From a9e4c3acb328b821f5c8c0995ebc5706c5176469 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Mon, 12 Sep 2022 12:25:38 -0400 Subject: [PATCH] doc/mgr/nfs: document --sectype option for export create commands Add documentation for the option to specify the sectype (for enabling kerberos) when creating a new export. Signed-off-by: John Mulligan (cherry picked from commit 764ccf998b9944a05ca5241a34644b5e06cced9c) --- doc/mgr/nfs.rst | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/doc/mgr/nfs.rst b/doc/mgr/nfs.rst index 777e2ee8173b2..a79d994ddb381 100644 --- a/doc/mgr/nfs.rst +++ b/doc/mgr/nfs.rst @@ -239,7 +239,7 @@ Create CephFS Export .. code:: bash - $ ceph nfs export create cephfs --cluster-id --pseudo-path --fsname [--readonly] [--path=/path/in/cephfs] [--client_addr ...] [--squash ] + $ ceph nfs export create cephfs --cluster-id --pseudo-path --fsname [--readonly] [--path=/path/in/cephfs] [--client_addr ...] [--squash ] [--sectype ...] This creates export RADOS objects containing the export block, where @@ -266,6 +266,18 @@ for permissible values. value is `no_root_squash`. See the `NFS-Ganesha Export Sample`_ for permissible values. +```` specifies which authentication methods will be used when +connecting to the export. Valid values include "krb5p", "krb5i", "krb5", "sys", +and "none". More than one value can be supplied. The flag may be specified +multiple times (example: ``--sectype=krb5p --sectype=krb5i``) or multiple +values may be separated by a comma (example: ``--sectype krb5p,krb5i``). The +server will negotatiate a supported security type with the client preferring +the supplied methods left-to-right. + +.. note:: Specifying values for sectype that require Kerberos will only function on servers + that are configured to support Kerberos. Setting up NFS-Ganesha to support Kerberos + is outside the scope of this document. + .. note:: Export creation is supported only for NFS Ganesha clusters deployed using nfs interface. Create RGW Export @@ -285,7 +297,7 @@ To export a *bucket*: .. code:: - $ ceph nfs export create rgw --cluster-id --pseudo-path --bucket [--user-id ] [--readonly] [--client_addr ...] [--squash ] + $ ceph nfs export create rgw --cluster-id --pseudo-path --bucket [--user-id ] [--readonly] [--client_addr ...] [--squash ] [--sectype ...] For example, to export *mybucket* via NFS cluster *mynfs* at the pseudo-path */bucketdata* to any host in the ``192.168.10.0/24`` network @@ -316,6 +328,18 @@ for permissible values. value is `no_root_squash`. See the `NFS-Ganesha Export Sample`_ for permissible values. +```` specifies which authentication methods will be used when +connecting to the export. Valid values include "krb5p", "krb5i", "krb5", "sys", +and "none". More than one value can be supplied. The flag may be specified +multiple times (example: ``--sectype=krb5p --sectype=krb5i``) or multiple +values may be separated by a comma (example: ``--sectype krb5p,krb5i``). The +server will negotatiate a supported security type with the client preferring +the supplied methods left-to-right. + +.. note:: Specifying values for sectype that require Kerberos will only function on servers + that are configured to support Kerberos. Setting up NFS-Ganesha to support Kerberos + is outside the scope of this document. + RGW user export ^^^^^^^^^^^^^^^ -- 2.39.5