From: Jeff Layton Date: Mon, 19 Aug 2019 11:10:30 +0000 (-0400) Subject: doc: document that the kcephfs mount helper will search keyring files for secrets X-Git-Tag: v15.1.0~1529^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F29817%2Fhead;p=ceph.git doc: document that the kcephfs mount helper will search keyring files for secrets Signed-off-by: Jeff Layton --- diff --git a/doc/cephfs/fstab.rst b/doc/cephfs/fstab.rst index a5bb14d0623e..6274d0a96957 100644 --- a/doc/cephfs/fstab.rst +++ b/doc/cephfs/fstab.rst @@ -15,10 +15,11 @@ following to ``/etc/fstab``:: For example:: - 10.10.10.10:6789:/ /mnt/ceph ceph name=admin,secretfile=/etc/ceph/secret.key,noatime,_netdev 0 2 + 10.10.10.10:6789:/ /mnt/ceph ceph name=admin,noatime,_netdev 0 2 -.. important:: The ``name`` and ``secret`` or ``secretfile`` options are - mandatory when you have Ceph authentication running. +The default for the ``name=`` parameter is ``guest``. If the ``secret`` or +``secretfile`` options are not specified then the mount helper will attempt to +find a secret for the given ``name`` in one of the configured keyrings. See `User Management`_ for details. diff --git a/doc/cephfs/kernel.rst b/doc/cephfs/kernel.rst index b81d6a30a9ec..16702cbcab28 100644 --- a/doc/cephfs/kernel.rst +++ b/doc/cephfs/kernel.rst @@ -9,8 +9,12 @@ monitor host name(s) into IP address(es) for you. For example:: sudo mkdir /mnt/mycephfs sudo mount -t ceph 192.168.0.1:6789:/ /mnt/mycephfs -To mount the Ceph file system with ``cephx`` authentication enabled, you must -specify a user name and a secret. :: +To mount the Ceph file system with ``cephx`` authentication enabled, the kernel +must authenticate with the cluster. The default ``name=`` option is ``guest``. +The mount.ceph helper will automatically attempt to find a secret key in the +keyring. + +The secret can also be specified manually with the ``secret=`` option. :: sudo mount -t ceph 192.168.0.1:6789:/ /mnt/mycephfs -o name=admin,secret=AQATSKdNGBnwLhAAnNDKnH65FmVKpXZJVasUeQ== @@ -18,11 +22,12 @@ The foregoing usage leaves the secret in the Bash history. A more secure approach reads the secret from a file. For example:: sudo mount -t ceph 192.168.0.1:6789:/ /mnt/mycephfs -o name=admin,secretfile=/etc/ceph/admin.secret - + +See `User Management`_ for details on cephx. + If you have more than one file system, specify which one to mount using + the ``mds_namespace`` option, e.g. ``-o mds_namespace=myfs``. - -See `User Management`_ for details on cephx. To unmount the Ceph file system, you may use the ``umount`` command. For example::