On Fri, Mar 9, 2018 at 2:21 PM, Matt Benjamin <mbenjami@xxxxxxxxxx> wrote: > Hi John, > > It's easy to build RGW as a library (we already do), but after > discussion with many stakeholders, the strong preference was not to > take this approach to integrate admin functions into ceph-mgr. > Rather, we'd like to use the already-defined and supported admin rest > interface. The idea is not to put all the admin functionality in a library. Rather, to have a minimal library that does the bits that don't make sense in the admin REST API -- the parts that bootstrap authentication and set up zones. > Casey and I had thought that a more extrinsic workflow, more like how > keytabs and Ceph keyrings are managed, integrated into deployment > logic, would be more the way key distribuion would work. I'd like to > be part of a more complete discussion on why this wouldn't be the > preferred approach. The problem with extrinsic approaches is that they then need their own glue to drive them from the UI. I'd prefer to have one piece of connecting code to drive RGW from ceph-mgr (via a minimal library for bootstrap combined with the REST API for most things), rather than external moving parts. But this is why I bring it up for discussion, of course... John > > I've personally gone back and forth on whether loading RGW logic in to > ceph-mgr was useful, but I'm pretty well convinced of the case for not > doing it for the main admin workflow, and find this workflow not much > of a motivation for loading RGW, on the surface, at least. > > Matt > > On Fri, Mar 9, 2018 at 8:44 AM, John Spray <jspray@xxxxxxxxxx> wrote: >> Hi Orit, >> >> Currently the dashboard folks (consuming RGW admin rest api) have >> enough information in the ServiceMap to find the address of an RGW >> service, but the authentication still requires the admin to configure >> dashboard explicitly with some credentials. >> >> From chatting to Yehuda the other day, it seems like maybe this is a >> good starting point for a librgw type thing that we can access from >> python, where the initial functionality would just be sufficient to >> configure authentication to talk to the admin rest api. >> >> Does this sound like a sensible approach? >> >> John > > > > -- > > Matt Benjamin > Red Hat, Inc. > 315 West Huron Street, Suite 140A > Ann Arbor, Michigan 48103 > > http://www.redhat.com/en/technologies/storage > > tel. 734-821-5101 > fax. 734-769-8938 > cel. 734-216-5309 -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
