You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Prashant Pogde (Jira)" <ji...@apache.org> on 2021/06/21 04:57:00 UTC

[jira] [Commented] (HDDS-4944) Multi-Tenant Support in Ozone

    [ https://issues.apache.org/jira/browse/HDDS-4944?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17366379#comment-17366379 ] 

Prashant Pogde commented on HDDS-4944:
--------------------------------------

Based on multiple questions raised here, in few community meetings and folks who are using Ozone, we took a fresh look the requirements and have revised the documents. I just uploaded the following documents
 * (v2)_Apache_Ozone_MultiTenant_Feature__Updated_Requirements_and_Abstractions.pdf
 * Apache_Ozone_options_for_Volume_Access_and_User_Management.pdf
 * (v2)_Apache-S3-compatible-Multi-Tenant-Ozone_High_level_Design.pdf
 * Ozone_APIs_for_MultiTenancy.pdf
 * Ozone_S3_Multi-Tenant_Cross-Tenant_Bucket_Sharing_with_Symbolic_Links.pdf

Some of the highlights are
 * We will not support any new authentication system as part building multi-tenant Ozone feature
 * No support for Ozone only S3 users. Only users with valid kerberos credentials can create \{S3-access-id, shared-secret}. Earlier, A security review highlighted that all Ozone users need to be in some central database e.g. kerberos configured with LDAP.
 * In order to provide full compatibility with S3 APIs and bucket naming convention, we will allow volumes to be accessed based on the context of the user issuing the S3 request.
 * Multi-tenancy will be a way to provide access to Ozone volumes over S3 APIs.

 
 

> Multi-Tenant Support in Ozone
> -----------------------------
>
>                 Key: HDDS-4944
>                 URL: https://issues.apache.org/jira/browse/HDDS-4944
>             Project: Apache Ozone
>          Issue Type: New Feature
>          Components: Ozone CLI, Ozone Datanode, Ozone Manager, S3, SCM, Security
>    Affects Versions: 1.2.0
>            Reporter: Prashant Pogde
>            Assignee: Prashant Pogde
>            Priority: Major
>              Labels: pull-request-available
>         Attachments: (v2)_Apache-S3-compatible-Multi-Tenant-Ozone_High_level_Design.pdf, (v2)_Apache_Ozone_MultiTenant_Feature__Updated_Requirements_and_Abstractions.pdf, Apache-S3-compatible-Multi-Tenant-Ozone-short.pdf.gz, Apache_Ozone_options_for_Volume_Access_and_User_Management.pdf, Ozone MultiTenant Feature _ Requirements and Abstractions-3.pdf, Ozone, Multi-tenancy, S3, Kerberos....pdf, Ozone_APIs_for_MultiTenancy.pdf, Ozone_S3_Multi-Tenant_Cross-Tenant_Bucket_Sharing_with_Symbolic_Links.pdf, UseCaseAWSCompatibility.pdf, UseCaseCephCompatibility.pdf, UseCaseConfigureMultiTenancy.png, UseCaseCurrentOzoneS3BackwardCompatibility.pdf, VariousActorsInteractions.png, uml_multitenant_interface_design.png
>
>
> This Jira will be used to track a new feature for Multi-Tenant support in Ozone. Initially Multi-Tenant feature would be limited to ozone-users accessing Ozone over S3 interface.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org