Hi,
in our setup (ceph 15.2.4, openstack train) the swift endpoint URLs are
different, e.g.
# openstack endpoint list --service swift
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------------------------------+
| ID | Region | Service Name | Service
Type | Enabled | Interface |
URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------------------------------+
| 521a556e391c40cc8d242f0f61a22812 | RegionOne | swift |
object-store | True | public | https://s3.<redacted>/swift/v1 |
....
And a somewhat related personal opinion: do not use swift.
The API requires using openstack credentials, and in many cases these
credentials are the main user credentials used for accessing openstack
(there are other methods, but most users are not aware of this). If
instances want to access data in the object storage, you have to store
the credentials in the instance. If an instance is exposed to the
internet, it may be attacked and broken into; as a result the openstack
credentials might end up in the wrong hands. I'm not sure whether using
other methods like application credentials can reduce the problem e.g.
by restricting them to certain services. But you can encourage users to
use the S3 interface instead. S3 credentials can be created in the
openstack web interface and by command line; they are scoped to a
certain project only, and if you do not use some AWS compatibility layer
they can _only_ be used for authentication in the S3 API. It's probably
still a problem if they are stolen, but it is not as worse as openstack
credentials...
Just my 0.02 euro
Regards,
Burkhard
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
