On Tue, Sep 26, 2017 at 4:52 AM, Yoann Moulin <yoann.mou...@epfl.ch> wrote: > Hello, > >> I try to give access to a rbd to a client on a fresh Luminous cluster >> >> http://docs.ceph.com/docs/luminous/rados/operations/user-management/ >> >> first of all, I'd like to know the exact syntax for auth caps >> >> the result of "ceph auth ls" give this : >> >>> osd.9 >>> key: AQDjAsVZ+nI7NBAA14X9U5Xjunlk/9ovTht3Og== >>> caps: [mgr] allow profile osd >>> caps: [mon] allow profile osd >>> caps: [osd] allow * >> >> but in the documentation, it writes : >> >>> osd 'profile {name} [pool={pool-name} [namespace={namespace-name}]]' >> >> Does the "allow" needed before "profile" ? it's not clear >> >> If I create a user like this : >> >>> # ceph --cluster container auth get-or-create client.container001 \ >>> mon 'allow profile rbd' \ >>> osd 'allow profile rbd \ >>> pool=rbd namespace=container001' \ >>> -o /etc/ceph/container.client.container001.keyring > > ok, I don't know where I read the -o option to write the key but the file was > empty I do a ">" and seems to work to list or create rbd now. > > and for what I have tested then, the good syntax is « mon 'profile rbd' osd > 'profile rbd pool=rbd' » > >> In the case we give access to those rbd inside the container, how I can be >> sure users in each container do not have access to others rbd ? Is >> the namespace good to isolate each user ? > > The question about namespace is still open, if I have a namespace in the osd > caps, I can't create rbd volume. How I can isolate each client to > only his own volumes ?
Unfortunately, RBD doesn't currently support namespaces, but it's on our backlog. > Thanks for your help > > Best regards, > > -- > Yoann Moulin > EPFL IC-IT > _______________________________________________ > ceph-users mailing list > ceph-users@lists.ceph.com > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com -- Jason _______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
