[pve-devel] ceph key path

Mon Jun 18 09:15:30 CEST 2012

I think from point of security it is the same but i would prefer the 
keyring way as it could be easier to maintain by just copying the 
keyring file from the ceph systems.

Am 18.06.2012 09:11, schrieb Alexandre DERUMIER:
> Hi,
>
> they are 2 ways :
>
> --keyfile /etc/pve/priv/ceph/storage.user.key
>
> contain only the key for user
>
> cat /etc/pve/priv/ceph/storage.user.key
> AQAuj9xPmDLtMxAAm7bxvscRod9EF0nDscfzXQ==
>
>
> or (new method I just found )
>
> --keyring /etc/pve/priv/ceph/storage.keyring
>
> contain a list of key for the storaige
>
> cat /etc/pve/priv/ceph/storage.keyring
>
> [client.user1]
>          key = AQAuj9xPmDLtMxAAm7bxvscRod9EF0nDscfzXQ==
>
> [client.user2]
>          key = AQAuj9xPmDLtMxAAm7bxvscRod9EF0nDscfzXQ==
>
>
>
>
> Don't know which method is more secure ?
> 1 keyring by storage or 1 keyfile by user ?
>
>
>
>
> ----- Mail original -----
>
> De: "Stefan Priebe"<s.priebe at profihost.ag>
> À: "Dietmar Maurer"<dietmar at proxmox.com>
> Cc: pve-devel at pve.proxmox.com
> Envoyé: Lundi 18 Juin 2012 07:12:59
> Objet: Re: [pve-devel] ceph key path
>
>
> Isn't this only valid for a keyring file? I accidentally copied a keyring file with multiple users to the key file and nothing worked.
>
>
> Am 18.06.2012 um 06:12 schrieb Dietmar Maurer<  dietmar at proxmox.com>:
>
>
>
>
>
>
>
> AFAIK a ceph key file can contain keys for more than one user, so it make no sense to use:
>
> '--keyfile', '/etc/pve/priv/ceph/'.$storeid.'.'.$scfg->{username}.'.key'
>
> Instead, it should be enough to use:
>
> '--keyfile', “/etc/pve/priv/ceph/$storeid.key”
>
> What do I miss?
>
> - Dietmar
>
>
> <blockquote>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
> </blockquote>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>