Page MenuHomePhabricator
Create Task
Maniphest T374531

Determine how we want to manage the radosgw users on the DPE Ceph cluster
Open, MediumPublic
Actions

Description

We have enabled the Ceph Object Gateway on the DPE Ceph cluster.

It has an endpoint of https://rgw.eqiad.dpe.anycast.wmnet and it provides both S3 and Swift compatible interfaces.

We can now provision users of this service as per the documentation here:
https://docs.ceph.com/en/reef/radosgw/admin/#user-management

At the moment, there is no configuration management of these users, so we can make them by hand on any of the cephosd100[1-5] servers.

Is this sufficient, or would we like to have some kind of configuration management of these user accounts?
If so, should this user management be integrated with puppet and its secret mechanism?
Should it be integrated with the deployment servers, so that users' access tokens can be made available to kubernetes workloads?

If we do wish to integrate the user management system with puppet, there are some potentially useful libraries such as:

https://github.com/UMIACS/rgwadmin
https://github.com/unitedstack/rgw-admin-client
https://github.com/twonote/radosgw-admin4j

These libraries use the adminops API of the Rados gateway and would potentially prevent us from having to rely on the radosgw-admin CLI.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits