Thanks for the info: https://docs.ceph.com/docs/master/rbd/iscsi-target-cli/
Presented as a comment in the sample config file: # Place a copy of the ceph cluster's admin keyring in the gateway's /etc/ceph # drectory and reference the filename here gateway_keyring = ceph.client.admin.keyring ________________________________ From: Jason Dillaman <[email protected]> Sent: Friday, September 6, 2019 12:37 PM To: Wesley Dillingham <[email protected]> Cc: [email protected] <[email protected]> Subject: Re: [ceph-users] using non client.admin user for ceph-iscsi gateways Notice: This email is from an external sender. On Fri, Sep 6, 2019 at 12:00 PM Wesley Dillingham <[email protected]> wrote: > > the iscsi-gateway.cfg seemingly allows for an alternative cephx user other > than client.admin to be used, however the comments in the documentations says > specifically to use client.admin. Hmm, can you point out where this is in the docs? Originally, tcmu-runner didn't support the ability to change the user id, but that has been available for about a year now [1]. > Other than having the cfg file point to the appropriate key/user with > "gateway_keyring" and giving that client read caps on the mons and full > access to the pool configured to be used for iscsi are any other particular > steps / settings / actions needed? Just use "profile rbd" for your caps to keep it simple. > It seems prudent to not use client.admin but I don't want to have unstable > behavior or untested setup. > > Thanks. > > Respectfully, > > Wes Dillingham > [email protected] > Site Reliability Engineer IV - Platform Storage / Ceph > > _______________________________________________ > ceph-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] [1] https://github.com/open-iscsi/tcmu-runner/commit/c85ccdcfb7f4b17926eda1df89e592f5fd9ac5d4 -- Jason
_______________________________________________ ceph-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
