Hello Florian, I was wondering how the Keystone integration with ceph, I have been reading the documentation of the way it shows how to configure the keystone endpoints here : http://ceph.com/docs/next/radosgw/config/ and I don't see how the part : keystone endpoint-create --service-id <id> --publicurl http://radosgw.example.com/swift/v1 \ --internalurl http://radosgw.example.com/swift/v1 --adminurl http://radosgw.example.com/swift/v1 would work with multiple tenancies since user a or user b putting an object called bar in container foo would always end up with the same URL like : http://radosgw.example.com/swift/v1/foo/bar The way we do that in Swift is to have in keystone this type of URL : --publicurl 'http://192.168.206.130:8888/v1/AUTH_%(tenant_id)s' \ and the keystoneauth make sure the token validated match the %(tenant_id) in URL, i.e: https://github.com/openstack/swift/blob/master/swift/common/middleware/keystoneauth.py#L204 am I totally off track or the keystone support support only a single tenant? digging into the code I don't see any trickeries to make this works properly it just check for the roles assigned to the user/tenant matching the configuration (which is good) but don't do much more after that : https://github.com/ceph/ceph/blob/master/src/rgw/rgw_swift.cc#L500 Let me know what do you think. Cheers, Chmouel. -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
