RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2025-03-11 02:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

doc: Updated Keyring settings from comments and ceph-deploy defaults.

Browse Source 
Signed-off-by: John Wilkins <john.wilkins@inktank.com>
This commit is contained in:
John Wilkins 2014-09-02 11:37:33 -07:00
parent cef1299379
commit 8569b93cba
1 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
doc/rados/configuration/auth-config-ref.rst
View File

@ -245,34 +245,35 @@ setting (not recommended), or a path to a keyfile using the ``keyfile`` setting.
Daemon Keyrings
---------------
With the exception of the monitors, Ceph generates daemon keyrings in the same
way that it generates user keyrings. By default, the daemons store their
keyrings inside their data directory. The default keyring locations, and the
capabilities necessary for the daemon to function, are shown below.
Administrative users or deployment tools (e.g., ``ceph-deploy``) may generate
daemon keyrings in the same way as generating user keyrings. By default, Ceph
stores daemons keyrings inside their data directory. The default keyring
locations, and the capabilities necessary for the daemon to function, are shown
below.
``ceph-mon``
:Location: ``$mon_data/keyring``
:Capabilities: N/A
:Capabilities: ``mon 'allow *'``
``ceph-osd``
:Location: ``$osd_data/keyring``
:Capabilities: ``mon 'allow rwx' osd 'allow *'``
:Capabilities: ``mon 'allow profile osd' osd 'allow *'``
``ceph-mds``
:Location: ``$mds_data/keyring``
:Capabilities: ``mds 'allow rwx' mds 'allow *' osd 'allow *'``
:Capabilities: ``mds 'allow' mon 'allow profile mds' osd 'allow rwx'``
``radosgw``
:Location: ``$rgw_data/keyring``
:Capabilities: ``mon 'allow rw' osd 'allow rwx'``
:Capabilities: ``mon 'allow rwx' osd 'allow rwx'``
Note that the monitor keyring contains a key but no capabilities, and
is not part of the cluster ``auth`` database.
.. note:: The monitor keyring (i.e., ``mon.``) contains a key but no
capabilities, and is not part of the cluster ``auth`` database.
The daemon data directory locations default to directories of the form::
@ -417,6 +418,8 @@ yet implemented.
foregoing flag** at the nearest practical time so that you may avail yourself
of the enhanced authentication.
.. note:: Ceph kernel modules do not support signatures yet.
.. _Storage Cluster Quick Start: ../../../start/quick-ceph-deploy/
.. _Monitor Bootstrapping: ../../../install/manual-deployment#monitor-bootstrapping