To list all users in the cluster::
- ceph auth list
+ ceph auth ls
Options
specifies the client 'name', which is used to find the
client-specific configuration options in the config file, and
also is the name used for authentication when connecting
- to the cluster (the entity name appearing in ceph auth list output,
+ to the cluster (the entity name appearing in 'ceph auth ls' output,
for example). The default is 'client.restapi'.
.. option:: -i/--id id
ceph auth import
-Subcommand ``list`` lists authentication state.
+Subcommand ``ls`` lists authentication state.
Usage::
- ceph auth list
+ ceph auth ls
Subcommand ``print-key`` displays requested key.
To list the cluster's keys and their capabilities, execute the following::
- ceph auth list
+ ceph auth ls
Placement Group Subsystem
If you created users with permissions strictly for a pool that no longer
exists, you should consider deleting those users too::
- ceph auth list | grep -C 5 {pool-name}
+ ceph auth ls | grep -C 5 {pool-name}
ceph auth del {user}
To list the users in your cluster, execute the following::
- ceph auth list
+ ceph auth ls
Ceph will list out all users in your cluster. For example, in a two-node
-exemplary cluster, ``ceph auth list`` will output something that looks like
+exemplary cluster, ``ceph auth ls`` will output something that looks like
this::
installed auth entries:
Note also that each entry has a ``key: <value>`` entry, and one or more
``caps:`` entries.
-You may use the ``-o {filename}`` option with ``ceph auth list`` to
+You may use the ``-o {filename}`` option with ``ceph auth ls`` to
save the output to a file.
Verify the name exists. ::
- ceph auth list
+ ceph auth ls
**NOTE**: ``libvirt`` will access Ceph using the ID ``libvirt``,
not the Ceph name ``client.libvirt``. See `User Management - User`_ and
contents. (The existing ``ceph config-key list`` only dumps the key
names, not the values.)
- ``ceph config-key list`` is deprecated in favor of ``ceph config-key ls``.
+ - ``ceph auth list`` is deprecated in favor of ``ceph auth ls``.
- ``ceph osd set-{full,nearfull,backfillfull}-ratio`` sets the
cluster-wide ratio for various full thresholds (when the cluster
refuses IO, when the cluster warns about being close to full,
def auth_list(self):
"""
- Convenience wrapper on "ceph auth list"
+ Convenience wrapper on "ceph auth ls"
"""
return json.loads(self.mds_cluster.mon_manager.raw_cluster_cmd(
- "auth", "list", "--format=json-pretty"
+ "auth", "ls", "--format=json-pretty"
))['auth_dump']
def assert_session_count(self, expected, ls_data=None, mds_id=None):
ceph auth add client.xx -i client.xx.keyring
rm -f client.xx.keyring
ceph auth list | grep client.xx
+ ceph auth ls | grep client.xx
ceph auth get client.xx | grep caps | grep mon
ceph auth get client.xx | grep caps | grep osd
ceph auth get-key client.xx
check_response "auid = $auid"
ceph --format json-pretty auth get client.TEST > $TMPFILE
check_response '"auid": '$auid
- ceph auth list > $TMPFILE
+ ceph auth ls > $TMPFILE
check_response "auid: $auid"
- ceph --format json-pretty auth list > $TMPFILE
+ ceph --format json-pretty auth ls > $TMPFILE
check_response '"auid": '$auid
ceph auth del client.TEST
}
check_response "EACCES: access denied"
ceph -n client.xx-profile-ro -k client.xx.keyring osd set noout >& $TMPFILE || true
check_response "EACCES: access denied"
- ceph -n client.xx-profile-ro -k client.xx.keyring auth list >& $TMPFILE || true
+ ceph -n client.xx-profile-ro -k client.xx.keyring auth ls >& $TMPFILE || true
check_response "EACCES: access denied"
# read-write is allowed for all read-write commands (except auth)
ceph -n client.xx-profile-rw -k client.xx.keyring osd set noout
ceph -n client.xx-profile-rw -k client.xx.keyring osd unset noout
# read-write gets access denied for auth commands
- ceph -n client.xx-profile-rw -k client.xx.keyring auth list >& $TMPFILE || true
+ ceph -n client.xx-profile-rw -k client.xx.keyring auth ls >& $TMPFILE || true
check_response "EACCES: access denied"
# role-definer is allowed RWX 'auth' commands and read-only 'mon' commands
- ceph -n client.xx-profile-rd -k client.xx.keyring auth list
+ ceph -n client.xx-profile-rd -k client.xx.keyring auth ls
ceph -n client.xx-profile-rd -k client.xx.keyring auth export
ceph -n client.xx-profile-rd -k client.xx.keyring auth add client.xx-profile-foo
ceph -n client.xx-profile-rd -k client.xx.keyring status
# in the cluster at all
function mds_exists()
{
- ceph auth list | grep "^mds"
+ ceph auth ls | grep "^mds"
}
# some of the commands are just not idempotent.
expect $ret ceph auth get-key client.admin $args
expect $ret ceph auth export $args
expect $ret ceph auth export client.admin $args
- expect $ret ceph auth list $args
+ expect $ret ceph auth ls $args
expect $ret ceph auth print-key client.admin $args
expect $ret ceph auth print_key client.admin $args
}
'auth':[
{
'pre':'',
- 'cmd':('auth list', '', 'r'),
+ 'cmd':('auth ls', '', 'r'),
'post':''
},
{
expect "ceph -k $tmp.bazar.keyring --user bazar mon_status" 13
ceph auth del client.bazar
-c="'allow command \"auth list\", allow command mon_status'"
+c="'allow command \"auth ls\", allow command mon_status'"
expect "ceph auth get-or-create client.foo mon $c > $tmp.foo.keyring" 0
expect "ceph -k $tmp.foo.keyring --user foo mon_status" 0
-expect "ceph -k $tmp.foo.keyring --user foo auth list" 0
+expect "ceph -k $tmp.foo.keyring --user foo auth ls" 0
expect "ceph -k $tmp.foo.keyring --user foo auth export" 13
expect "ceph -k $tmp.foo.keyring --user foo auth del client.bazar" 13
expect "ceph -k $tmp.foo.keyring --user foo osd dump" 13
c="'allow command service with prefix=list, allow command mon_status'"
expect "ceph auth get-or-create client.bar mon $c > $tmp.bar.keyring" 0
expect "ceph -k $tmp.bar.keyring --user bar mon_status" 0
-expect "ceph -k $tmp.bar.keyring --user bar auth list" 13
+expect "ceph -k $tmp.bar.keyring --user bar auth ls" 13
expect "ceph -k $tmp.bar.keyring --user bar auth export" 13
expect "ceph -k $tmp.bar.keyring --user bar auth del client.foo" 13
expect "ceph -k $tmp.bar.keyring --user bar osd dump" 13
rm $tmp.bazar.keyring $tmp.foo.keyring $tmp.bar.keyring
-echo OK
\ No newline at end of file
+echo OK
auth.key.encode_plaintext(rdata);
}
r = 0;
- } else if (prefix == "auth list") {
+ } else if (prefix == "auth list" ||
+ prefix == "auth ls") {
if (f) {
mon->key_server.encode_formatted("auth", f.get(), rdata);
} else {
"auth", "rx", "cli,rest")
COMMAND("auth print_key name=entity,type=CephString", "display requested key", \
"auth", "rx", "cli,rest")
-COMMAND("auth list", "list authentication state", "auth", "rx", "cli,rest")
+COMMAND_WITH_FLAG("auth list", "list authentication state", "auth", "rx", "cli,rest",
+ FLAG(DEPRECATED))
+COMMAND("auth ls", "list authentication state", "auth", "rx", "cli,rest")
COMMAND("auth import", "auth import: read keyring file from -i <file>", \
"auth", "rwx", "cli,rest")
COMMAND("auth add " \
projects / ceph.git / commitdiff