allow customizing admin user and add user keys via charm config

Bug #1793991 reported by Dmitrii Shcherbakov on 2018-09-23
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Ceph-Proxy Charm
High
Dmitrii Shcherbakov

Bug Description

charm-ceph-proxy needs to support cases where pools and keys are pre-created and ceph-proxy just proxies this data to client applications (cinder-ceph, glance, gnocchi, gnocchi, radosgw, nova-compute)

Currently:

* admin user name and type are hard-coded and requires privileges to create users and pools;
* if pools with required names (as requested via broker interface) already exist only `rados --id admin lspools` is executed by charm-ceph-proxy which does not require significant mon privileges (rx only);
* user keys for client applications are generated via `sudo -u ceph ceph --name client.admin --keyring /var/lib/ceph/mon/ceph-<ceph-proxy-unit-hostname>/keyring auth get-or-create <requested_application_user> <caps-list-from-ceph-proxy-charm>.

Suggested changes:

1) allow configuring admin user name and type;
2) allow users and cephx keys to be loaded via charm configuration.

Review: https://review.openstack.org/#/c/604662

Changed in charm-ceph-proxy:
status: New → In Progress
importance: Undecided → High
assignee: nobody → Dmitrii Shcherbakov (dmitriis)
description: updated

Reviewed: https://review.openstack.org/604662
Committed: https://git.openstack.org/cgit/openstack/charm-ceph-proxy/commit/?id=81383a160bdcacd0bd01e0d84409b02b493b58de
Submitter: Zuul
Branch: master

commit 81383a160bdcacd0bd01e0d84409b02b493b58de
Author: Dmitrii Shcherbakov <email address hidden>
Date: Thu Sep 20 04:31:15 2018 +0300

    support custom admin user and user auth

    In order to support cases where pools and keys are pre-created and
    ceph-proxy just proxies this data to client applications this change
    introduces support for:

    * having custom "admin" users which may not actually have admin
    privileges on the target cluster (client.admin is probably occupied by
    real admins in this case);
    * using cephx keys provided via charm config.

    Change-Id: I01014b6986f92bf0ad8147a08afa1d61fdd5c088
    Closes-bug: #1793991

Changed in charm-ceph-proxy:
status: In Progress → Fix Committed
Changed in charm-ceph-proxy:
milestone: none → 18.11
David Ames (thedac) on 2018-11-20
Changed in charm-ceph-proxy:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers