Session
Schedule FOSDEM 2020
Software Defined Storage

STS in Ceph Object Storage

H.1308 (Rolin)
Pritha Srivastava
Ceph is an open source, highly scalable, software defined storage that provides object, file and block interfaces under a unified system. Ceph Object Storage Gateway (RGW) provides a RESTful object storage interface to the Ceph Storage cluster. It provides an interface that is compatible with a large subset of AWS S3 APIs. In this talk we discuss the implementation of a subset of the APIs of AWS Secure Token Service (STS). AWS STS is a web service which enables identity federation and cross-account access by providing temporary security credentials. Ceph Object Storage Gateway now supports some APIs of AWS STS particularly related to web identity federation and cross-account access. The advantages of these temporary credentials are that they automatically expire after a certain duration, provide limited access (via IAM policies) to resources, are provided to the user upon request, and obviate the need for users/ applications to save permanent security credentials thereby removing a potential security loophole. As an example consider a web application that has users and needs access to RGW S3 buckets to read/ write large files. The application can delegate identity management to a trusted third party identity provider(IDP). It can get temporary credentials from STS after authenticating with the IDP and access the required RGW S3 buckets.

Outline of the talk:

Introduction to Ceph and Ceph Object Storage Gateway

Current authentication mechanisms in Ceph Object Storage Gateway

AWS Secure Token Service

STS APIs implemented in Ceph Object Storage

Advantages of using STS

Example

Future Work

Additional information

Type devroom

More sessions

2/2/20
Software Defined Storage
Arjun Sharma
H.1308 (Rolin)
NFS-Ganesha is an extensible user-space NFS server that supports NFS v3, v4, v4.1, v4.2, pNFS, and 9P protocol. It has an easily pluggable architecture called FSAL (File System Abstraction Layer), which enables seamless integration with many filesystem backends (GlusterFS, Ceph, etc.). There will be a discussion on the components along with an architectural explanation of NFS Ganesha with a detailed look at how a request flows through the various layers of NFS Ganesha and see some critical ...
2/2/20
Software Defined Storage
Hari Gowtham
H.1308 (Rolin)
As data is becoming more and more important in the world, we can't afford to lose it even if there is a natural calamity. We will see how Geo-Replication came in to solve this problem for us and how it evolved over the days. Through this session, the users will learn how easy it is to set up Georep for Gluster to use it for their storage and back up their data with minimal understanding of storage and linux. Having a basic Gluster knowledge will make it even more easy
2/2/20
Software Defined Storage
Harshita Sharma
H.1308 (Rolin)
While running in user space ZFS utilizes a user space binary called ztest. In cStor, we followed a similar approach to create a binary called ‘zrepl’ that is part of cStor. It has been built using the libraries similar to what is used for ztest and contains transactional, pooled storage layers. cStor uses ZFS behind the scenes by running it in the user space. This talk we will discuss in detail how we used ZFS in userspace for storage engine cStor and highlight a few challenges that our team ...
2/2/20
Software Defined Storage
Jeremy Allison
H.1308 (Rolin)
The presentation will give an overview of all the changes happening in the Samba project code, from the fileserver virtual filesystem (VFS) rewrite, the new features in the SMB3 code, the quest to remove the old SMB1 protocol and much more. Improvements in Samba scalability, clustering and the Active Directory code will be discussed. The intended audience is anyone who uses the Samba code, creates products with Samba or is interested in the SMB protocol.
2/2/20
Software Defined Storage
H.1308 (Rolin)
Metadata-heavy workloads are often the bane of networked and clustered filesystems. Directory operations (create and unlink, in particular) usually involve making a synchronous request to a server on the network, which can be very slow. CephFS however has a novel mechanism for delegating the ability for clients to do certain operations locally. While that mechanism has mostly been used to delegate capabilities on normal files in the past, it's possible to extend this to cover certain types of ...
2/2/20
Software Defined Storage
Alexander Trost
H.1308 (Rolin)
What is Rook and the architecture of Rook the storage run in Kubernetes. We'll also take a look at new features added to Rook.
2/2/20
Software Defined Storage
H.1308 (Rolin)
Originally, Kubernetes PersistentVolumes (PVs) could only present storage to containers as filesystems. Now, raw block PersistentVolumes (PVs) allow applications to consume storage in a new way. In particular, Rook-Ceph now makes use of them to provide the backing store for its clustered storage in a more Kubernetes-like fashion and with improved security. Now we can rethink the notion of how we structure our storage clusters, moving the focus away from static nodes and basing them on more ...