Hello, > I try to give access to a rbd to a client on a fresh Luminous cluster > > http://docs.ceph.com/docs/luminous/rados/operations/user-management/ > > first of all, I'd like to know the exact syntax for auth caps > > the result of "ceph auth ls" give this : > >> osd.9 >> key: AQDjAsVZ+nI7NBAA14X9U5Xjunlk/9ovTht3Og== >> caps: [mgr] allow profile osd >> caps: [mon] allow profile osd >> caps: [osd] allow * > > but in the documentation, it writes : > >> osd 'profile {name} [pool={pool-name} [namespace={namespace-name}]]' > > Does the "allow" needed before "profile" ? it's not clear > > If I create a user like this : > >> # ceph --cluster container auth get-or-create client.container001 \ >> mon 'allow profile rbd' \ >> osd 'allow profile rbd \ >> pool=rbd namespace=container001' \ >> -o /etc/ceph/container.client.container001.keyring
ok, I don't know where I read the -o option to write the key but the file was empty I do a ">" and seems to work to list or create rbd now. and for what I have tested then, the good syntax is « mon 'profile rbd' osd 'profile rbd pool=rbd' » > In the case we give access to those rbd inside the container, how I can be > sure users in each container do not have access to others rbd ? Is > the namespace good to isolate each user ? The question about namespace is still open, if I have a namespace in the osd caps, I can't create rbd volume. How I can isolate each client to only his own volumes ? Thanks for your help Best regards, -- Yoann Moulin EPFL IC-IT _______________________________________________ ceph-users mailing list [email protected] http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
