Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel2
outlinefalse
typelist
printablefalse

It is possible to transfer a domain to another existing tenant or have a tenant adopt a storage domain so it can be accessed through the Content Portal if the storage domain is created outside the Content Management API (such as a replication cluster). There is a A special variation to the domain adoption procedure , is noted below if that storage domain was created with Swarm's legacy auth/auth.

...

  • The tenant exists.

  • The cluster administrator executes these actions directly against the storage cluster and not through the Gateway.

Note

This is a highly privileged operation that has no equivalent request within the Gateway.

To Adopt a Domain

  1. Retrieve all custom metadata attached to the domain.

  2. Update the domain providing all custom metadata and an x-tenant-meta-name header.

This is an example of the commands. The strings {tenant} and {domain} are substituted for the actual tenant name and storage domain namenames.

The first step is to retrieve all current, custom metadata name/value pairs for the domain:

...

There is a Castor-Authorization header in the response or a "401 Unauthorized" response to the previous request may be received if the domain has Swarm's legacy auth/auth on it. See the section below for instructions to remove the legacy auth/auth.

Warning

Deprecated

The native Swarm auth/auth feature is deprecated and is removed as of June 2017.

...

Upon completion of the domain adoption procedure, the storage domain is now subject to the tenant access control policy in addition to the root and domain policies. The storage domain switches to using the tenant IDSYS rather than the root IDSYS if the storage domain does not define a separate IDSYS, was previously using the root IDSYS, and the adoptive tenant defines an IDSYS.

Removing Legacy Auth/Auth

Legacy auth/auth needs to be removed so the domain can be used correctly through Gateway if the storage domain has legacy auth/auth on it. These examples use the curl command line utility since it is able to perform HTTP digest authentication. These examples can be adapted for use with another tool or library to issue the HEAD and COPY commands. Since this process is very similar to the previous one for domains without legacy auth/auth, references are made to the instructions from the previous section. The {adminUser} username in these examples must be for one of the Swarm administrators defined in the storage cluster's configuration. The {storageNode} string is the host or IP for any node in the storage cluster.

...

All custom metadata name/value pairs are needed with the exception of except the Castor-Authorization header.

...

Code Block
curl -X COPY --digest -u {adminUser} 
	--location-trusted
	-H 'x-tenant-meta-name: {tenant}'
	-H '{mdName1}: {mdValue1}'
	-H '{mdName2}: {mdValue2}'
	...
	'http://{storageNode}/?domain={domain}&replicate=immediate'

All prior discussion discussions about the x-tenant-meta-name value and post-creation domain behavior apply.

To Transfer a Domain

  1. Update the domain to reflect the correct x-tenant-meta-name header, using a COPY method and the &preserve query argument.

This is an example of the commands. The strings {tenant} and {domain} are substituted for the actual tenant and storage domain names.
Use the COPY request to replace the x-tenant-meta-name and retain all other existing metadata.

Code Block
curl -i -X COPY --location-trusted \
     -H 'x-tenant-meta-name: {tenant}' \
     'http://{storageNode}/?domain={domain}&preserve&replicate=immediate'

The x-tenant-meta-name must match the name of an existing tenant created through the Gateway Management API or Content Portal.
Upon completion of the domain adoption procedure, the storage domain is now subject to the tenant access control policy and root and domain policies. The storage domain switches to using the tenant IDSYS rather than the root IDSYS if the storage domain does not define a separate IDSYS, was previously using the root IDSYS, and the adoptive tenant defines an IDSYS.