Provisioning File System for Multiple Tenants - Sample Workflow

Illustrates a sample workflow for provisioning the data-fabric file system to multiple clients.

About this task

For example, suppose there are two tenants Tenant1 and Tenant2. The following steps show the workflow for provisioning the two tenants:

Procedure

  1. The cluster administrator creates two users, Tenant1 and Tenant2, on the data-fabric cluster and creates volumes (or shares) on the cluster for the two tenants.
    For example, to create volumes on the cluster:
    $ /opt/mapr/bin/maprcli volume create -name tenant1Vol -path /tenant1Enoke -tenantuser Tenant1
    $ /opt/mapr/bin/maprcli volume create -name tenant2Vol -path /tenant2Enoke -tenantuser Tenant2
  2. The cluster administrator generates tickets for the users, copies the tickets to the tenant servers (tenant1Host and tenant2Host), and grants the tenant admins (tenant1Admin and tenant2Admin) read access to the ticket.
    For example, to:
    • Generate ticket for the users:
      $ maprlogin generateticket -type tenant -cluster myCluster -user tenant1 -out /tmp/tenant_Tenant1_ticket.txt
      $ maprlogin generateticket -type tenant -cluster myCluster -user tenant2 -out /tmp/tenant_Tenant2_ticket.txt
    • Copy tickets to appropriate tenant hosts:
      $ scp /tmp/tenant_Tenant1_ticket.txt tenant1Admin@tenant1Host:~tenant1Admin/ 
      $ scp /tmp/tenant_Tenant2_ticket.txt tenant2Admin@tenant2Host:~tenant2Admin/
  3. The tenant administrators log into their respective hosts and mount their shares by starting the client.
    For example, to start the:
    FUSE-based POSIX client
    1. Update the following parameters in the fuse.conf file:
      fuse.ticketfile.location For:
      • Tenant1, tenant1Admin/tenant_Tenant1_ticket.txt
      • Tenant2, tenant2Admin/tenant_Tenant2_ticket.txt
      fuse.mount.point For:
      • Tenant1, /tenant1Enoke
      • Tenant2, /tenant2Enoke
      fuse.export For:
      • Tenant1, /tenant1Enoke/tenant1Vol
      • Tenant2, /tenant2Enoke/tenant2Vol
    2. Run the following command to start the service:
      $ service mapr-posix-client-* start
    loopbacknfs POSIX client
    1. Update the tenant ticket file location in /etc/loopbacknfs/initscripts/mapr-loopbacknfs file.
    2. Run the following command to start the service:
      $ service mapr-loopbacknfs start
  4. The tenant administrators can grant access to users within their tenant namespace by modifying data access using Access Control Expression (ACE)s.