...
| Table of Contents | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
It is possible to transfer a domain to another existing tenant or have a tenant adopt a storage domain so it can be accessed through the Content Portal if the storage domain is created outside the Content Management API (such as a replication cluster), it is possible to have a tenant adopt it so you can access it through the Content Portal. However, . A special variation to the domain adoption procedure is noted below if that storage domain was created with Swarm's legacy auth/auth, there is a special variation to the domain adoption procedure, noted below.
Verify the following for domain adoption:
The tenant exists.
The cluster administrator executes these actions directly against the storage cluster and not through the Gateway.
Info title
Note
This is a highly privileged operation that has no equivalent request within the Gateway.
To
...
Adopt a
...
Domain
...
Retrieve all
...
custom metadata
...
attached to the domain.
Update the domain providing all custom metadata and an
x-tenant-meta-nameheader.
This is an example of the commands. The strings {tenant} and {domain} are substituted for the actual tenant name and storage domain namenames.
The first step is to retrieve all of the current, custom metadata name/value pairs for the domain:
| Code Block |
|---|
HEAD /?domain={domain} |
If the domain has Swarm's legacy auth/auth on it, there will be There is a Castor-Authorization header in the response or you may receive a "401 Unauthorized" response to the previous request may be received if the domain has Swarm's legacy auth/auth on it. See the section below for instructions to remove the legacy auth/auth.
| Infowarning |
|---|
DeprecatedThe native Swarm auth/auth feature is deprecated and will be is removed after as of June 2017. |
Only certain Certain field names are valid as custom metadata. In general, you can use Castor-* (except for Castor-System-*), Content-*, X-*-Meta, and X-*-Meta-* headers in the HEAD response as custom metadata for the storage domain. With the exception of Castor-Authorization, these are the fields that you will want to preserve.
For details about headers, see SCSP Headers and SCSP COPY.
After getting all of the Use the COPY request to replace all object metadata in the storage domain and include the adoptive tenant's name after retrieving all custom metadata name/value pairs (denoted as {mdName#} and {mdValue#}) from the HEAD request, use the COPY request to replace all of the storage domain object's metadata and include the adoptive tenant's name:
| Code Block |
|---|
COPY /?domain={domain}&replicate=immediate
x-tenant-meta-name: {tenant}
{mdName1}: {mdValue1}
{mdName2}: {mdValue2}
... |
The x-tenant-meta-name must match the name of an existing tenant that was created through the Gateway Management API or Content Portal.
Upon completion of the domain adoption procedure, the storage domain will is now be subject to the tenant access control policy in addition to the root and domain policies. Additionally, The storage domain switches to using the tenant IDSYS rather than the root IDSYS if the storage domain does not define its own a separate IDSYS, was previously using the root IDSYS, and the adoptive tenant defines an IDSYS, the storage domain will switch to using the tenant IDSYS instead of the root IDSYS.
Removing
...
Legacy Auth/
...
Auth
Legacy auth/auth on it, you need to remove it needs to be removed so the domain can be used correctly through Gateway if the storage domain has legacy auth/auth on it. These examples will use the curl command line utility since it is able to perform HTTP digest authentication. You can adapt these examples These examples can be adapted for use with another tool or library in order to issue the HEAD and COPY commands. Since this process is very similar to the previous one for domains without legacy auth/auth, references will be are made to the instructions from the previous section. The {adminUser} username in these examples must be for one of the Swarm administrators defined in the storage cluster's configuration. The {storageNode} string is the host or IP for any node in the storage cluster.
...
| Code Block |
|---|
curl -I --digest -u {adminUser}
--location-trusted
'http://{storageNode}/?domain={domain}' |
You need all of the All custom metadata name/value pairs with the exception of the are needed except the Castor-Authorization header.
The previously described COPY request will be is performed using HTTP digest authentication.
| Code Block |
|---|
curl -X COPY --digest -u {adminUser}
--location-trusted
-H 'x-tenant-meta-name: {tenant}'
-H '{mdName1}: {mdValue1}'
-H '{mdName2}: {mdValue2}'
...
'http://{storageNode}/?domain={domain}&replicate=immediate'
|
All prior discussion discussions about the x-tenant-meta-name value and post-creation domain behavior apply.
To Transfer a Domain
Update the domain to reflect the correct x-tenant-meta-name header, using a COPY method and the &preserve query argument.
This is an example of the commands. The strings {tenant} and {domain} are substituted for the actual tenant and storage domain names.
Use the COPY request to replace the x-tenant-meta-name and retain all other existing metadata.
| Code Block |
|---|
curl -i -X COPY --location-trusted \
-H 'x-tenant-meta-name: {tenant}' \
'http://{storageNode}/?domain={domain}&preserve&replicate=immediate' |
The x-tenant-meta-name must match the name of an existing tenant created through the Gateway Management API or Content Portal.
Upon completion of the domain adoption procedure, the storage domain is now subject to the tenant access control policy and root and domain policies. The storage domain switches to using the tenant IDSYS rather than the root IDSYS if the storage domain does not define a separate IDSYS, was previously using the root IDSYS, and the adoptive tenant defines an IDSYS.