What I think is being said is, "we need to create an RGW admin user in the default zone." Matt On Fri, Mar 9, 2018 at 10:40 AM, Alfredo Deza <adeza@xxxxxxxxxx> wrote: > On Fri, Mar 9, 2018 at 9:21 AM, Matt Benjamin <mbenjami@xxxxxxxxxx> wrote: >> Hi John, >> >> It's easy to build RGW as a library (we already do), but after >> discussion with many stakeholders, the strong preference was not to >> take this approach to integrate admin functions into ceph-mgr. >> Rather, we'd like to use the already-defined and supported admin rest >> interface. >> >> Casey and I had thought that a more extrinsic workflow, more like how >> keytabs and Ceph keyrings are managed, integrated into deployment >> logic, would be more the way key distribuion would work. I'd like to >> be part of a more complete discussion on why this wouldn't be the >> preferred approach. > > Would this keyring workflow be something similar or *in addition to* > the current key management? > > From a deployment and configuration management perspective it would be > far easier to keep as close as current standards > vs. having a one off for just this one situation. > > >> >> I've personally gone back and forth on whether loading RGW logic in to >> ceph-mgr was useful, but I'm pretty well convinced of the case for not >> doing it for the main admin workflow, and find this workflow not much >> of a motivation for loading RGW, on the surface, at least. >> >> Matt >> >> On Fri, Mar 9, 2018 at 8:44 AM, John Spray <jspray@xxxxxxxxxx> wrote: >>> Hi Orit, >>> >>> Currently the dashboard folks (consuming RGW admin rest api) have >>> enough information in the ServiceMap to find the address of an RGW >>> service, but the authentication still requires the admin to configure >>> dashboard explicitly with some credentials. >>> >>> From chatting to Yehuda the other day, it seems like maybe this is a >>> good starting point for a librgw type thing that we can access from >>> python, where the initial functionality would just be sufficient to >>> configure authentication to talk to the admin rest api. >>> >>> Does this sound like a sensible approach? >>> >>> John >> >> >> >> -- >> >> Matt Benjamin >> Red Hat, Inc. >> 315 West Huron Street, Suite 140A >> Ann Arbor, Michigan 48103 >> >> http://www.redhat.com/en/technologies/storage >> >> tel. 734-821-5101 >> fax. 734-769-8938 >> cel. 734-216-5309 >> -- >> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html -- Matt Benjamin Red Hat, Inc. 315 West Huron Street, Suite 140A Ann Arbor, Michigan 48103 http://www.redhat.com/en/technologies/storage tel. 734-821-5101 fax. 734-769-8938 cel. 734-216-5309 -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
