ceph

Can I create administrator user for ceph?


I can create basic user and it's subusers. Is it possible to create administrator user in ceph who can access all objects and buckets from all users?


Solution

  • The answer is: Yes

    And I know it's a tricky question. Because creating admin user is still not very straightforward.

    The Ceph Storage Cluster provides an administrative API that enables users to execute administrative functions via the REST API. By default, users do NOT have access to this API. To enable a user to exercise administrative functionality, provide the user with administrative capabilities.

    radosgw-admin caps add --uid={uid} --caps={caps}

    --caps="[users|buckets|metadata|usage|zone|amz-cache|info|bilog|mdlog|datalog|user-policy|oidc-provider|roles|ratelimit]=[*|read|write|read, write]"

    For example:

    radosgw-admin caps add --uid=johndoe --caps="users=*;buckets=*"

    radosgw-admin caps rm --uid=johndoe --caps={caps}