charm-ceph-proxy needs to support cases where pools and keys are pre-created and ceph-proxy just proxies this data to client applications (cinder-ceph, glance, gnocchi, gnocchi, radosgw, nova-compute)
Currently:
* admin user name and type are hard-coded and requires privileges to create users and pools;
* if pools with required names (as requested via broker interface) already exist only `rados --id admin lspools` is executed by charm-ceph-proxy which does not require significant mon privileges (rx only);
* user keys for client applications are generated via `sudo -u ceph ceph --name client.admin --keyring /var/lib/ceph/mon/ceph-<ceph-proxy-unit-hostname>/keyring auth get-or-create <requested_application_user> <caps-list-from-ceph-proxy-charm>.
Suggested changes:
1) allow configuring admin user name and type;
2) allow users and cephx keys to be loaded via charm configuration.
charm-ceph-proxy needs to support cases where pools and keys are pre-created and ceph-proxy just proxies this data to client applications (cinder-ceph, glance, gnocchi, gnocchi, radosgw, nova-compute)
Currently:
* admin user name and type are hard-coded and requires privileges to create users and pools; ceph/mon/ ceph-<ceph- proxy-unit- hostname> /keyring auth get-or-create <requested_ application_ user> <caps-list- from-ceph- proxy-charm> .
* if pools with required names (as requested via broker interface) already exist only `rados --id admin lspools` is executed by charm-ceph-proxy which does not require significant mon privileges (rx only);
* user keys for client applications are generated via `sudo -u ceph ceph --name client.admin --keyring /var/lib/
Suggested changes:
1) allow configuring admin user name and type;
2) allow users and cephx keys to be loaded via charm configuration.