summaryrefslogtreecommitdiff
path: root/man/cauthtool.8
diff options
context:
space:
mode:
Diffstat (limited to 'man/cauthtool.8')
-rw-r--r--man/cauthtool.8233
1 files changed, 157 insertions, 76 deletions
diff --git a/man/cauthtool.8 b/man/cauthtool.8
index a2b4c174de6..3abbba34326 100644
--- a/man/cauthtool.8
+++ b/man/cauthtool.8
@@ -1,106 +1,187 @@
-.TH CAUTHTOOL 8
+.TH "CAUTHTOOL" "8" "September 09, 2011" "dev" "Ceph"
.SH NAME
cauthtool \- ceph keyring manipulation tool
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.\" Man page generated from reStructeredText.
+.
.SH SYNOPSIS
-.B cauthtool
-\fIkeyringfile\fP
-[ \fB\-l\fR | \fB\-\-list\fR ]
-[ \fB\-C\fR | \fB\-\-create-keyring\fR ]
-[ \fB\-p\fR | \fB\-\-print\fR ]
-[ \fB\-n\fR | \fB\-\-name\fR \fIentityname\fP ]
-[ \fB\-\-gen-key\fR ]
-[ \fB\-a\fR | \fB\-\-add-key \fIbase64_key\fP ]
-[ \fB\-\-caps\fR \fIcapfils\fP ]
-[ \fB\-b\fR | \fB\-\-bin\fR ]
+.nf
+\fBcauthtool\fP \fIkeyringfile\fP [ \-l | \-\-list ] [ \-C | \-\-create\-keyring
+] [ \-p | \-\-print ] [ \-n | \-\-name \fIentityname\fP ] [ \-\-gen\-key ] [ \-a |
+\-\-add\-key \fIbase64_key\fP ] [ \-\-caps \fIcapfils\fP ] [ \-b | \-\-bin ]
+.fi
+.sp
.SH DESCRIPTION
-.B cauthtool
-is a utility to create, view, and modify a Ceph keyring file. A keyring
-file stores one or more Ceph authentication keys and possibly an
-associated capability specification. Each key is associated with an
-entity name, of the form \fI{client,mon,mds,osd}.name\fP.
+.sp
+\fBcauthtool\fP is a utility to create, view, and modify a Ceph keyring
+file. A keyring file stores one or more Ceph authentication keys and
+possibly an associated capability specification. Each key is
+associated with an entity name, of the form
+\fB{client,mon,mds,osd}.name\fP.
.SH OPTIONS
+.INDENT 0.0
.TP
-\fB\-l\fP, \fB\-\-list\fP
+.B \-l, \-\-list
will list all keys and capabilities present in the keyring
+.UNINDENT
+.INDENT 0.0
.TP
-\fB\-p\fP, \fB\-\-print\fP
-will print an encoded key for the specified \fIentityname\fP. This is suitable for the mount -o secret= argument
+.B \-p, \-\-print
+will print an encoded key for the specified entityname. This is
+suitable for the \fBmount \-o secret=\fP argument
+.UNINDENT
+.INDENT 0.0
.TP
-\fB\-C\fP, \fB\-\-create-keyring\fP
-will create a new keyring, overwriting any existing \fIkeyringfile\fP
+.B \-C, \-\-create\-keyring
+will create a new keyring, overwriting any existing keyringfile
+.UNINDENT
+.INDENT 0.0
.TP
-\fB\-\-gen\-key\fP
-will generate a new secret key for the specified \fIentityname\fP
+.B \-\-gen\-key
+will generate a new secret key for the specified entityname
+.UNINDENT
+.INDENT 0.0
.TP
-\fB\-\-add\-key\fP
+.B \-\-add\-key
will add an encoded key to the keyring
+.UNINDENT
+.INDENT 0.0
.TP
-\fB\-\-cap\fI subsystem capability \fP
+.B \-\-cap subsystem capability
will set the capability for given subsystem
+.UNINDENT
+.INDENT 0.0
.TP
-\fB\-\-caps\fI capsfile \fP
+.B \-\-caps capsfile
will set all of capabilities associated with a given key, for all subsystems
+.UNINDENT
+.INDENT 0.0
.TP
-\fB\-b\fP, \fB\-\-bin\fP
+.B \-b, \-\-bin
will create a binary formatted keyring
-
+.UNINDENT
.SH CAPABILITIES
+.sp
+The subsystem is the name of a Ceph subsystem: \fBmon\fP, \fBmds\fP, or
+\fBosd\fP.
+.sp
+The capability is a string describing what the given user is allowed
+to do. This takes the form of a comma separated list of allow, deny
+clauses with a permission specifier containing one or more of rwx for
+read, write, and execute permission. The \fBallow *\fP grants full
+superuser permissions for the given subsystem.
+.sp
+For example:
+.sp
+.nf
+.ft C
+# can read, write, and execute objects
+osd = "allow rwx [pool=foo[,bar]]|[uid=baz[,bay]]"
-The \fIsubsystem\fP is the name of a Ceph subsystem: mon, mds, or osd.
-.PP
-The \fIcapability\fP is a string describing what the given user is
-allowed to do. This takes the form of a comma separated list of
-allow, deny clauses with a permission specifier containing one or more
-of \fIrwx\fP for read, write, and execute permission. The "allow *" grants
-full superuser permissions for the given subsystem.
-.PP
-For example,
+# can access mds server
+mds = "allow"
-.IP
-osd = "allow rwx [pool=foo[,bar]]|[uid=baz[,bay]]" # can read, write, and execute objects
-.IP
-mds = "allow" # can access mds server
-.IP
-mon = "allow rwx" # can modify cluster state (i.e., is a server daemon)
-.PP
-A librados user restricted to a single pool might look like
-.IP
+# can modify cluster state (i.e., is a server daemon)
+mon = "allow rwx"
+.ft P
+.fi
+.sp
+A librados user restricted to a single pool might look like:
+.sp
+.nf
+.ft C
osd = "allow rw pool foo"
-.PP
-A client mounting the file system with minimal permissions would need caps like
-.IP
+.ft P
+.fi
+.sp
+A client mounting the file system with minimal permissions would need caps like:
+.sp
+.nf
+.ft C
mds = "allow"
-.IP
+
osd = "allow rw pool=data"
-.IP
-mon = "allow r"
-.PP
+mon = "allow r"
+.ft P
+.fi
.SH CAPS FILE FORMAT
-
-The caps file format consists of zero or more key/value pairs, one per line. The key and value are separated by an '=', and the value must be quoted (with ' or ") if it contains any whitespace. The key is the name of the Ceph
-subsystem (osd, mds, mon), and the value is the capability string (see above).
-
+.sp
+The caps file format consists of zero or more key/value pairs, one per
+line. The key and value are separated by an \fB=\fP, and the value must
+be quoted (with \fB\(aq\fP or \fB"\fP) if it contains any whitespace. The key
+is the name of the Ceph subsystem (\fBosd\fP, \fBmds\fP, \fBmon\fP), and the
+value is the capability string (see above).
.SH EXAMPLE
-To create a new keyring containing a key for \fIclient.foo\fP:
-.IP
-cauthtool -c -n client.foo --gen-key keyring
-.PP
-To associate some capabilities with the key (namely, the ability to mount a Ceph filesystem):
-.IP
-cauthtool -n client.foo --cap mds 'allow' --cap osd 'allow rw pool=data' --cap mon 'allow r' keyring
-.PP
+.sp
+To create a new keyring containing a key for client.foo:
+.sp
+.nf
+.ft C
+cauthtool \-c \-n client.foo \-\-gen\-key keyring
+.ft P
+.fi
+.sp
+To associate some capabilities with the key (namely, the ability to
+mount a Ceph filesystem):
+.sp
+.nf
+.ft C
+cauthtool \-n client.foo \-\-cap mds \(aqallow\(aq \-\-cap osd \(aqallow rw pool=data\(aq \-\-cap mon \(aqallow r\(aq keyring
+.ft P
+.fi
+.sp
To display the contents of the keyring:
-.IP
-cauthtool -l keyring
-.PP
-When mount a Ceph file system, you can grab the appropriately encoded secret key with
-.IP
-mount -t ceph serverhost:/ mountpoint -o name=foo,secret=`cauthtool -p -n client.foo keyring`
-.PP
+.sp
+.nf
+.ft C
+cauthtool \-l keyring
+.ft P
+.fi
+.sp
+When mount a Ceph file system, you can grab the appropriately encoded secret key with:
+.sp
+.nf
+.ft C
+mount \-t ceph serverhost:/ mountpoint \-o name=foo,secret=\(gacauthtool \-p \-n client.foo keyring\(ga
+.ft P
+.fi
.SH AVAILABILITY
-.B cauthtool
-is part of the Ceph distributed file system. Please refer to the Ceph wiki at
-http://ceph.newdream.net/wiki for more information.
+.sp
+\fBcauthtool\fP is part of the Ceph distributed file system. Please
+refer to the Ceph wiki at \fI\%http://ceph.newdream.net/wiki\fP for more
+information.
.SH SEE ALSO
-.BR ceph (8)
+.sp
+\fBceph\fP(8)
+.SH COPYRIGHT
+2011, New Dream Network
+.\" Generated by docutils manpage writer.
+.\"
+.
View Lorry Controller Status