ceph-keystone-multitenancy/

[utterances-bot]

How to enable Ceph multitenancy for object storage in OpenStack?

https://abayard.com/ceph-keystone-multitenancy/

[alexgnt]

Just a wondering, is there any way make all this stuff for S3 only. I.e. do not enable swift and without creation of swift endpoints? In all manuals which I see you always need to set up swift service.

Also, I wondering how to configure keystone authentication for ceph for S3 only!

[ab-a]

You cannot configure Keystone authentication for S3 only, but you can choose which API are available on Ceph with the option rgw_enable_apis (by default all APIs are enabled). So technically, yes, you can disable the Swift API on Ceph and skip the endpoint creation on OpenStack and it will work, but unless you have a specific need to do that, that does not really make sense and I don't recommend this approach for many reasons, even if you don't use the Swift API directly.

I want to add that you never "enable" Swift in the process, since there's no Swift cluster. OpenStack Swift and the Swift API provided by Ceph are 2 completely different things, and there's no overhead by keeping enabled the Swift API on Ceph.

I do not know your use case, but it seems you don't really need Keystone if you are not interested to integrate it with the OpenStack ecosystem, why not using a simple ldap instead?

Also, you can find more informations here: https://abayard.com/how-to-integrate-keystone-with-ceph-rgw-s3-swift/ I'm preparing a post with more detailed informations on the different authentication workflow/backend and middleware integrations, maybe you'll be interested :wink: