diff options
| author | John Wilkins <john.wilkins@inktank.com> | 2012-06-05 17:08:45 -0700 |
|---|---|---|
| committer | John Wilkins <john.wilkins@inktank.com> | 2012-06-05 17:08:45 -0700 |
| commit | 993caf8190354d850f2a4b18876052b17c8e8d62 (patch) | |
| tree | 31591b53547e834d0fd82534eec70d5bfc650647 /doc | |
| parent | 85fee0403dd0610a30e5ad9eec0b7d3ac02a40aa (diff) | |
| download | ceph-993caf8190354d850f2a4b18876052b17c8e8d62.tar.gz | |
doc: Added chmod for keyring, and moved client.admin user higher.
Signed-off-by: John Wilkins <john.wilkins@inktank.com>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/config-cluster/authentication.rst | 38 |
1 files changed, 21 insertions, 17 deletions
diff --git a/doc/config-cluster/authentication.rst b/doc/config-cluster/authentication.rst index 98811024f37..c107b5d2d52 100644 --- a/doc/config-cluster/authentication.rst +++ b/doc/config-cluster/authentication.rst @@ -30,7 +30,8 @@ To generate a keyring in the default location, use the ``ceph-authtool`` and specify the same path you specified in the ``[global]`` section of your ``ceph.conf`` file. For example:: - sudo ceph-authtool --create-keyring /etc/ceph/keyring.bin + sudo ceph-authtool --create-keyring /etc/ceph/keyring.bin + sudo chmod +r /etc/ceph/keyring.bin Specify Keyrings for each Daemon -------------------------------- @@ -47,6 +48,22 @@ automatically. :: [mds] keyring = /etc/ceph/keyring.$name +The ``client.admin`` Key +------------------------ +Each Ceph command you execute on the command line assumes that you are +the ``client.admin`` default user. When running Ceph with ``cephx`` enabled, +you need to have a ``client.admin`` key to run ``ceph`` commands. + +.. important: To continue to run Ceph commands on the command line with + ``cephx`` enabled, you need to create a key for the ``client.admin`` + user, and create a secret file under ``/etc/ceph``. + +:: + + sudo ceph-authtool /etc/ceph/keyring.bin -n client.admin --gen-key + sudo ceph-authtool -n client.admin --cap mds 'allow' --cap osd 'allow *' --cap mon 'allow *' /etc/ceph/keyring.bin + sudo ceph auth add client.admin -i /etc/ceph/keyring.bin + Generate a Key -------------- Keys enable a specific user to access the monitor, metadata server and cluster @@ -97,26 +114,13 @@ For example:: sudo ceph auth add client.whirlpool -i /etc/ceph/keyring.bin + +List Keys in your Cluster +------------------------- To list the keys in your cluster, execute the following:: sudo ceph auth list -The ``client.admin`` Key ------------------------- -Each Ceph command you execute on the command line assumes that you are -the ``client.admin`` default user. When running Ceph with ``cephx`` enabled, -you need to have a ``client.admin`` key to run ``ceph`` commands. - -.. important: To continue to run Ceph commands on the command line with - ``cephx`` enabled, you need to create a key for the ``client.admin`` - user, and create a secret file under ``/etc/ceph``. - -:: - - sudo ceph-authtool /etc/ceph/keyring.bin -n client.admin --gen-key - sudo ceph-authtool -n client.admin --cap mds 'allow' --cap osd 'allow *' --cap mon 'allow *' /etc/ceph/keyring.bin - sudo ceph auth add client.admin -i /etc/ceph/keyring.bin - .. _ceph-authtool: http://ceph.com/docs/master/man/8/ceph-authtool/
\ No newline at end of file |