A radosgw keyring with the minimal rights, which pools have I to create?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

In a from scratch Jewel cluster, I'm searching the exact list of pools I
have to create and the minimal rights that I can set for the keyring used
by the radosgw instance. This is for the default zone. I intend to just use
the S3 API of the radosgw.

a) I have read the doc here http://docs.ceph.com/docs/jewel/radosgw/config-ref/#pools,
but, according to me, it doesn't seem to be updated, am I wrong?

Indeed, I have used a keyring with these rights:

[client.radosgw.gateway]
  key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx==
  caps mon = "allow rwx"
  caps osd = "allow rwx"

so that the pools are created automatically after the starting of radosgw.
I have created a S3 account with "radosgw-admin" and I have created a bucket
with this S3 account. After that, here is the list of created pools:

.rgw.root
default.rgw.control
default.rgw.data.root
default.rgw.gc
default.rgw.log
default.rgw.users.uid
default.rgw.users.email
default.rgw.users.keys
default.rgw.meta
default.rgw.buckets.index

It doesn't seem to match with the doc. Am I wrong anywhere?


b) By the way, can you confirm me there are modifications on this point
between Infernalis and Jewel. Indeed if I do exactly the same "test" with
a from scratch Infernalis cluster, here is the list of created pools:

.rgw.root
.rgw.control
.rgw
.rgw.gc
.log
.users.uid
.users.email
.users
.rgw.buckets.index
.rgw.buckets

Why is it different between Infernalis and Jewel? To me, it seems curious
and I have probably missed something, haven't I?

c) Can you confirm me that the minimal rights for a radosgw keyring is
something like that:

[client.radosgw.gateway]
  key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx==
  caps mon = "allow r"
  caps osd = "allow rwx pool=<pool1>,..., rwx=<poolN>"

and can you tell me the exact list of pools I have to create, ie the list
<pool1>, ..., <poolN> because this is not clear for me?

Just in case, here is the typical conf of my radosgw instance:

[client.radosgw.gateway]
  host               = ceph-rgw
  keyring            = /etc/ceph/ceph.client.radosgw.gateway.keyring
  rgw socket path    = ""
  log file           = /var/log/ceph/ceph.client.radosgw.gateway.log
  rgw frontends      = civetweb port=8080
  rgw print continue = false
  rgw dns name       = store.domain.tld

Thanks in advance for your help.

-- 
François Lafont
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux