From c081a52a4ff2a2d759b426967359b441268a2e06 Mon Sep 17 00:00:00 2001 From: Jason Dillaman Date: Mon, 14 Oct 2019 12:45:56 -0400 Subject: [PATCH] doc/rbd: add new 'profile rbd' mgr caps to examples Fixes: https://tracker.ceph.com/issues/42265 Signed-off-by: Jason Dillaman (cherry picked from commit 5137cd80db7c9b699378ce22a91fbe25aba321f1) Conflicts: doc/rbd/rbd-kubernetes.rst: doc does not exist --- doc/rbd/rados-rbd-cmds.rst | 4 ++-- doc/rbd/rbd-openstack.rst | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/rbd/rados-rbd-cmds.rst b/doc/rbd/rados-rbd-cmds.rst index d0e466f239a94..3b0ef3455f734 100644 --- a/doc/rbd/rados-rbd-cmds.rst +++ b/doc/rbd/rados-rbd-cmds.rst @@ -35,13 +35,13 @@ recommended that you utilize a more restricted user wherever possible. To `create a Ceph user`_, with ``ceph`` specify the ``auth get-or-create`` command, user name, monitor caps, and OSD caps:: - ceph auth get-or-create client.{ID} mon 'profile rbd' osd 'profile {profile name} [pool={pool-name}][, profile ...]' + ceph auth get-or-create client.{ID} mon 'profile rbd' osd 'profile {profile name} [pool={pool-name}][, profile ...]' mgr 'profile rbd [pool={pool-name}]' For example, to create a user ID named ``qemu`` with read-write access to the pool ``vms`` and read-only access to the pool ``images``, execute the following:: - ceph auth get-or-create client.qemu mon 'profile rbd' osd 'profile rbd pool=vms, profile rbd-read-only pool=images' + ceph auth get-or-create client.qemu mon 'profile rbd' osd 'profile rbd pool=vms, profile rbd-read-only pool=images' mgr 'profile rbd pool=images' The output from the ``ceph auth get-or-create`` command will be the keyring for the specified user, which can be written to ``/etc/ceph/ceph.client.{ID}.keyring``. diff --git a/doc/rbd/rbd-openstack.rst b/doc/rbd/rbd-openstack.rst index ddb688561bf1a..25632e6877040 100644 --- a/doc/rbd/rbd-openstack.rst +++ b/doc/rbd/rbd-openstack.rst @@ -132,9 +132,9 @@ Setup Ceph Client Authentication If you have `cephx authentication`_ enabled, create a new user for Nova/Cinder and Glance. Execute the following:: - ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=images' - ceph auth get-or-create client.cinder mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd pool=vms, profile rbd-read-only pool=images' - ceph auth get-or-create client.cinder-backup mon 'profile rbd' osd 'profile rbd pool=backups' + ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=images' mgr 'profile rbd pool=images' + ceph auth get-or-create client.cinder mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd pool=vms, profile rbd-read-only pool=images' mgr 'profile rbd pool=volumes, profile rbd pool=vms' + ceph auth get-or-create client.cinder-backup mon 'profile rbd' osd 'profile rbd pool=backups' mgr 'profile rbd pool=backups' Add the keyrings for ``client.cinder``, ``client.glance``, and ``client.cinder-backup`` to the appropriate nodes and change their ownership:: -- 2.39.5