Hi,
On 31/01/2019 17:11, shubjero wrote:
Has anyone automated the ability to generate S3 keys for OpenStack users
in Ceph? Right now we take in a users request manually (Hey we need an
S3 API key for our OpenStack project 'X', can you help?). We as
cloud/ceph admins just use radosgw-admin to create them an access/secret
key pair for their specific OpenStack project and provide it to them
manually. Was just wondering if there was a self-serve way to do that.
Curious to hear what others have done in regards to this.
We've set something up so our Service Desk folks can do this; they use
"rundeck", so we made a script that rundeck runs that works, in very
brief outline, thus:
ssh to one of our RGW machines, as a restricted user with forced-command
that user calls a userv service
the userv service does some sanity-checking, then calls a script that
executes the radosgw-admin command(s) and returns the new keys
the rundeck user has access to user home directories, so makes a .s3cfg
file with the keys returned, places them in the users' home
directory[0], and emails the user (including our "getting started with
S3" docs).
...with similar setup for quota adjustments, and similar.
We quota S3 space separately from Openstack volumes and suchlike.
Regards,
Matthew
[0] strictly, the users can override this behaviour with a userv service
of their own
--
The Wellcome Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a
company registered in England with number 2742969, whose registered
office is 215 Euston Road, London, NW1 2BE.
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
