1. Post it first to help with the information
auth add <entity> {<caps> [<caps>...]} add auth info for <entity> from input file, or random key if no input is given, and/or any caps specified in the command
auth caps <entity> <caps> [<caps>...] update caps for <name> from caps specified in the command
auth del <entity> delete all caps for <name>
auth export {<entity>} write keyring for requested entity, or master keyring if none given
auth get <entity> write keyring file with requested key
auth get-key <entity> display requested key
auth get-or-create <entity> {<caps> [<caps>...]} add auth info for <entity> from input file, or random key if no input given, and/or any caps specified in the command
auth get-or-create-key <entity> {<caps> [<caps>...]} get, or add, key for <name> from system/caps pairs specified in the command. If key already exists, any given caps must match the existing caps for that key.
auth import auth import: read keyring file from -i <file>
auth ls list authentication state
auth print-key <entity> display requested key
auth rm <entity> remove all caps for <name>
Be careful
All of the following commands can specify a user --name mon. --keyring /var/lib/ceph/mon/ceph-node2/keyring --name client.admin --keyring /etc/ceph/ceph.client.admin.keyring
ceph auth add
Meaning: Add a secret key to the specified user
Give an example:
Add mon key ceph auth add client.admin Add mgr key ceph auth add mgr.node2
ceph auth caps
Meaning: Change user permissions
Give an example:
modify client.admin Permissions (-n --name Same) ceph auth caps client.admin mds 'allow *' osd 'allow *' mon 'allow *'
ceph auth del/rm
Meaning: Delete user secret key
Give an example:
Delete osd.4 user key ceph auth del osd.4
ceph auth export
Meaning: Export user key to specified file
Give an example:
Export osd.1 user key to aaa ceph auth export osd.1 -o aaa
ceph auth get
Meaning: Get the user's secret key
Give an example:
Get the key to osd.1 ceph auth get osd.1
ceph auth get-key
Meaning: Get only the key of the secret key
Give an example:
Get only the key for the osd.1 key ceph auth get-key osd.1
ceph auth get-or-create
Meaning: Similar to add, print if it has one, and create if it does not.And you can conveniently set user access rights and return user names and keys
Give an example:
Print osd.1 if it has a secret key, add one if it does not, and print it ceph auth get-or-create osd.1 ceph --cluster ceph --name client.bootstrap-mds --keyring /var/lib/ceph/bootstrap-mds/ceph.keyring auth get-or-create mds.node3 osd allow rwx mds allow mon allow profile mds -o /var/lib/ceph/mds/ceph-node3/keyring
ceph auth get-or-create-key
Meaning: Similar to add, print if it has one, and create if it does not.And you can conveniently set user access, returning only the secret key
Give an example:
Print osd.1 if it has a secret key, add one if it does not, and print it ceph auth get-or-create-key osd.1
ceph auth import
Import a user
Give an example:
ceph auth import –i /path/to/keyring
ceph auth ls
Meaning: List the current cluster keys
Give an example:
ceph auth ls
ceph auth print-key
Meaning: List the specified key name
Give an example:
ceph auth print-key osd.1
Command Summary:
1. Create a user (you can specify permissions at the same time)
If a user is given osd capabilities but no specific pool is specified, that user has access to all pools in the cluster
ceph auth add client.john mon 'allow r' osd 'allow rw pool=liverpool' ceph auth get-or-create client.paul mon 'allow r' osd 'allow rw pool=liverpool' ceph auth get-or-create client.george mon 'allow r' osd 'allow rw pool=liverpool' -o george.keyring ceph auth get-or-create-key client.ringo mon 'allow r' osd 'allow rw pool=liverpool' -o ringo.key
2. Modify user rights
ceph auth caps client.john mon 'allow r' osd 'allow rw pool=liverpool' ceph auth caps client.paul mon 'allow rw' osd 'allow rwx pool=liverpool' ceph auth caps client.brian-manager mon 'allow *' osd 'allow *'
