Hi Benjeman. Thank You for much needed help.
Best Regards, Rishabh > On 05-Dec-2018, at 7:50 PM, Benjeman Meekhof <bmeek...@umich.edu> wrote: > > Hi Rishabh, > > You might want to check out these examples for python boto3 which include > SSE-C: > https://github.com/boto/boto3/blob/develop/boto3/examples/s3.rst > > As already noted use 'radosgw-admin' to retrieve access key and secret > key to plug into your client. If you are not an administrator on your > Ceph cluster you may have to ask someone who is to create/retrieve the > necessary user info. Example: > > radosgw-admin user info --uid testuser > ..... > "keys": [ > { > "user": "testuser", > "access_key":"ABCDE0", > "secret_key": "1FGHIJK" > } > > There is also an Admin API to retrieve this information but you > wouldn't use it unless your application is something more general > purpose requiring access to all user credentials (or other > information). There are libraries for this API as well noted at the > bottom of the docs page. If you just need an access/secret to plug > into your client this is not what you are looking for - to even use it > you still need to create a user with the radosgw-admin command. If > you need to programmatically manage / retrieve user info with some > kind of privileged application it might be of use. > http://docs.ceph.com/docs/mimic/radosgw/adminops/ > > thanks, > Ben > > > On Tue, Dec 4, 2018 at 11:41 PM Rishabh S <talktorishab...@gmail.com> wrote: >> >> Hi Paul, >> >> Thank You. >> >> I was looking for suggestions on how my ceph client should get access and >> secret keys. >> >> Another thing where I need help is regarding encryption >> http://docs.ceph.com/docs/mimic/radosgw/encryption/# >> >> I am little confused what does these statement means. >> >> The Ceph Object Gateway supports server-side encryption of uploaded objects, >> with 3 options for the management of encryption keys. Server-side encryption >> means that the data is sent over HTTP in its unencrypted form, and the Ceph >> Object Gateway stores that data in the Ceph Storage Cluster in encrypted >> form. >> >> Note Requests for server-side encryption must be sent over a secure HTTPS >> connection to avoid sending secrets in plaintext. >> >> CUSTOMER-PROVIDED KEYS >> >> In this mode, the client passes an encryption key along with each request to >> read or write encrypted data. It is the client’s responsibility to manage >> those keys and remember which key was used to encrypt each object. >> >> >> My understanding is when ceph client is trying to upload a file/object to >> Ceph cluster then client request should be https and will include >> “customer-provided-key”. >> Then Ceph will use customer-provided-key to encrypt file/object before >> storing data into Ceph cluster. >> >> Please correct and suggest best approach to store files/object in Ceph >> cluster. >> >> Any code example of initial handshake to upload a file/object with >> encryption-key will be of great help. >> >> Regards, >> Rishabh >> >> On 05-Dec-2018, at 2:48 AM, Paul Emmerich <paul.emmer...@croit.io> wrote: >> >> You are probably looking for radosgw-admin which can manage users on >> the shell, e.g.: >> >> radosgw-admin user create --uid username --display-name "full name" >> radosgw-admin user list >> radosgw-admin user info --uid username >> >> The create and info commands return the secret/access key which can be >> used with any S3 client. >> >> -- >> Paul Emmerich >> >> Looking for help with your Ceph cluster? Contact us at https://croit.io >> >> croit GmbH >> Freseniusstr. 31h >> 81247 München >> www.croit.io >> Tel: +49 89 1896585 90 >> Am Di., 4. Dez. 2018 um 18:55 Uhr schrieb Rishabh S >> <talktorishab...@gmail.com>: >> >> >> Dear Members, >> >> I am new to ceph and implementing object store using ceph. >> >> I have following scenario. >> >> 1. I have an application which needs to store thousands of files in to ceph >> cluster >> 2. My application will be deployed in kubernetes cluster >> 3. My application will communicate using Rest API >> >> My application will be ceph client which will be communicating ceph cluster >> using http/https. >> Can some one please help me with how my application should get >> access-key/secret-key to communicate with ceph cluster. >> >> I am mainly looking for rest/http api example for initial >> authentication/authorization handshake. >> >> Thanks in advance. >> >> Regards, >> Rishabh >> >> >> >> On 04-Dec-2018, at 11:11 PM, ceph-users-requ...@lists.ceph.com wrote: >> >> ceph-users@lists.ceph.com >> >> >> _______________________________________________ >> ceph-users mailing list >> ceph-users@lists.ceph.com >> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >> >> >> _______________________________________________ >> ceph-users mailing list >> ceph-users@lists.ceph.com >> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
