The documentation still has many traces of ceph-deploy. This tool has
been deprecated with the Octopus release. This commit tries to remove
most of ceph-deploy occurences.
Signed-off-by: Robert Sander <r.sander@heinlein-support.de>
RTD does not support installing system packages, the only ways to install
dependencies are setuptools and pip. while ditaa is a tool written in
Java. so we need to find a native python tool allowing us to render ditaa
images. plantweb is able to the web service for rendering the ditaa
diagram. so let's use it as a fallback if "ditaa" is not around.
also start a new line after the directive, otherwise planweb server will
return 500 at seeing the diagram.
Signed-off-by: Kefu Chai <kchai@redhat.com>
This allows an optional, arbitrary key/value constraint clauses to
be appended to "profile XYZ" and "allow module XYZ" caps. A module
can then provide additional validatation against these meta-arguments.
Example:
profile rbd pool=rbd
allow module rbd_support with pool=rbd
Signed-off-by: Jason Dillaman <dillaman@redhat.com>
This allows specific python add-on modules to be whitelisted instead
of manually adding each command exported by the module.
allow module {module-name} {access-spec}
Signed-off-by: Jason Dillaman <dillaman@redhat.com>
The Luminous release notes tell users to ensure that rbd clients have
the ability to blacklist other client users; this is provided by
"profile rbd", which this change now documents explicitly in the user
management documentation.
Signed-off-by: Matthew Vernon <mv3@sanger.ac.uk>
This command has not worked since hammer and makes no sense in an
environment where we do not allow empty caps
Fixes: http://tracker.ceph.com/issues/37663
Signed-off-by: Brad Hubbard <bhubbard@redhat.com>
The rbd-mirror daemon will require permission to read config-keys
from the "rbd/mirror/" prefix. These new profiles (and the new
associated bootstrap-rbd-mirror user) provide the required
permissions.
Signed-off-by: Jason Dillaman <dillaman@redhat.com>
Note that for the keyring we still accept (but ignore) auid lines so that
we can parse old keyrings that have them.
Signed-off-by: Sage Weil <sage@redhat.com>
Define the string 'all' to be a synonym for the wildcard '*'. This
avoids confusion in the event that some auth caps (typically with
ceph fs authorize) are not quoted and thus '*' is expanded by the shell.
Signed-off-by: Douglas Fuller <dfuller@redhat.com>
Permit the wildcard * at the end of namespace names to match any
namespace starting with the given prefix. The wildcard is only
allowed at the end of the namespace name.
Example:
allow rw namespace=foo*
Signed-off-by: Douglas Fuller <dfuller@redhat.com>
Extend the OSD auth caps syntax to include RADOS pool tags. New syntax:
allow rw tag <application> <key>=<value>
Access is granted if the pool contains the <key>:<value> in its
application metadata.
Feature: http://tracker.ceph.com/issues/21084
Signed-off-by: Douglas Fuller <dfuller@redhat.com>
This is more correctly "mds 'allow *'".
In the RADOS user management page, refer the user
to the cephfs client auth docs, rather than attempting
to explain MDS cap syntax inline.
Signed-off-by: John Spray <john.spray@redhat.com>
* doc/release-notes.rst: escape asterisks not used for inline emphasis
fix bad hyper links
* doc/rados/troubleshooting/troubleshooting-osd.rst: escape asterisks
not used for inline emphasis
* doc/radosgw/index.rst: add orphan docs to toc
* doc/dev/perf_histograms.rst: indent block quote
* doc/install/manual-freebsd-deployment.rst: fix block quotes
* doc/mgr/administrator.rst: escape asterisks not used for inline emphasis
* doc/start/quick-rbd.rst: add missing hyper link target
Signed-off-by: Kefu Chai <kchai@redhat.com>
Add some brief documentation on updating their caps and link to it.
Fixes: http://tracker.ceph.com/issues/20296
Signed-off-by: Greg Farnum <gfarnum@redhat.com>
These haven't existed since 0.84 -- the cephfs documentation
was updated at the time, but there were also references in the
rados documentation.
Signed-off-by: John Spray <john.spray@redhat.com>
