From 764ccf998b9944a05ca5241a34644b5e06cced9c Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Mon, 12 Sep 2022 12:25:38 -0400 Subject: [PATCH] doc/mgr/nfs: document --sectype option for export create commands Add documentation for the option to specify the sectype (for enabling kerberos) when creating a new export. Signed-off-by: John Mulligan --- doc/mgr/nfs.rst | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/doc/mgr/nfs.rst b/doc/mgr/nfs.rst index a30bd2db1334..efc46c4f0327 100644 --- a/doc/mgr/nfs.rst +++ b/doc/mgr/nfs.rst @@ -262,7 +262,7 @@ Create CephFS Export .. code:: bash - $ ceph nfs export create cephfs --cluster-id --pseudo-path --fsname [--readonly] [--path=/path/in/cephfs] [--client_addr ...] [--squash ] + $ ceph nfs export create cephfs --cluster-id --pseudo-path --fsname [--readonly] [--path=/path/in/cephfs] [--client_addr ...] [--squash ] [--sectype ...] This creates export RADOS objects containing the export block, where @@ -289,6 +289,18 @@ for permissible values. value is `no_root_squash`. See the `NFS-Ganesha Export Sample`_ for permissible values. +```` specifies which authentication methods will be used when +connecting to the export. Valid values include "krb5p", "krb5i", "krb5", "sys", +and "none". More than one value can be supplied. The flag may be specified +multiple times (example: ``--sectype=krb5p --sectype=krb5i``) or multiple +values may be separated by a comma (example: ``--sectype krb5p,krb5i``). The +server will negotatiate a supported security type with the client preferring +the supplied methods left-to-right. + +.. note:: Specifying values for sectype that require Kerberos will only function on servers + that are configured to support Kerberos. Setting up NFS-Ganesha to support Kerberos + is outside the scope of this document. + .. note:: Export creation is supported only for NFS Ganesha clusters deployed using nfs interface. Create RGW Export @@ -308,7 +320,7 @@ To export a *bucket*: .. code:: - $ ceph nfs export create rgw --cluster-id --pseudo-path --bucket [--user-id ] [--readonly] [--client_addr ...] [--squash ] + $ ceph nfs export create rgw --cluster-id --pseudo-path --bucket [--user-id ] [--readonly] [--client_addr ...] [--squash ] [--sectype ...] For example, to export *mybucket* via NFS cluster *mynfs* at the pseudo-path */bucketdata* to any host in the ``192.168.10.0/24`` network @@ -339,6 +351,18 @@ for permissible values. value is `no_root_squash`. See the `NFS-Ganesha Export Sample`_ for permissible values. +```` specifies which authentication methods will be used when +connecting to the export. Valid values include "krb5p", "krb5i", "krb5", "sys", +and "none". More than one value can be supplied. The flag may be specified +multiple times (example: ``--sectype=krb5p --sectype=krb5i``) or multiple +values may be separated by a comma (example: ``--sectype krb5p,krb5i``). The +server will negotatiate a supported security type with the client preferring +the supplied methods left-to-right. + +.. note:: Specifying values for sectype that require Kerberos will only function on servers + that are configured to support Kerberos. Setting up NFS-Ganesha to support Kerberos + is outside the scope of this document. + RGW user export ^^^^^^^^^^^^^^^ -- 2.47.3