(resending due to formatting) I'm not Florian, but I think I can help here. The radosgw user-tenant model is (currently) different from the swift one. It's more like the S3 model, where users live in a single namespace. So the current Swift user mapping is not perfect. We created 'subusers' to emulate that, but in the end all accounts reside under the same tenant (in the swift jargon). That been said, I've prototyped a real multi-tenancy solution not too long ago that will encapsulate both the swift and the S3 user cases (wip-5073-2 for the brave ones). It might still be missing some pieces, but most of it is there. I also have a new blueprint on my to-do list. Yehuda On Tue, Jun 4, 2013 at 2:44 AM, Chmouel Boudjnah <chmouel@xxxxxxxxxxxx> wrote: > Hello Florian, > > I was wondering how the Keystone integration with ceph, I have been > reading the documentation of the way it shows how to configure the > keystone endpoints here : > > http://ceph.com/docs/next/radosgw/config/ > > and I don't see how the part : > > keystone endpoint-create --service-id <id> --publicurl > http://radosgw.example.com/swift/v1 \ > --internalurl http://radosgw.example.com/swift/v1 --adminurl > http://radosgw.example.com/swift/v1 > > would work with multiple tenancies since user a or user b putting an > object called bar in container foo would always end up with the same > URL like : > > http://radosgw.example.com/swift/v1/foo/bar > > The way we do that in Swift is to have in keystone this type of URL : > > --publicurl 'http://192.168.206.130:8888/v1/AUTH_%(tenant_id)s' \ > > and the keystoneauth make sure the token validated match the > %(tenant_id) in URL, i.e: > > https://github.com/openstack/swift/blob/master/swift/common/middleware/keystoneauth.py#L204 > > am I totally off track or the keystone support support only a single tenant? > > digging into the code I don't see any trickeries to make this works > properly it just check for the roles assigned to the user/tenant > matching the configuration (which is good) but don't do much more > after that : > > https://github.com/ceph/ceph/blob/master/src/rgw/rgw_swift.cc#L500 > > Let me know what do you think. > > Cheers, > Chmouel. > -- > To unsubscribe from this list: send the line "unsubscribe ceph-devel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
