Keys & caps
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Keys & caps
- From: Székelyi Szabolcs <szekelyi@xxxxxxx>
- Date: Mon, 09 Jul 2012 18:07:48 +0200
- Organization: NIIFI
- User-agent: KMail/4.8.4 (Linux/3.2.0-26-generic; KDE/4.8.4; x86_64; ; )
Hello,
this far I accessed my Ceph (0.48) FS with the client.admin key, but I'd like
to change that since I don't want to allow clients to control the cluster.
I thought I should create a new key, give it some caps (don't exactly know
which ones), and distribute it to clients. Here are some things I don't
know/understand:
* What do the r, w, x, and * caps ("permissions"?) mean on a mon, mds, or osd?
* What's the difference between (for example) 'allow rw' and 'rw' caps? `ceph
auth` seems to understand (and display as specified) both forms.
Not to run into issues with caps, I've created a key with the same caps as the
current client.admin, but with a different key, called client.access_fs. I
planned to narrow down the caps after I made the mount work with the new key.
$ sudo ceph auth list
installed auth entries:
[...]
client.access_fs
key: AQ...==
caps: [mds] allow
caps: [mon] allow *
caps: [osd] allow *
[...]
I've copied the key to the client as /etc/ceph/keyring:
[client.access_fs]
key = AQ...==
I have 'keyring = /etc/ceph/keyring' in my ceph.conf [global] section on the
client. Now trying to mount the filesystem fails with
$ sudo mount /mnt/ceph
ceph-fuse[1784]: starting ceph client
ceph-fuse[1784]: ceph mount failed with (1) Operation not permitted
ceph-fuse[1782]: mount failed: (1) Operation not permitted
Adding '-o name=client.access_fs' to the command line yields the same result.
If I copy the client.admin key into the keyring file, it works. (However,
adding the same mount option again (so the name= parameter and the key name in
the file do not match), I get an error (which seems okay to me, not sure about
the correctness):
$ sudo mount /cloud/ -o name=client.access_fs
ceph-fuse[1835]: starting ceph client
ceph-fuse[1835]: starting fuse
fuse: unknown option `name=client.access_fs'
2012-07-09 16:03:18.343793 7fb0e7b8b780 -1 fuse_lowlevel_new failed
ceph-fuse[1835]: fuse finished with error 33
ceph-fuse[1833]: mount failed: (33) Numerical argument out of domain
Could you clear up the confusion in my head? :)
Thanks,
--
cc
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[CEPH Users]
[Information on CEPH]
[Linux USB Devel]
[Video for Linux]
[Linux Audio Users]
[Photo]
[Yosemite News]
[Yosemite Photos]
[Free Online Dating]
[Linux Kernel]
[Linux SCSI]
[XFree86]
