ceph-authtool man page on Fedora

Man page or keyword search:  
man Server   31170 pages
apropos Keyword Search (all sections)
Output format
Fedora logo
[printable version]

CEPH-AUTHTOOL(8)		     Ceph		      CEPH-AUTHTOOL(8)

NAME
       ceph-authtool - ceph keyring manipulation tool

SYNOPSIS
       ceph-authtool keyringfile [ -l | --list ] [ -C | --create-keyring
       ] [ -p | --print ] [ -n | --name entityname ] [ --gen-key ] [ -a |
       --add-key base64_key ] [ --caps capfils ] [ -b | --bin ]

DESCRIPTION
       ceph-authtool  is  a utility to create, view, and modify a Ceph keyring
       file. A keyring file stores one or more Ceph  authentication  keys  and
       possibly an associated capability specification. Each key is associated
       with an entity name, of the form {client,mon,mds,osd}.name.

OPTIONS
       -l, --list
	      will list all keys and capabilities present in the keyring

       -p, --print
	      will print an encoded key for the specified entityname. This  is
	      suitable for the mount -o secret= argument

       -C, --create-keyring
	      will create a new keyring, overwriting any existing keyringfile

       --gen-key
	      will generate a new secret key for the specified entityname

       --add-key
	      will add an encoded key to the keyring

       --cap subsystem capability
	      will set the capability for given subsystem

       --caps capsfile
	      will  set	 all  of capabilities associated with a given key, for
	      all subsystems

       -b, --bin
	      will create a binary formatted keyring

CAPABILITIES
       The subsystem is the name of a Ceph subsystem: mon, mds, or osd.

       The capability is a string describing what the given user is allowed to
       do.  This  takes	 the  form  of	a  comma separated list of allow, deny
       clauses with a permission specifier containing one or more of  rwx  for
       read,  write, and execute permission. The allow * grants full superuser
       permissions for the given subsystem.

       For example:

       # can read, write, and execute objects
       osd = "allow rwx [pool=foo[,bar]]|[uid=baz[,bay]]"

       # can access mds server
       mds = "allow"

       # can modify cluster state (i.e., is a server daemon)
       mon = "allow rwx"

       A librados user restricted to a single pool might look like:

       osd = "allow rw pool foo"

       A client mounting the file system with minimal permissions  would  need
       caps like:

       mds = "allow"

       osd = "allow rw pool=data"

       mon = "allow r"

CAPS FILE FORMAT
       The  caps file format consists of zero or more key/value pairs, one per
       line. The key and value are separated by an =, and the  value  must  be
       quoted (with ' or ") if it contains any whitespace. The key is the name
       of the Ceph subsystem (osd, mds, mon), and the value is the  capability
       string (see above).

EXAMPLE
       To create a new keyring containing a key for client.foo:

       ceph-authtool -c -n client.foo --gen-key keyring

       To  associate  some  capabilities  with the key (namely, the ability to
       mount a Ceph filesystem):

       ceph-authtool -n client.foo --cap mds 'allow' --cap osd 'allow rw pool=data' --cap mon 'allow r' keyring

       To display the contents of the keyring:

       ceph-authtool -l keyring

       When mount a Ceph file system, you can grab the	appropriately  encoded
       secret key with:

       mount -t ceph serverhost:/ mountpoint -o name=foo,secret=`ceph-authtool -p -n client.foo keyring`

AVAILABILITY
       ceph-authtool is part of the Ceph distributed file system. Please refer
       to the Ceph wiki at http://ceph.newdream.net/wiki for more information.

SEE ALSO
       ceph(8)

COPYRIGHT
       2011, New Dream Network

dev			      September 22, 2011	      CEPH-AUTHTOOL(8)
[top]

List of man pages available for Fedora

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net