant_Bucket_Sharing_with_Symbolic_Links.pdf,
> UseCaseAWSCompatibility.pdf, UseCaseCephCompatibility.pdf,
> UseCaseConfigureMultiTenancy.png,
> UseCaseCurrentOzoneS3BackwardCompatibility.pdf,
> VariousActorsInteractions.png, uml_multitenant_interface_design.png
>
>
> This Jira will be used to track a new feature for Multi-Tenant support in
> Ozone. Initially Multi-Tenant feature would be limited to ozone-users
> accessing Ozone over S3 interface.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
