Le lun. 22 févr. 2021, à 10 h 34, Janne Johansson <icepic.dz(a)gmail.com> a
écrit :
Den mån 22 feb. 2021 kl 15:27 skrev Simon Pierre
DESROSIERS <
simonpierre.desrosiers(a)montreal.ca>gt;:
Hello,
We have functional ceph swarm with a pair of S3 rgw in front that uses
A.B.C.D domain to be accessed.
Now a new client asks to have access using the domain : E.C.D, but to
already existing buckets. This is not a scenario discussed in the docs.
Apparently, looking at the code and by trying it, rgw does not support
multiple domains for the variable rgw_dns_name.
But reading through parts of the code, I am no dev, and my c++ is 25 years
rusty, I get the impression that maybe we could just add a second pair of
rgw S3 servers that would give service to the same buckets, but using a
different domain.
Am I wrong ? Let's say this works, is this an unconscious behaviour that
the ceph team would remove down the road ?
We run this, a LB sends to one pool for one DNS name and to another pool
for a different DNS name, and both rgws serve the "same" buckets.
How can they serve the "same" buckets if they are in different ceph pools
? Am I understanding you correctly ? To me, same bucket means same
objects.
So if I were to deploy a new pair of RGWS with the new domain, would it
create a bunch of new pools in ceph to store its objects or reuse the
preexisting ones ?
Since S3 auth v4 the dns name is very much a part of
the hash to make your
access work, so whatever the client thinks is the DNS name is what it will
use to make the hash-of-hash-of-hash* combination to auth itself.
We haven't made a huge attempt to break it by doing wacky parallel accesses
from both directions, but it seems to work to move off clients from old
name
to new name and the stragglers that will never change will get the old
small
LB pool and the clients with a decent config get better service.
I have a need for parallel access, have you tried it ?
In our case the domains are completely different, so
not A.B.C.D vs B.C.D
but
rather F.G.H.I instead.
*) SIGNATURE=$(HMAC-SHA256h $(HMAC-SHA256h $(HMAC-SHA256h $(HMAC-SHA256h
$(HMAC-SHA256s $AWS4SECRET $REQUEST_DATE ) $REQUEST_REGION)
$REQUEST_SERVICE) "aws4_request") $UPLOAD_REQUEST)
--
May the most significant bit of your life be positive.
--
**AVERTISSEMENT** : Ce courriel et les pièces qui y sont jointes sont
destinés exclusivement au(x) destinataire(s) mentionné(s) ci-dessus et
peuvent contenir de l’information privilégiée ou confidentielle. Si vous
avez reçu ce courriel par erreur, ou s’il ne vous est pas destiné, veuillez
le mentionner immédiatement à l’expéditeur et effacer ce courriel ainsi que
les pièces jointes, le cas échéant. La copie ou la redistribution non
autorisée de ce courriel peut être illégale. Le contenu de ce courriel ne
peut être interprété qu’en conformité avec les lois et règlements qui
régissent les pouvoirs des diverses instances décisionnelles compétentes de
la Ville de Montréal.