On 03/09/2018 11:55 AM, Sage Weil wrote:
On Fri, 9 Mar 2018, Casey Bodley wrote:
I haven't done much with ceph-ansible, but I'm imagining it looking like this:
In the rgw configuration, we'd have a variable like radosgw_management_user
that would trigger a 'radosgw-admin user create' command to create it and
remember its keys for use during the ceph-mgr deployment.
If the ceph-mgr deployment has to happen first, it could always generate its
own secret/access keys (which is trivial to do), and supply them later during
rgw deployment via 'radosgw-admin user create --access-key=X --secret=Y'.
I think this is missing the bigger picture. Setting aside the key issue
for a minute, there needs to be some API endpoint that allows you to
manipulate the zones/zone groups/realms (e.g., to create the radosgw
cluster to begin with). Creating an initial key for that zone is just one
piece of that.
For example, a dashboard user should be able to click on the RGW tab and
create a new realm or zone and then kick off work to instantiate the
radosgw daemons to serve it (via kubernetes, ansible, or whatever).
Hi Sage,
I didn't know that we were looking to drive new cluster deployments
through ceph-mgr. But I think that the multisite configuration steps to
make that work belong in the deployment tool itself. Ali has done work
on this for ceph-ansible at
https://github.com/ceph/ceph-ansible/pull/1944, which runs all of the
radosgw-admin commands on the new cluster to add it to an existing
multisite realm.
Once we have a radosgw running and a key installed, then we can talk
to the radosgw admin API.
Relying on ansible to run CLI commands feels very backward here. If the
radosgw-admin CLI is the only tool that can manipulate the realm and
zone maps then it seems like that is the piece to fix?
Am I missing something?
sage
The CLI commands were for bootstrapping on cluster creation, isn't that
a normal use of ansible?
As I see it, the issue is that radosgw-admin, the radosgw admin apis,
and any library interfaces we could invent still only have a view of the
local ceph cluster. I'm happy to help build admin apis for the local
zone configuration parts that are missing. But outside of the
'radosgw-admin period commit' command that pushes local changes to the
master zone, any coordination between clusters would have to come in at
a higher level.
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
