Re: cephx questions

Fri, 30 Jul 2010 16:37:31 -0700 

On Fri, 30 Jul 2010, Sage Weil wrote:
> The cauthtool man page has a minimal set of caps for a machine to mount 
> the file system.  Basically,
> 
> client.foo
>         key: asdf
>         caps: [mds] allow
>         caps: [mon] allow r
>         caps: [osd] allow rw; allow rw pool=0

Correction: this should actually be

        caps: [osd] allow rw pool=data

(The above works too, but only because the 'allow rw' grants it access to 
all object pools.)

sage


> 
> Or, if you're lazy, you can just use the client.admin key.  Just be sure 
> to specify both name=admin,secret=asdf (or name=foo,secret=asdf, if using 
> the above) as a mount option.  (The 'client.' name prefix is assumed.)
> 
> I hope that answers your questions?
> sage
> 
> 
> > I pasted a redacted version of our 
> > "auth list" output below. Perhaps we have an error in our authorization 
> > list that caused the errors we experienced after the upgrade (and before 
> > I changed some things).  I can send a ceph.conf file as well if you need 
> > it. 
> > 
> > We can provide feedback on cephx code if you need it, as we were 
> > planning on keeping our cluster "cephx enabled". 
> > 
> > Thanks,
> > 
> > Nathan Regola
> > Grid and Cloud Computing Analyst
> > University of Notre Dame
> > Center for Research Computing
> > P.O. Box 539
> > Room 110 Information Technology Center
> > Notre Dame, IN  46556
> > 
> > Phone: 574-631-5287
> > 
> > 
> > 10.07.30_13:07:08.584179 mon <- [auth,list]
> > 10.07.30_13:07:08.584825 mon0 -> 'installed auth entries: 
> > mon.0
> >         key: T
> >         caps: [mon] allow *
> > mds.opteron03
> >         key: U
> >         caps: [mds] allow
> >         caps: [mon] allow rwx
> >         caps: [osd] allow *
> > osd.0
> >         key: V
> >         caps: [mon] allow rwx
> >         caps: [osd] allow *
> > osd.1
> >         key: W
> >         caps: [mon] allow rwx
> >         caps: [osd] allow *
> > client.admin
> >         key: X
> >         caps: [mds] allow
> >         caps: [mon] allow *
> >         caps: [osd] allow *
> > ' (0)
> > 
> > --
> > To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
> > the body of a message to [email protected]
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > 
> >

Reply via email to