Bug 1464955
Summary: | [RFE] Simplified CephFS client key creation | ||
---|---|---|---|
Product: | [Red Hat Storage] Red Hat Ceph Storage | Reporter: | John Spray <john.spray> |
Component: | CephFS | Assignee: | Patrick Donnelly <pdonnell> |
Status: | CLOSED ERRATA | QA Contact: | Ramakrishnan Periyasamy <rperiyas> |
Severity: | urgent | Docs Contact: | Bara Ancincova <bancinco> |
Priority: | urgent | ||
Version: | 3.0 | CC: | anharris, ceph-eng-bugs, dfuller, edonnell, hnallurv, icolle, john.spray, kdreyer, pdonnell |
Target Milestone: | rc | Keywords: | FutureFeature |
Target Release: | 3.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | RHEL: ceph-12.1.4-1.el7cp Ubuntu: ceph_12.1.4-2redhat1xenial | Doc Type: | Enhancement |
Doc Text: |
.Simplified creation of CephFS client keyring
A new command, `ceph fs authorize`, is now supported. The command simplifies creation of `cephx` capabilities for a Ceph File System (CephFS) client user. For example, to grant the `client.1` user read and write access to MDS nodes and read access to Monitor and OSD nodes on a Ceph File System named `cephfs`:
----
# ceph fs authorize cephfs client.1 rw r
----
Use this command only when creating new users. It is not possible to modify existing users with `ceph fs authorize`.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-12-05 23:34:34 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1494421 |
Description
John Spray
2017-06-26 09:50:49 UTC
Upstream ticket: http://tracker.ceph.com/issues/20885 We need a new upstream point release since this PR landed after v12.1.2 was tagged. Moving this bug to verified state. Command used for verification [ubuntu@host028 ~]$ sudo ceph --cluster qetest fs authorize cephfs client.fs rw r [client.fs] key = AQDO1MJZU4JtOBAAvBocj+CzsNDp3Cogk2FsMw== The caps created by the command [ubuntu@host028 ~]$ sudo ceph --cluster qetest fs authorize cephfs client.fs rw r [client.fs] key = AQDO1MJZU4JtOBAAvBocj+CzsNDp3Cogk2FsMw== [ubuntu@host028 ~]$ sudo ceph --cluster qetest auth get client.fs exported keyring for client.fs [client.fs] key = AQDO1MJZU4JtOBAAvBocj+CzsNDp3Cogk2FsMw== caps mds = "allow r path=rw" caps mon = "allow r" caps osd = "allow r pool=cephfs_data" Command: ceph fs authorize <fs_name> <entity> <caps> Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:3387 |