RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2025-04-01 23:02:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

doc: Updated Keyring settings from comments and ceph-deploy defaults.

Browse Source 
Signed-off-by: John Wilkins <john.wilkins@inktank.com>
This commit is contained in:
John Wilkins 2014-09-02 11:37:33 -07:00
parent cef1299379
commit 8569b93cba
1 changed files with 13 additions and 10 deletions

23
doc/rados/configuration/auth-config-ref.rst
View File

@ -245,34 +245,35 @@ setting (not recommended), or a path to a keyfile using the ``keyfile`` setting.
Daemon Keyrings Daemon Keyrings
--------------- ---------------
With the exception of the monitors, Ceph generates daemon keyrings in the same Administrative users or deployment tools (e.g., ``ceph-deploy``) may generate
way that it generates user keyrings. By default, the daemons store their daemon keyrings in the same way as generating user keyrings. By default, Ceph
keyrings inside their data directory. The default keyring locations, and the stores daemons keyrings inside their data directory. The default keyring
capabilities necessary for the daemon to function, are shown below. locations, and the capabilities necessary for the daemon to function, are shown
below.
``ceph-mon`` ``ceph-mon``
:Location: ``$mon_data/keyring`` :Location: ``$mon_data/keyring``
:Capabilities: N/A :Capabilities: ``mon 'allow *'``
``ceph-osd`` ``ceph-osd``
:Location: ``$osd_data/keyring`` :Location: ``$osd_data/keyring``
:Capabilities: ``mon 'allow rwx' osd 'allow *'`` :Capabilities: ``mon 'allow profile osd' osd 'allow *'``
``ceph-mds`` ``ceph-mds``
:Location: ``$mds_data/keyring`` :Location: ``$mds_data/keyring``
:Capabilities: ``mds 'allow rwx' mds 'allow *' osd 'allow *'`` :Capabilities: ``mds 'allow' mon 'allow profile mds' osd 'allow rwx'``
``radosgw`` ``radosgw``
:Location: ``$rgw_data/keyring`` :Location: ``$rgw_data/keyring``
:Capabilities: ``mon 'allow rw' osd 'allow rwx'`` :Capabilities: ``mon 'allow rwx' osd 'allow rwx'``
Note that the monitor keyring contains a key but no capabilities, and .. note:: The monitor keyring (i.e., ``mon.``) contains a key but no
is not part of the cluster ``auth`` database. capabilities, and is not part of the cluster ``auth`` database.
The daemon data directory locations default to directories of the form:: The daemon data directory locations default to directories of the form::
@ -417,6 +418,8 @@ yet implemented.
foregoing flag** at the nearest practical time so that you may avail yourself foregoing flag** at the nearest practical time so that you may avail yourself
of the enhanced authentication. of the enhanced authentication.
.. note:: Ceph kernel modules do not support signatures yet.
.. _Storage Cluster Quick Start: ../../../start/quick-ceph-deploy/ .. _Storage Cluster Quick Start: ../../../start/quick-ceph-deploy/
.. _Monitor Bootstrapping: ../../../install/manual-deployment#monitor-bootstrapping .. _Monitor Bootstrapping: ../../../install/manual-deployment#monitor-bootstrapping