From 551b271af47debe4e4cce81149bd4a59fb928937 Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Mon, 19 Aug 2019 07:10:30 -0400 Subject: [PATCH] doc: document that the kcephfs mount helper will search keyring files for secrets Signed-off-by: Jeff Layton --- doc/cephfs/fstab.rst | 7 ++++--- doc/cephfs/kernel.rst | 15 ++++++++++----- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/doc/cephfs/fstab.rst b/doc/cephfs/fstab.rst index a5bb14d0623..6274d0a9695 100644 --- a/doc/cephfs/fstab.rst +++ b/doc/cephfs/fstab.rst @@ -15,10 +15,11 @@ following to ``/etc/fstab``:: For example:: - 10.10.10.10:6789:/ /mnt/ceph ceph name=admin,secretfile=/etc/ceph/secret.key,noatime,_netdev 0 2 + 10.10.10.10:6789:/ /mnt/ceph ceph name=admin,noatime,_netdev 0 2 -.. important:: The ``name`` and ``secret`` or ``secretfile`` options are - mandatory when you have Ceph authentication running. +The default for the ``name=`` parameter is ``guest``. If the ``secret`` or +``secretfile`` options are not specified then the mount helper will attempt to +find a secret for the given ``name`` in one of the configured keyrings. See `User Management`_ for details. diff --git a/doc/cephfs/kernel.rst b/doc/cephfs/kernel.rst index b81d6a30a9e..16702cbcab2 100644 --- a/doc/cephfs/kernel.rst +++ b/doc/cephfs/kernel.rst @@ -9,8 +9,12 @@ monitor host name(s) into IP address(es) for you. For example:: sudo mkdir /mnt/mycephfs sudo mount -t ceph 192.168.0.1:6789:/ /mnt/mycephfs -To mount the Ceph file system with ``cephx`` authentication enabled, you must -specify a user name and a secret. :: +To mount the Ceph file system with ``cephx`` authentication enabled, the kernel +must authenticate with the cluster. The default ``name=`` option is ``guest``. +The mount.ceph helper will automatically attempt to find a secret key in the +keyring. + +The secret can also be specified manually with the ``secret=`` option. :: sudo mount -t ceph 192.168.0.1:6789:/ /mnt/mycephfs -o name=admin,secret=AQATSKdNGBnwLhAAnNDKnH65FmVKpXZJVasUeQ== @@ -18,11 +22,12 @@ The foregoing usage leaves the secret in the Bash history. A more secure approach reads the secret from a file. For example:: sudo mount -t ceph 192.168.0.1:6789:/ /mnt/mycephfs -o name=admin,secretfile=/etc/ceph/admin.secret - + +See `User Management`_ for details on cephx. + If you have more than one file system, specify which one to mount using + the ``mds_namespace`` option, e.g. ``-o mds_namespace=myfs``. - -See `User Management`_ for details on cephx. To unmount the Ceph file system, you may use the ``umount`` command. For example:: -- 2.39.5