[ceph-users] Public access to RBD

Loic Dachary loic at dachary.org
Mon Apr 21 23:01:29 PDT 2014


Hi,

I would like to allow users to create,use and delete RBD volumes, up to X GB, from a single pool. The user is a Debian GNU/Linux box using krbd. The sysadmin of the box is not trusted to have unlimited access to the Ceph cluster but (s)he is not malicious either. Permissions and quota are safeguards to prevent mistake.

While it seems possible to grant access to a single pool to a given cephx client with

   ceph-authtool -n client.foo --cap osd 'allow rwx pool=customer-pool

and the cap parser suggests even more flexibility

   https://github.com/ceph/ceph/blob/master/src/mon/MonCap.cc#L329

the documentation states that it should not be done

   http://ceph.com/docs/master/rados/operations/auth-intro/#cephx-limitations

Suggestions about how to approach this use case are most welcome :-)

Cheers
-- 
Loïc Dachary, Artisan Logiciel Libre

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ceph.com/pipermail/ceph-users-ceph.com/attachments/20140422/9d489e2b/attachment.pgp>


More information about the ceph-users mailing list