[pve-devel] ceph key path

Alexandre DERUMIER aderumier at odiso.com
Mon Jun 18 09:11:45 CEST 2012


Hi,

they are 2 ways :

--keyfile /etc/pve/priv/ceph/storage.user.key  

contain only the key for user 

cat /etc/pve/priv/ceph/storage.user.key 
AQAuj9xPmDLtMxAAm7bxvscRod9EF0nDscfzXQ==


or (new method I just found )

--keyring /etc/pve/priv/ceph/storage.keyring

contain a list of key for the storaige

cat /etc/pve/priv/ceph/storage.keyring

[client.user1]
        key = AQAuj9xPmDLtMxAAm7bxvscRod9EF0nDscfzXQ==

[client.user2]
        key = AQAuj9xPmDLtMxAAm7bxvscRod9EF0nDscfzXQ==




Don't know which method is more secure ?
1 keyring by storage or 1 keyfile by user ?




----- Mail original ----- 

De: "Stefan Priebe" <s.priebe at profihost.ag> 
À: "Dietmar Maurer" <dietmar at proxmox.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Lundi 18 Juin 2012 07:12:59 
Objet: Re: [pve-devel] ceph key path 


Isn't this only valid for a keyring file? I accidentally copied a keyring file with multiple users to the key file and nothing worked. 


Am 18.06.2012 um 06:12 schrieb Dietmar Maurer < dietmar at proxmox.com >: 







AFAIK a ceph key file can contain keys for more than one user, so it make no sense to use: 

'--keyfile', '/etc/pve/priv/ceph/'.$storeid.'.'.$scfg->{username}.'.key' 

Instead, it should be enough to use: 

'--keyfile', “/etc/pve/priv/ceph/$storeid.key” 

What do I miss? 

- Dietmar 


<blockquote>

_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 

</blockquote>

_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 



-- 

-- 




	Alexandre D erumier 
Ingénieur Système 
Fixe : 03 20 68 88 90 
Fax : 03 20 68 90 81 
45 Bvd du Général Leclerc 59100 Roubaix - France 
12 rue Marivaux 75002 Paris - France 
	



More information about the pve-devel mailing list