On 10/29/19 3:45 PM, tuan dung wrote:
i have a cluster run ceph object using version 14.2.1. I want to creat 2 pool for bucket data for  purposes for security:
+ one bucket-data pool for public client access from internet (name zone1.rgw.buckets.data-pub) 
+ one bucket-data pool for private client access from local network (name zone1.rgw.buckets.data-pub)
each pool bucket-data has one individual access key: access key public (access pool public) and  access key private (access pool private).
Can you give me a recomment for this or bestpractice that you've done? what needs to be done?
Or give me your best solution for securiy a cluster ceph object with  public client access and  private client access?

You need add extra placement. This setup is pretty useless IMHO because you still will be going from one rgw zone.



k