[ceph-users] Ceph auth profile definitions

Jason Dillaman jdillama at redhat.com
Thu Nov 9 05:26:46 PST 2017


They are currently defined to the following (translated to cap syntax):

mon: 'allow service mon r, allow service osd r, allow service pg r,
allow command "osd blacklist" with blacklistop=add addr regex
"^[^/]+/[0-9]+$"'
osd: 'allow class-read object_prefix rbd_children, allow class-read
object_prefix rbd_mirroring, allow [pool <pool name>] rwx'


On Thu, Nov 9, 2017 at 5:24 AM, John Spray <jspray at redhat.com> wrote:
>
> On Thu, Nov 9, 2017 at 10:12 AM, Marc Roos <M.Roos at f1-outsourcing.eu> wrote:
> >
> > How/where can I see how eg. 'profile rbd' is defined?
> >
> > As in
> > [client.rbd.client1]
> >         key = xxx==
> >         caps mon = "profile rbd"
> >         caps osd = "profile rbd pool=rbd"
>
> The profiles are defined internally and are subject to change, but you
> can peek at them in the code:
> https://github.com/ceph/ceph/blob/master/src/mon/MonCap.cc#L285
> https://github.com/ceph/ceph/blob/master/src/osd/OSDCap.cc#L250
>
> John
>
> >
> >
> >
> >
> > _______________________________________________
> > ceph-users mailing list
> > ceph-users at lists.ceph.com
> > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> _______________________________________________
> ceph-users mailing list
> ceph-users at lists.ceph.com
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com




-- 
Jason


More information about the ceph-users mailing list