# admin keyring
[ -z "$adminkeyring" ] && adminkeyring="/tmp/admin.keyring.$$"
echo Building admin keyring at $adminkeyring
- cat <<EOF > /tmp/admin_caps.$$
-; generated by mkcephfs on `date`
- mon = "allow *"
- osd = "allow *"
- mds = "allow"
-EOF
[ -e "$monkeyring" ] && rm -f $monkeyring
- $BINDIR/cauthtool --create-keyring --gen-key --name=client.admin --set-uid=0 --caps=/tmp/admin_caps.$$ $adminkeyring
- rm -f /tmp/admin_caps.$$
+ $BINDIR/cauthtool --create-keyring --gen-key --name=client.admin --set-uid=0 \
+ --cap mon 'allow *' \
+ --cap osd 'allow *' \
+ --cap mds 'allow' \
+ $adminkeyring
# mon keyring (for monitor)
echo Building monitor keyring with all service keys
$BINDIR/cauthtool --import-keyring $adminkeyring $monkeyring
- cat <<EOF > /tmp/osd.caps.$$
-; generated by mkcephfs on `date`
- mon = "allow rwx"
- osd = "allow *"
-EOF
- cat <<EOF > /tmp/mds.caps.$$
-; generated by mkcephfs on `date`
- mon = "allow rwx"
- osd = "allow *"
- mds = "allow"
-EOF
-
for name in $what; do
type=`echo $name | cut -c 1-3` # e.g. 'mon', if $name is 'mon1'
id=`echo $name | cut -c 4- | sed 's/\\.//'`
if [ "$type" = "osd" ]; then
- $BINDIR/cauthtool --create-keyring --gen-key --name=osd.$id --caps=/tmp/osd.caps.$$ /tmp/keyring.osd.$id
+ $BINDIR/cauthtool --create-keyring --gen-key --name=osd.$id \
+ --cap mon 'allow rwx' \
+ --cap osd 'allow *' \
+ /tmp/keyring.osd.$id
$BINDIR/cauthtool --import-keyring /tmp/keyring.osd.$id $monkeyring
fi
if [ "$type" = "mds" ]; then
- $BINDIR/cauthtool --create-keyring --gen-key --name=mds.$id --caps=/tmp/mds.caps.$$ /tmp/keyring.mds.$id
+ $BINDIR/cauthtool --create-keyring --gen-key --name=mds.$id \
+ --cap mon 'allow rwx' \
+ --cap osd 'allow *' \
+ --cap mds 'allow' \
+ /tmp/keyring.mds.$id
$BINDIR/cauthtool --import-keyring /tmp/keyring.mds.$id $monkeyring
fi
done
projects / ceph.git / commitdiff