+++ /dev/null
- $ ceph-authtool kring --create-keyring
- creating kring
-
- $ ceph-authtool kring --add-key 'FAKEBASE64 foo'
- can't decode key 'FAKEBASE64 foo'
- [1]
+++ /dev/null
- $ ceph-authtool kring --create-keyring
- creating kring
-
- $ ceph-authtool kring --add-key 'AQAK7yxNeF+nHBAA0SgSdbs8IkJrxroDeJ6SwQ== 18446744073709551615'
- added entity client.admin auth auth(auid = 18446744073709551615 key=AQAK7yxNeF+nHBAA0SgSdbs8IkJrxroDeJ6SwQ== with 0 caps)
-
-# cram makes matching escape-containing lines with regexps a bit ugly
- $ ceph-authtool kring --list
- [client.admin]
- \tkey = AQAK7yxNeF+nHBAA0SgSdbs8IkJrxroDeJ6SwQ== (esc)
-
- $ cat kring
- [client.admin]
- \tkey = AQAK7yxNeF+nHBAA0SgSdbs8IkJrxroDeJ6SwQ== (esc)
+++ /dev/null
- $ ceph-authtool kring --create-keyring --gen-key --bin
- creating kring
-
- $ ceph-authtool --cap osd 'allow rx pool=swimming' --bin kring
- $ ceph-authtool kring --list|grep -P '^\tcaps '
- \tcaps osd = "allow rx pool=swimming" (esc)
+++ /dev/null
- $ ceph-authtool kring --create-keyring --gen-key
- creating kring
-
-# TODO is this nice?
- $ ceph-authtool --cap osd 'broken' kring
- $ ceph-authtool kring --list|grep -P '^\tcaps '
- \tcaps osd = "broken" (esc)
-
-# TODO is this nice?
- $ ceph-authtool --cap xyzzy 'broken' kring
- $ ceph-authtool kring --list|grep -P '^\tcaps '
- \tcaps xyzzy = "broken" (esc)
+++ /dev/null
- $ ceph-authtool kring --create-keyring --gen-key
- creating kring
-
- $ ceph-authtool --cap osd 'allow rx pool=swimming' kring
- $ ceph-authtool kring --list|grep -P '^\tcaps '
- \tcaps osd = "allow rx pool=swimming" (esc)
-
-# TODO it seems --cap overwrites all previous caps; is this wanted?
- $ ceph-authtool --cap mds 'allow' kring
- $ ceph-authtool kring --list|grep -P '^\tcaps '
- \tcaps mds = "allow" (esc)
+++ /dev/null
- $ ceph-authtool kring --create-keyring --gen-key
- creating kring
-
- $ ceph-authtool --cap osd 'allow rx pool=swimming' kring
- $ ceph-authtool kring --list|grep -P '^\tcaps '
- \tcaps osd = "allow rx pool=swimming" (esc)
-
- $ cat kring
- [client.admin]
- \\tkey = [a-zA-Z0-9+/]+=* \(esc\) (re)
- \tcaps osd = "allow rx pool=swimming" (esc)
+++ /dev/null
- $ ceph-authtool kring --create-keyring --bin
- creating kring
-
- $ ceph-authtool kring --list --bin
-
-# --list actually does not use --bin, but autodetects; run it both
-# ways just to trigger that
- $ ceph-authtool kring --list
-
- $ ceph-authtool kring --gen-key --bin
-
-# cram makes matching escape-containing lines with regexps a bit ugly
- $ ceph-authtool kring --list
- [client.admin]
- \\tkey = [a-zA-Z0-9+/]+=* \(esc\) (re)
-
-# synonym
- $ ceph-authtool kring -l
- [client.admin]
- \\tkey = [a-zA-Z0-9+/]+=* \(esc\) (re)
-
+++ /dev/null
- $ ceph-authtool kring --create-keyring
- creating kring
-
- $ ceph-authtool kring --list
-
- $ ceph-authtool kring --gen-key
-
-# cram makes matching escape-containing lines with regexps a bit ugly
- $ ceph-authtool kring --list
- [client.admin]
- \\tkey = [a-zA-Z0-9+/]+=* \(esc\) (re)
-
-# synonym
- $ ceph-authtool kring -l
- [client.admin]
- \\tkey = [a-zA-Z0-9+/]+=* \(esc\) (re)
-
- $ cat kring
- [client.admin]
- \\tkey = [a-zA-Z0-9+/]+=* \(esc\) (re)
+++ /dev/null
-# TODO synchronize with man page
- $ ceph-authtool --help
- no command specified
- usage: ceph-authtool keyringfile [OPTIONS]...
- where the options are:
- -l, --list will list all keys and capabilities present in
- the keyring
- -p, --print will print an encoded key for the specified
- entityname. This is suitable for the
- 'mount -o secret=..' argument
- -C, --create-keyring will create a new keyring, overwriting any
- existing keyringfile
- --gen-key will generate a new secret key for the
- specified entityname
- --add-key will add an encoded key to the keyring
- --cap subsystem capability will set the capability for given subsystem
- --caps capsfile will set all of capabilities associated with a
- given key, for all subsystems
- -b, --bin will create a binary formatted keyring
- [1]
+++ /dev/null
- $ touch empty
-
- $ ceph-authtool --list --bin empty
-
- $ ceph-authtool -l --bin empty
+++ /dev/null
- $ touch empty
-
- $ ceph-authtool --list empty
-
- $ ceph-authtool -l empty
+++ /dev/null
- $ ceph-authtool --list --bin nonexistent
- can't open nonexistent: can't open nonexistent: (2) No such file or directory
- [1]
-
- $ ceph-authtool -l --bin nonexistent
- can't open nonexistent: can't open nonexistent: (2) No such file or directory
- [1]
+++ /dev/null
- $ ceph-authtool --list nonexistent
- can't open nonexistent: can't open nonexistent: (2) No such file or directory
- [1]
-
- $ ceph-authtool -l nonexistent
- can't open nonexistent: can't open nonexistent: (2) No such file or directory
- [1]
+++ /dev/null
- $ ceph-authtool
- ceph-authtool: must specify filename
- usage: ceph-authtool keyringfile [OPTIONS]...
- where the options are:
- -l, --list will list all keys and capabilities present in
- the keyring
- -p, --print will print an encoded key for the specified
- entityname. This is suitable for the
- 'mount -o secret=..' argument
- -C, --create-keyring will create a new keyring, overwriting any
- existing keyringfile
- --gen-key will generate a new secret key for the
- specified entityname
- --add-key will add an encoded key to the keyring
- --cap subsystem capability will set the capability for given subsystem
- --caps capsfile will set all of capabilities associated with a
- given key, for all subsystems
- -b, --bin will create a binary formatted keyring
- [1]
-
-# demonstrate that manpage examples fail without config
-# TODO fix the manpage
- $ ceph-authtool --create-keyring --name client.foo --gen-key keyring
- creating keyring
-
-# work around the above
- $ touch ceph.conf
-
-To create a new keyring containing a key for client.foo:
-
- $ ceph-authtool --create-keyring --id foo --gen-key keyring.bin
- creating keyring.bin
-
- $ ceph-authtool --create-keyring --name client.foo --gen-key keyring.bin
- creating keyring.bin
-
-To associate some capabilities with the key (namely, the ability to mount a Ceph filesystem):
-
- $ ceph-authtool -n client.foo --cap mds 'allow' --cap osd 'allow rw pool=data' --cap mon 'allow r' keyring.bin
-
-To display the contents of the keyring:
-
- $ ceph-authtool -l keyring.bin
- [client.foo]
- \\tkey = [a-zA-Z0-9+/]+=* \(esc\) (re)
- \tcaps mds = "allow" (esc)
- \tcaps mon = "allow r" (esc)
- \tcaps osd = "allow rw pool=data" (esc)
+++ /dev/null
- $ ceph-authtool
- ceph-authtool: must specify filename
- usage: ceph-authtool keyringfile [OPTIONS]...
- where the options are:
- -l, --list will list all keys and capabilities present in
- the keyring
- -p, --print will print an encoded key for the specified
- entityname. This is suitable for the
- 'mount -o secret=..' argument
- -C, --create-keyring will create a new keyring, overwriting any
- existing keyringfile
- --gen-key will generate a new secret key for the
- specified entityname
- --add-key will add an encoded key to the keyring
- --cap subsystem capability will set the capability for given subsystem
- --caps capsfile will set all of capabilities associated with a
- given key, for all subsystems
- -b, --bin will create a binary formatted keyring
- [1]
--- /dev/null
+ $ ceph-authtool kring --create-keyring
+ creating kring
+
+ $ ceph-authtool kring --add-key 'FAKEBASE64 foo'
+ can't decode key 'FAKEBASE64 foo'
+ [1]
--- /dev/null
+ $ ceph-authtool kring --create-keyring
+ creating kring
+
+ $ ceph-authtool kring --add-key 'AQAK7yxNeF+nHBAA0SgSdbs8IkJrxroDeJ6SwQ== 18446744073709551615'
+ added entity client.admin auth auth(auid = 18446744073709551615 key=AQAK7yxNeF+nHBAA0SgSdbs8IkJrxroDeJ6SwQ== with 0 caps)
+
+# cram makes matching escape-containing lines with regexps a bit ugly
+ $ ceph-authtool kring --list
+ [client.admin]
+ \tkey = AQAK7yxNeF+nHBAA0SgSdbs8IkJrxroDeJ6SwQ== (esc)
+
+ $ cat kring
+ [client.admin]
+ \tkey = AQAK7yxNeF+nHBAA0SgSdbs8IkJrxroDeJ6SwQ== (esc)
--- /dev/null
+ $ ceph-authtool kring --create-keyring --gen-key --bin
+ creating kring
+
+ $ ceph-authtool --cap osd 'allow rx pool=swimming' --bin kring
+ $ ceph-authtool kring --list|grep -P '^\tcaps '
+ \tcaps osd = "allow rx pool=swimming" (esc)
--- /dev/null
+ $ ceph-authtool kring --create-keyring --gen-key
+ creating kring
+
+# TODO is this nice?
+ $ ceph-authtool --cap osd 'broken' kring
+ $ ceph-authtool kring --list|grep -P '^\tcaps '
+ \tcaps osd = "broken" (esc)
+
+# TODO is this nice?
+ $ ceph-authtool --cap xyzzy 'broken' kring
+ $ ceph-authtool kring --list|grep -P '^\tcaps '
+ \tcaps xyzzy = "broken" (esc)
--- /dev/null
+ $ ceph-authtool kring --create-keyring --gen-key
+ creating kring
+
+ $ ceph-authtool --cap osd 'allow rx pool=swimming' kring
+ $ ceph-authtool kring --list|grep -P '^\tcaps '
+ \tcaps osd = "allow rx pool=swimming" (esc)
+
+# TODO it seems --cap overwrites all previous caps; is this wanted?
+ $ ceph-authtool --cap mds 'allow' kring
+ $ ceph-authtool kring --list|grep -P '^\tcaps '
+ \tcaps mds = "allow" (esc)
--- /dev/null
+ $ ceph-authtool kring --create-keyring --gen-key
+ creating kring
+
+ $ ceph-authtool --cap osd 'allow rx pool=swimming' kring
+ $ ceph-authtool kring --list|grep -P '^\tcaps '
+ \tcaps osd = "allow rx pool=swimming" (esc)
+
+ $ cat kring
+ [client.admin]
+ \\tkey = [a-zA-Z0-9+/]+=* \(esc\) (re)
+ \tcaps osd = "allow rx pool=swimming" (esc)
--- /dev/null
+ $ ceph-authtool kring --create-keyring --bin
+ creating kring
+
+ $ ceph-authtool kring --list --bin
+
+# --list actually does not use --bin, but autodetects; run it both
+# ways just to trigger that
+ $ ceph-authtool kring --list
+
+ $ ceph-authtool kring --gen-key --bin
+
+# cram makes matching escape-containing lines with regexps a bit ugly
+ $ ceph-authtool kring --list
+ [client.admin]
+ \\tkey = [a-zA-Z0-9+/]+=* \(esc\) (re)
+
+# synonym
+ $ ceph-authtool kring -l
+ [client.admin]
+ \\tkey = [a-zA-Z0-9+/]+=* \(esc\) (re)
+
--- /dev/null
+ $ ceph-authtool kring --create-keyring
+ creating kring
+
+ $ ceph-authtool kring --list
+
+ $ ceph-authtool kring --gen-key
+
+# cram makes matching escape-containing lines with regexps a bit ugly
+ $ ceph-authtool kring --list
+ [client.admin]
+ \\tkey = [a-zA-Z0-9+/]+=* \(esc\) (re)
+
+# synonym
+ $ ceph-authtool kring -l
+ [client.admin]
+ \\tkey = [a-zA-Z0-9+/]+=* \(esc\) (re)
+
+ $ cat kring
+ [client.admin]
+ \\tkey = [a-zA-Z0-9+/]+=* \(esc\) (re)
--- /dev/null
+# TODO synchronize with man page
+ $ ceph-authtool --help
+ no command specified
+ usage: ceph-authtool keyringfile [OPTIONS]...
+ where the options are:
+ -l, --list will list all keys and capabilities present in
+ the keyring
+ -p, --print will print an encoded key for the specified
+ entityname. This is suitable for the
+ 'mount -o secret=..' argument
+ -C, --create-keyring will create a new keyring, overwriting any
+ existing keyringfile
+ --gen-key will generate a new secret key for the
+ specified entityname
+ --add-key will add an encoded key to the keyring
+ --cap subsystem capability will set the capability for given subsystem
+ --caps capsfile will set all of capabilities associated with a
+ given key, for all subsystems
+ -b, --bin will create a binary formatted keyring
+ [1]
--- /dev/null
+ $ touch empty
+
+ $ ceph-authtool --list --bin empty
+
+ $ ceph-authtool -l --bin empty
--- /dev/null
+ $ touch empty
+
+ $ ceph-authtool --list empty
+
+ $ ceph-authtool -l empty
--- /dev/null
+ $ ceph-authtool --list --bin nonexistent
+ can't open nonexistent: can't open nonexistent: (2) No such file or directory
+ [1]
+
+ $ ceph-authtool -l --bin nonexistent
+ can't open nonexistent: can't open nonexistent: (2) No such file or directory
+ [1]
--- /dev/null
+ $ ceph-authtool --list nonexistent
+ can't open nonexistent: can't open nonexistent: (2) No such file or directory
+ [1]
+
+ $ ceph-authtool -l nonexistent
+ can't open nonexistent: can't open nonexistent: (2) No such file or directory
+ [1]
--- /dev/null
+ $ ceph-authtool
+ ceph-authtool: must specify filename
+ usage: ceph-authtool keyringfile [OPTIONS]...
+ where the options are:
+ -l, --list will list all keys and capabilities present in
+ the keyring
+ -p, --print will print an encoded key for the specified
+ entityname. This is suitable for the
+ 'mount -o secret=..' argument
+ -C, --create-keyring will create a new keyring, overwriting any
+ existing keyringfile
+ --gen-key will generate a new secret key for the
+ specified entityname
+ --add-key will add an encoded key to the keyring
+ --cap subsystem capability will set the capability for given subsystem
+ --caps capsfile will set all of capabilities associated with a
+ given key, for all subsystems
+ -b, --bin will create a binary formatted keyring
+ [1]
+
+# demonstrate that manpage examples fail without config
+# TODO fix the manpage
+ $ ceph-authtool --create-keyring --name client.foo --gen-key keyring
+ creating keyring
+
+# work around the above
+ $ touch ceph.conf
+
+To create a new keyring containing a key for client.foo:
+
+ $ ceph-authtool --create-keyring --id foo --gen-key keyring.bin
+ creating keyring.bin
+
+ $ ceph-authtool --create-keyring --name client.foo --gen-key keyring.bin
+ creating keyring.bin
+
+To associate some capabilities with the key (namely, the ability to mount a Ceph filesystem):
+
+ $ ceph-authtool -n client.foo --cap mds 'allow' --cap osd 'allow rw pool=data' --cap mon 'allow r' keyring.bin
+
+To display the contents of the keyring:
+
+ $ ceph-authtool -l keyring.bin
+ [client.foo]
+ \\tkey = [a-zA-Z0-9+/]+=* \(esc\) (re)
+ \tcaps mds = "allow" (esc)
+ \tcaps mon = "allow r" (esc)
+ \tcaps osd = "allow rw pool=data" (esc)
--- /dev/null
+ $ ceph-authtool
+ ceph-authtool: must specify filename
+ usage: ceph-authtool keyringfile [OPTIONS]...
+ where the options are:
+ -l, --list will list all keys and capabilities present in
+ the keyring
+ -p, --print will print an encoded key for the specified
+ entityname. This is suitable for the
+ 'mount -o secret=..' argument
+ -C, --create-keyring will create a new keyring, overwriting any
+ existing keyringfile
+ --gen-key will generate a new secret key for the
+ specified entityname
+ --add-key will add an encoded key to the keyring
+ --cap subsystem capability will set the capability for given subsystem
+ --caps capsfile will set all of capabilities associated with a
+ given key, for all subsystems
+ -b, --bin will create a binary formatted keyring
+ [1]
projects / ceph.git / commitdiff