Rechercher une page de manuel
cauthtool
Langue: en
Version: 364025 (ubuntu - 25/10/10)
Section: 8 (Commandes administrateur)
NAME
cauthtool - ceph keyring manipulation toolSYNOPSIS
cauthtool keyringfile [ -l | --list ] [ -c | --create-keyring ] [ -p | --print ] [ -n | --name entityname ] [ --gen-key ] [ -a | --add-key base64_key ] [ --caps capfils ]DESCRIPTION
cauthtool is a utility to create, view, and modify a Ceph keyring file. A keyring file stores one or more Ceph authentication keys and possibly an associated capability specification. Each key is associated with an entity name, of the form {client,mon,mds,osd}.name.OPTIONS
- -l, --list
- will list all keys and capabilities present in the keyring.
- -p, --print
- will print an encoded key for the specified entityname. This is suitable for the mount -o secret= argument.
- -c, --create-keyring
- will create a new keyring, overwriting any existing keyringfile.
- --gen-key
- will generate a new secret key for the specified entityname:
- --add-key
- will add an encoded key to the keyring.
- --caps capsfile
- will set the capabilities associated with a given key.
CAPS FILE FORMAT
The caps file format consists of zero or more key/value pairs. The key is the name of the Ceph subsystem (osd, mds, mon). The value is a comma separated list of allow, deny clauses with a permission specifier containing one or more of rwx, for read, write, and execute permission. If you want to declare the key an administrator (with full privileges on everything), use the shorthand 'subsystem = "allow *"'. For example,- osd = "allow rwx [pool=foo[,bar]]|[uid=baz[,bay]]" # can read, write, and execute objects
- mds = "allow" # can access mds server
- mon = "allow rwx" # can modify cluster state (i.e., is a server daemon)
A librados user restricted to a single pool might look like
- osd = "allow rw pool foo"
A client mounting the file system with minimal permissions would need caps like
- mds = "allow"
- osd = "allow rw; allow rw pool = data_pool_num"
- mon = "allow r"
EXAMPLE
To create a new keyring containing a key for client.foo:- cauthtool -c -n client.foo --gen-key keyring.bin
To associate some capabilities with the key:
- cauthtool -n client.foo --caps foocaps.conf keyring.bin
To display the contents of the keyring:
- cauthtool -l keyring.bin
When mount a Ceph file system, you can grab the appropriately encoded secret key with
- mount -t ceph serverhost:/ mountpoint -o name=foo,secret=`cauthtool -p -n client.foo keyring.bin`
AVAILABILITY
cauthtool is part of the Ceph distributed file system. Please refer to the Ceph wiki at http://ceph.newdream.net/wiki for more information.SEE ALSO
ceph(8)Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre