Hi, I would like to allow users to create,use and delete RBD volumes, up to X GB, from a single pool. The user is a Debian GNU/Linux box using krbd. The sysadmin of the box is not trusted to have unlimited access to the Ceph cluster but (s)he is not malicious either. Permissions and quota are safeguards to prevent mistake.
While it seems possible to grant access to a single pool to a given cephx client with ceph-authtool -n client.foo --cap osd 'allow rwx pool=customer-pool and the cap parser suggests even more flexibility https://github.com/ceph/ceph/blob/master/src/mon/MonCap.cc#L329 the documentation states that it should not be done http://ceph.com/docs/master/rados/operations/auth-intro/#cephx-limitations Suggestions about how to approach this use case are most welcome :-) Cheers -- Loïc Dachary, Artisan Logiciel Libre
signature.asc
Description: OpenPGP digital signature
_______________________________________________ ceph-users mailing list [email protected] http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
