On Mon, Jun 16, 2025 at 2:51 PM Fiona Ebner <f.eb...@proxmox.com> wrote:
>
> Am 16.06.25 um 11:34 schrieb Ilya Dryomov:
> > On Thu, May 15, 2025 at 1:29 PM Fiona Ebner <f.eb...@proxmox.com> wrote:
> >>
> >> In Proxmox VE, it is not always required to have a dedicated Ceph
> >> configuration file, and using the 'key-secret' QAPI option would
> >> require obtaining a key from the keyring first. The keyring location
> >> is readily available however, so having support for the 'keyring'
> >> configuration option is most convenient.
> >
> > Would such a setup have a ceph.conf file that is shared between
> > multiple users (or no ceph.conf file at all if the monitors are
> > specified via QAPI option) but individual keyring files for each
> > user?
>
> There is only a single Ceph user and we could create a ceph.conf file
> with the 'keyring' option set. It was just not required in the past,
> because we specified 'keyring' via '-drive' directly, so having this
> option would be more convenient for us.
>
> In short: we can still make it work on our side if there is no interest
> in adding this option in the QAPI.
I don't have a strong opinion, but it feels a bit like circumventing
the QAPI secret infrastructure. It's already possible to circumvent it
indirectly through the keyring option in ceph.conf file but that is
something that falls out naturally and has always been there. Adding
a more direct way to do it has me split...
Thanks,
Ilya
