Bug 1464955 - [RFE] Simplified CephFS client key creation
Summary: [RFE] Simplified CephFS client key creation
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Ceph Storage
Classification: Red Hat
Component: CephFS
Version: 3.0
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: rc
: 3.0
Assignee: Patrick Donnelly
QA Contact: Ramakrishnan Periyasamy
Bara Ancincova
URL:
Whiteboard:
Depends On:
Blocks: 1494421
TreeView+ depends on / blocked
 
Reported: 2017-06-26 09:50 UTC by John Spray
Modified: 2017-12-05 23:34 UTC (History)
9 users (show)

Fixed In Version: RHEL: ceph-12.1.4-1.el7cp Ubuntu: ceph_12.1.4-2redhat1xenial
Doc Type: Enhancement
Doc Text:
.Simplified creation of CephFS client keyring A new command, `ceph fs authorize`, is now supported. The command simplifies creation of `cephx` capabilities for a Ceph File System (CephFS) client user. For example, to grant the `client.1` user read and write access to MDS nodes and read access to Monitor and OSD nodes on a Ceph File System named `cephfs`: ---- # ceph fs authorize cephfs client.1 rw r ---- Use this command only when creating new users. It is not possible to modify existing users with `ceph fs authorize`.
Clone Of:
Environment:
Last Closed: 2017-12-05 23:34:34 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Ceph Project Bug Tracker 20885 None None None 2017-08-02 19:42:08 UTC
Red Hat Product Errata RHBA-2017:3387 normal SHIPPED_LIVE Red Hat Ceph Storage 3.0 bug fix and enhancement update 2017-12-06 03:03:45 UTC

Description John Spray 2017-06-26 09:50:49 UTC
Instead of user having to manually write out auth caps syntax, provide a command that allows them to grant access to a client ID by filesystem name.

Comment 5 Douglas Fuller 2017-08-02 15:44:31 UTC
Upstream ticket: http://tracker.ceph.com/issues/20885

Comment 6 Ken Dreyer (Red Hat) 2017-08-07 17:31:17 UTC
We need a new upstream point release since this PR landed after v12.1.2 was tagged.

Comment 10 Ramakrishnan Periyasamy 2017-09-20 20:52:43 UTC
Moving this bug to verified state.

Command used for verification

[ubuntu@host028 ~]$ sudo ceph --cluster qetest fs authorize cephfs client.fs rw r
[client.fs]
	key = AQDO1MJZU4JtOBAAvBocj+CzsNDp3Cogk2FsMw==

Comment 11 Ramakrishnan Periyasamy 2017-09-20 20:58:26 UTC
The caps created by the command

[ubuntu@host028 ~]$ sudo ceph --cluster qetest fs authorize cephfs client.fs rw r
[client.fs]
	key = AQDO1MJZU4JtOBAAvBocj+CzsNDp3Cogk2FsMw==

[ubuntu@host028 ~]$ sudo ceph --cluster qetest auth get client.fs
exported keyring for client.fs
[client.fs]
	key = AQDO1MJZU4JtOBAAvBocj+CzsNDp3Cogk2FsMw==
	caps mds = "allow r path=rw"
	caps mon = "allow r"
	caps osd = "allow r pool=cephfs_data"

Command: ceph fs authorize <fs_name> <entity> <caps>

Comment 17 errata-xmlrpc 2017-12-05 23:34:34 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:3387


Note You need to log in before you can comment on or make changes to this bug.