ceph auth command collection

Keywords: Ceph osd

1. Post it first to help with the information

auth add <entity> {<caps> [<caps>...]}                                           add auth info for <entity> from input file, or random key if no input is given, and/or any caps specified in the command
auth caps <entity> <caps> [<caps>...]                                            update caps for <name> from caps specified in the command
auth del <entity>                                                                delete all caps for <name>
auth export {<entity>}                                                           write keyring for requested entity, or master keyring if none given
auth get <entity>                                                                write keyring file with requested key
auth get-key <entity>                                                            display requested key
auth get-or-create <entity> {<caps> [<caps>...]}                                 add auth info for <entity> from input file, or random key if no input given, and/or any caps specified in the command
auth get-or-create-key <entity> {<caps> [<caps>...]}                             get, or add, key for <name> from system/caps pairs specified in the command.  If key already exists, any given caps must match the existing caps for that key.
auth import                                                                      auth import: read keyring file from -i <file>
auth ls                                                                          list authentication state
auth print-key <entity>                                                          display requested key
auth rm <entity>                                                                 remove all caps for <name>

Be careful

All of the following commands can specify a user
--name mon. --keyring /var/lib/ceph/mon/ceph-node2/keyring
--name client.admin --keyring /etc/ceph/ceph.client.admin.keyring

ceph auth add

Meaning: Add a secret key to the specified user
Give an example:

Add mon key
ceph auth add client.admin 
Add mgr key
ceph auth add mgr.node2 

ceph auth caps

Meaning: Change user permissions
Give an example:

modify client.admin Permissions (-n --name Same)
ceph auth caps client.admin mds 'allow *' osd 'allow *' mon 'allow *'

ceph auth del/rm

Meaning: Delete user secret key
Give an example:

Delete osd.4 user key
ceph auth del osd.4

ceph auth export

Meaning: Export user key to specified file
Give an example:

Export osd.1 user key to aaa
ceph auth export osd.1 -o aaa

ceph auth get

Meaning: Get the user's secret key
Give an example:

Get the key to osd.1
ceph auth get osd.1

ceph auth get-key

Meaning: Get only the key of the secret key
Give an example:

Get only the key for the osd.1 key
ceph auth get-key osd.1

ceph auth get-or-create

Meaning: Similar to add, print if it has one, and create if it does not.And you can conveniently set user access rights and return user names and keys
Give an example:

Print osd.1 if it has a secret key, add one if it does not, and print it
ceph auth get-or-create osd.1
ceph --cluster ceph --name client.bootstrap-mds --keyring /var/lib/ceph/bootstrap-mds/ceph.keyring auth get-or-create mds.node3 osd allow rwx mds allow mon allow profile mds -o /var/lib/ceph/mds/ceph-node3/keyring

ceph auth get-or-create-key

Meaning: Similar to add, print if it has one, and create if it does not.And you can conveniently set user access, returning only the secret key
Give an example:

Print osd.1 if it has a secret key, add one if it does not, and print it
ceph auth get-or-create-key osd.1

ceph auth import

Import a user
Give an example:

ceph auth import –i /path/to/keyring

ceph auth ls

Meaning: List the current cluster keys
Give an example:

ceph auth ls

ceph auth print-key

Meaning: List the specified key name
Give an example:

ceph auth print-key osd.1

Command Summary:

1. Create a user (you can specify permissions at the same time)
If a user is given osd capabilities but no specific pool is specified, that user has access to all pools in the cluster

ceph auth add client.john mon 'allow r' osd 'allow rw pool=liverpool'
ceph auth get-or-create client.paul mon 'allow r' osd 'allow rw pool=liverpool'
ceph auth get-or-create client.george mon 'allow r' osd 'allow rw pool=liverpool' -o george.keyring
ceph auth get-or-create-key client.ringo mon 'allow r' osd 'allow rw pool=liverpool' -o ringo.key

2. Modify user rights

ceph auth caps client.john mon 'allow r' osd 'allow rw pool=liverpool'
ceph auth caps client.paul mon 'allow rw' osd 'allow rwx pool=liverpool'
ceph auth caps client.brian-manager mon 'allow *' osd 'allow *'
263 original articles published, 6 praised, 8120 visits
Private letter follow

Posted by israfel on Sun, 26 Jan 2020 18:23:45 -0800