I’ve run production Ceph/OpenStack since 2015. The reality is running
OpenStack Newton (the last one with pki) with a post Nautilus release just
isn’t going to work. You are going to have bigger problems than trying to make
object storage work with keystone issued tokens. Worst case is you
I've been away from OpenStack for a couple of years now, so this may have
changed. But back around the Icehouse release, at least, upgrading between
OpenStack releases was a major undertaking, so backing an older OpenStack with
newer Ceph seems like it might be more common than one might
[Adding ceph-users for better usability]
On Fri, 19 Apr 2019, Radoslaw Zarzynski wrote:
> Hello,
>
> RadosGW can use OpenStack Keystone as one of its authentication
> backends. Keystone in turn had been offering many token variants
> over the time with PKI/PKIz being one of them. Unfortunately,