Hi Ceph community, We are exploring setting up bucket notifications using Kafka on our Ceph cluster running Reef/Squid (P.S. versions output at the end of this email), and have verified that the Kafka library is integrated in the `radosgw-admin` binary. We attempted to use mTLS authentication by providing certificates and keys to `radosgw-admin`, but it fails to connect to the Kafka broker. From various threads and the open PR here (http://github.com/ceph/ceph/pull/61572), it seems mTLS authentication is not yet supported on the Ceph version we are using. Using username/password is not an option with our Kafka system. The documentation mentions support for the OAUTHBEARER mechanism; however, the payload example at https://docs.ceph.com/en/squid/radosgw/notifications/#create-a-topic does not include a token field. It also does not clarify how token refresh is handled when the token expires. Specifically: • Where can we configure the URL or method for RGW to refresh the auth token? • Are there any example configurations available demonstrating the correct setup and token refresh with OAUTHBEARER for Kafka notifications? Additionally, could you please clarify if these configurations must be done via `radosgw-admin` commands or through an S3 client? Examples of commands for either approach would be very helpful. If OAUTHBEARER and user-password is not an option, is there any other way to configure bucket notifications using Kafka? Please advise. Thank you very much in advance for your guidance. Best regards, Shreesha P.S. ubuntu@fr1obj001:~$ sudo cephadm shell Inferring fsid 877b08fe-f88a-4468-a224-7cf7980c0f47 Inferring config /var/lib/ceph/877b08fe-f88a-4468-a224-7cf7980c0f47/mon.fr1obj001/config root@fr1obj001:/# ceph -v ceph version 18.2.4 (e7ad5345525c7aa95470c26863873b581076945d) reef (stable) root@fr1obj001:/# ceph versions { "mon": { "ceph version 19.2.2 (0eceb0defba60152a8182f7bd87d164b639885b8) squid (stable)": 3 }, "mgr": { "ceph version 19.2.2 (0eceb0defba60152a8182f7bd87d164b639885b8) squid (stable)": 3 }, "osd": { "ceph version 19.2.2 (0eceb0defba60152a8182f7bd87d164b639885b8) squid (stable)": 106 }, "rgw": { "ceph version 19.2.2 (0eceb0defba60152a8182f7bd87d164b639885b8) squid (stable)": 3 }, "overall": { "ceph version 19.2.2 (0eceb0defba60152a8182f7bd87d164b639885b8) squid (stable)": 115 } } Sensitivity: Company-Internal ==================== This email/fax message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this email/fax is prohibited. If you are not the intended recipient, please destroy all paper and electronic copies of the original message. _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |