Thanks for the info:
https://docs.ceph.com/docs/master/rbd/iscsi-target-cli/
Presented as a comment in the sample config file:
# Place a copy of the ceph cluster's admin keyring in the gateway's /etc/ceph
# drectory and reference the filename here
gateway_keyring = ceph.client.admin.keyring
________________________________
From: Jason Dillaman <jdillama(a)redhat.com>
Sent: Friday, September 6, 2019 12:37 PM
To: Wesley Dillingham <wdillingham(a)godaddy.com>
Cc: ceph-users(a)ceph.io <ceph-users(a)ceph.io>
Subject: Re: [ceph-users] using non client.admin user for ceph-iscsi gateways
Notice: This email is from an external sender.
On Fri, Sep 6, 2019 at 12:00 PM Wesley Dillingham
<wdillingham(a)godaddy.com> wrote:
the iscsi-gateway.cfg seemingly allows for an alternative cephx user other than
client.admin to be used, however the comments in the documentations says specifically to
use client.admin.
Hmm, can you point out where this is in the docs? Originally,
tcmu-runner didn't support the ability to change the user id, but that
has been available for about a year now [1].
Other than having the cfg file point to the
appropriate key/user with "gateway_keyring" and giving that client read caps on
the mons and full access to the pool configured to be used for iscsi are any other
particular steps / settings / actions needed?
Just use "profile rbd" for your caps to keep it simple.
It seems prudent to not use client.admin but I
don't want to have unstable behavior or untested setup.
Thanks.
Respectfully,
Wes Dillingham
wdillingham(a)godaddy.com
Site Reliability Engineer IV - Platform Storage / Ceph
_______________________________________________
ceph-users mailing list -- ceph-users(a)ceph.io
To unsubscribe send an email to ceph-users-leave(a)ceph.io
[1]
https://github.com/open-iscsi/tcmu-runner/commit/c85ccdcfb7f4b17926eda1df89…
--
Jason