Home » Dell Manuals » Servers » Dell DX6004S » Manual Viewer

Dell DX6004S DX Object Storage Administration Guide - Page 27

Using Override to Resolve Authorization Specification Issues

Add to My Manuals
Save this manual to your list of manuals

Page 27 highlights

4.7.1.3. Using Override to Resolve Authorization Specification Issues This section discusses how to resolve issues with authorization specifications that render objects inaccessible. You can perform these tasks to reset the authorization specification for any object, even an object for which an authorized user name and password are not known. To resolve this issue, you must PUT to the object the user list and the authorization specification using the admin query argument, authenticating with your cluster administrator credentials. Important Do not use this procedure if the current Castor-Authorization header uses owner@ or @owner syntax because the CAStor administrator realm becomes the owner of the object and, as a result, no other realm can change the authorization specification later. A sample procedure follows. 1. Create the user list. A user list (also referred to as a security realm or realm) is a collection of user credentials, each of which includes an MD5 hash using the HTTP Digest authentication algorithm. You compute user list or realm from the string username:realm:password. Important The realm name must exactly match the name of the domain or bucket. For example to create a user list for a domain, htdigest cluster_example_com cluster.example.com sample.username To create a user list for mybucket in the same domain, htdigest cluster_example_com_mybucket cluster.example.com/mybucket sample.username 2. HEAD the current value of the Castor-Authorization header for the object. curl --anyauth -u "your-username:your-password" --location-trusted "http://node-ip[/bucket-name]?admin[&domain=name]" [-D log-file-name] You must specify domain=name in a HEAD for a domain. If the HEAD is for a bucket, the domain name is required as the Host in the request if the domain is not the default cluster domain. Important If the Castor-Authorization header includes @owner or owner@, stop. GET the user list for the object and confirm whether or not any realm has post or change privileges to the object. (For example, if the Castor-Authorization header includes change=@owner, any user in the object owner's realm can modify the object.) Ask one of those users to modify the Castor-Authorization header. If no user can modify a Castor-Authorization header that includes @owner or owner@, you can either take ownership of the object permanently by continuing with Copyright © 2010 Caringo, Inc. All rights reserved 22 Version 5.0 December 2010

Section	Page
DX Object Storage Administration Guide	1
Table of Contents	3
Chapter 1. Welcome to DX Storage	6
1.1. Overview of DX Storage	6
1.2. Components	6
1.3. About this Document	6
1.3.1. Audience	6
1.3.2. Scope	6
Chapter 2. Introduction to the Admin Console	7
2.1. Accessing the Admin Console	7
2.2. Initial View of the Admin Console	7
2.2.1. Viewing the Cluster Status Page	7
2.2.2. Viewing a Node's Status Page	8
2.3. Printing the Admin Console	8
2.4. Viewing License Information	8
Chapter 3. Managing the Cluster	10
3.1. Viewing the Cluster Status Page	10
3.2. Authenticating Cluster-Wide Actions	11
3.3. Shutting Down or Restarting the Cluster	12
3.4. Viewing Nodes in the Cluster	12
3.5. Searching for Nodes By IP Address	13
3.6. Searching for Nodes by Status	13
3.7. Choosing and Preserving Cluster Settings	13
3.7.1. Enabling Logging	15
3.7.2. Replication	15
3.7.3. Suspend	15
3.7.4. Power	15
3.7.5. Managing Tenants	15
3.8. Cluster Name	15
3.9. Cluster Multicast Address	15
3.10. % Used Indicator	15
Chapter 4. Managing Tenants	17
4.1. Terminology Related to Tenant Security	18
4.2. About the Default Cluster Domain	19
4.3. Security Privileges for Administrative Operations	20
4.4. Rules and Recommendations for Managing Tenants	21
4.5. Domain Naming Rules	21
4.6. Adding, Editing, or Deleting Tenants	22
4.7. Other Cluster Administrator Tasks	24
4.7.1. Using Administrative Override	25
4.7.1.1. Using Override to Delete an Object	25
4.7.1.2. Using Override to GET or APPEND User Lists	25
4.7.1.3. Using Override to Resolve Authorization Specification Issues	27
4.7.2. Working With Inaccessible Objects	28
Chapter 5. Managing Nodes	30
5.1. Viewing the Node Status Page	30
5.1.1. Shutting Down or Restarting a Node	30
5.1.2. Retiring or Identifying a Node	30
5.1.2.1. Retiring a Node or Volume	30
5.1.2.2. Identifying a Volume	31
5.1.3. Errors and Announcements	31
5.1.4. Additional Node Status Information	31
5.1.4.1. Hardware Status Reporting	33
5.2. Displaying Subcluster Information	34
Chapter 6. Configuring the Node	35
6.1. Option Names and Descriptions	35
6.2. Managing DX Storage Administrators and Users	41
6.2.1. Defining CAStor administrators and SNMP Administrators	41
6.2.2. Defining DX Storage Operators	42
6.2.3. Securing the Administrator and Operator Passwords	42
6.3. Managing Content Integrity Settings	43
6.3.1. autoRepOnWrite	43
6.3.2. repPriority	43
6.3.3. autoValidateRead	43
6.4. Managing Other Stream Replication Settings	44
6.4.1. minreps, maxreps, and defreps	44
6.4.2. hpStartDelay	44
6.5. Managing Volumes	44
6.5.1. device	45
6.5.2. policy	46
6.5.3. Specifying Exceptions	46
6.6. Configuring Power Management Settings	46
6.6.1. sleepAfter	46
6.6.2. wakeAfter	46
6.7. Managing Other Settings	46
6.7.1. consolePort	46
6.7.2. domainHeaders	46
6.7.3. loghost	47
6.7.4. timeSource	47
Chapter 7. Managing Volumes	49
7.1. Volume Expiration	49
7.2. Movement Between Nodes	49
7.3. Physical Errors	49
Appendix A. Implementation of Multi-Server Chassis	51
A.1. Configuration Parameters	51
A.1.1. Processes parameter	51
A.1.2. Network Setup parameters	51
A.1.3. Using the vols parameter	52
A.1.4. Using the subcluster parameter	52
A.2. Monitoring and Administration	53
Appendix B. Using SNMP with DX Storage	54
B.1. SNMP Management Information Base (MIB) Reference	54
B.2. Managing DX Storage Nodes	54
B.2.1. Shutdown Action for Nodes	54
B.2.2. Retire Action for Nodes and Volumes	54
B.2.2.1. Single Volumes	55
B.2.2.2. Entire Node	55
B.3. SNMP Tools and Monitoring Systems	55
B.3.1. Open Source Tools	55
B.3.2. SNMP Examples with DX Storage	56
B.3.3. SNMP Action OIDs	56
B.3.3.1. castorShutdownAction	56
B.3.3.2. castorRetireAction	56
B.3.3.3. castorLogLevelAction	56
B.3.3.4. castorSyslogHostAction	56
B.3.3.5. volumeRecoverySuspend	57
B.3.4. Practical SNMP with DX Storage	57
B.3.4.1. Health Monitoring	57
B.3.4.2. Capacity Monitoring	57
B.3.4.3. Client Activity Reporting	58
Appendix C. Upgrading a License or Cluster	59
C.1. Upgrading a License File	59
C.2. Software Upgrade Overview	59
C.2.1. Preparation	59
C.2.2. Upgrade Steps	60
C.2.2.1. Example Shutdown Script	60
C.2.2.2. Cluster Reboot	60
C.3. Back-out Steps	61
Appendix D. Troubleshooting	62
D.1. Restoring Domains and Buckets	62
D.1.1. Recovering a Deleted Domain	62
D.1.2. Recovering a Deleted Bucket	65
D.2. Resolving Duplicate Domain Names in a Mirrored or Disaster Recovery (DR) Cluster	66
D.2.1. Renaming a Domain in its Source Cluster (DR Cluster Conflict Only)	66
D.2.2. Renaming a Domain in a Mirrored or DR Cluster	67
D.3. Using DX Content Router to List Buckets and Objects	69
D.4. Boot Errors	69
D.5. Configuration	70
D.6. Operational Problems	70
Appendix E. Drive Identification API	72
E.1. Overview	72
E.2. Customization Steps	72
Appendix F. Customizing the Admin Console	73

Match case Limit results 1 per page

Version 5.0

December 2010

4.7.1.3. Using Override to Resolve Authorization Specification Issues

This section discusses how to resolve issues with authorization specifications that render objects

inaccessible. You can perform these tasks to reset the authorization specification for any object,

even an object for which an authorized user name and password are not known.

To resolve this issue, you must PUT to the object the user list

and

the authorization specification

using the

admin

query argument, authenticating with your cluster administrator credentials.

Important

Do not use this procedure if the current

Castor-Authorization

header uses

owner@

@owner

syntax because the

CAStor administrator

realm becomes the owner

of the object and, as a result, no other realm can change the authorization specification

later.

A sample procedure follows.

1. Create the user list.

A user list (also referred to as a

security realm

realm

) is a collection of user credentials, each

of which includes an MD5 hash using the

HTTP Digest

authentication algorithm.

You compute user list or realm from the string

username

realm

password

Important

The realm name must exactly match the name of the domain or bucket.

For example to create a user list for a domain,

htdigest cluster_example_com

cluster.example.com sample.username

To create a user list for

mybucket

in the same domain,

htdigest

cluster_example_com_mybucket cluster.example.com/mybucket

sample.username

2. HEAD the current value of the

Castor-Authorization

header for the object.

curl --anyauth -u "

your-username

your-password

" --location-trusted

"http://

node-ip

bucket-name

]?admin[&domain=

name

]" [-D

log-file-name

]

You must specify

domain=

name

in a HEAD for a domain. If the HEAD is for a bucket, the domain

name is required as the Host in the request if the domain is not the default cluster domain.

Important

If the

Castor-Authorization

header includes

@owner

owner@

stop

GET the user list for the object and confirm whether or not any realm has

post

change

privileges to the object. (For example, if the

Castor-Authorization

header includes

change=@owner

, any user in the object owner's realm can modify the

object.) Ask one of those users to modify the

Castor-Authorization

header.

If no user can modify a

Castor-Authorization

header that includes

@owner

owner@

, you can either take ownership of the object permanently by continuing with