免费A级毛片无码专区网站-成人国产精品视频一区二区-啊 日出水了 用力乖乖在线-国产黑色丝袜在线观看下-天天操美女夜夜操美女-日韩网站在线观看中文字幕-AV高清hd片XXX国产-亚洲av中文字字幕乱码综合-搬开女人下面使劲插视频

  1. 首頁 > 生活 > >

分布式存儲系統(tǒng)之Ceph集群CephX認證和授權( 五 )

生活百科


管理keyring
創(chuàng)建keyring命令:ceph-authtool --create-keyring /path/to/kerying
[root@ceph-admin ~]# ceph-authtool --create-keyring ./client.abc.keyringcreating ./client.abc.keyring[root@ceph-admin ~]# cat ./client.abc.keyring[root@ceph-admin ~]#提示:創(chuàng)建keyring文件,里面沒有任何內(nèi)容,我們需要用ceph auth add 添加用戶,然后通過ceph auth get或export命令將對應用戶信息導入到對應keyring文件即可;這里說一下keyring文件的命名規(guī)則,keyring文件一般應該保存于/etc/ceph目錄中,以便客戶端能自動查找;創(chuàng)建包含多個用戶的keyring文件時,應該使用cluster-name.keyring作為文件名;創(chuàng)建僅包含單個用戶的kerying文件時,應該使用cluster-name.user-name.keyring作為文件名;這個是規(guī)范的keyring命名方式;
將用戶的keyring合并至一個統(tǒng)一的keyring文件中命令:ceph-authtool /etc/ceph/cluster-name.keyring --import-key /etc/ceph/cluster-name.user-name.keyring
[root@ceph-admin ~]# lltotal 16-rw-r--r-- 1 root root 1568 Sep 25 11:40 ceph-deploy-ceph.log-rw------- 1 root root0 Oct2 00:57 client.abc.keyring-rw-r--r-- 1 root root151 Oct2 00:14 client.admin.cluster.keyring-rw-r--r-- 1 root root151 Oct2 00:14 client.admin.keyring-rw-r--r-- 1 root root164 Oct2 00:43 client.test.keyring[root@ceph-admin ~]# cat client.test.keyring[client.test]key = AQB94C1jTO8jJhAAY4Zhy40wduyIONnRqxtkEA==caps mds = "allow *"caps mgr = "allow *"caps mon = "allow r"caps osd = "allow rw pool=rbdpool"[root@ceph-admin ~]# ceph-authtool ./client.test.keyring --import-keyring ./client.admin.keyringimporting contents of ./client.admin.keyring into ./client.test.keyring[root@ceph-admin ~]# cat client.test.keyring[client.admin]key = AQB94C1jTO8jJhAAY4Zhy40wduyIONnRqxtkEA==caps mds = "allow *"caps mgr = "allow *"caps mon = "allow *"caps osd = "allow *"[client.test]key = AQB94C1jTO8jJhAAY4Zhy40wduyIONnRqxtkEA==caps mds = "allow *"caps mgr = "allow *"caps mon = "allow r"caps osd = "allow rw pool=rbdpool"[root@ceph-admin ~]#使用ceph-authtool命令管理用戶
ceph-authtool命令可直接創(chuàng)建用戶、授予caps并創(chuàng)建keyring
命令使用幫助
[root@ceph-admin ~]# ceph-authtool -husage: ceph-authtool keyringfile [OPTIONS]...where the options are:-l, --listwill list all keys and capabilities present inthe keyring-p, --print-keywill print an encoded key for the specifiedentityname. This is suitable for the'mount -o secret=..' argument-C, --create-keyringwill create a new keyring, overwriting anyexisting keyringfile-g, --gen-keywill generate a new secret key for thespecified entityname--gen-print-keywill generate a new secret key without set itto the keyringfile, prints the secret to stdout--import-keyring FILEwill import the content of a given keyringinto the keyringfile-n NAME, --name NAMEspecify entityname to operate on-u AUID, --set-uid AUIDsets the auid (authenticated user id) for thespecified entityname-a BASE64, --add-key BASE64will add an encoded key to the keyring--cap SUBSYSTEM CAPABILITYwill set the capability for given subsystem--caps CAPSFILEwill set all of capabilities associated with agiven key, for all subsystems--mode MODEwill set the desired file mode to the keyringe.g: '0644', defaults to '0600'[root@ceph-admin ~]#提示:-l或--list表示列出所有用戶信息;-p表示打印對應用戶的key信息,-C表示keyring文件,-g表示給指定用戶生成key;-n用于指定用戶名稱;--cap 用于指定權限信息;--mode用于指定keyring文件的權限信息,默認是0600,即只有root或對應宿主擁有讀寫權限;
[root@ceph-admin ~]# ceph-authtool -C client.usera.keyring-n client.usera --gen-key --cap mon 'allow r' --cap osd 'allow rw pool=rbdpool'creating client.usera.keyring[root@ceph-admin ~]# lltotal 20-rw-r--r-- 1 root root 1568 Sep 25 11:40 ceph-deploy-ceph.log-rw------- 1 root root0 Oct2 00:57 client.abc.keyring-rw-r--r-- 1 root root151 Oct2 00:14 client.admin.cluster.keyring-rw-r--r-- 1 root root151 Oct2 00:14 client.admin.keyring-rw-r--r-- 1 root root315 Oct2 01:03 client.test.keyring-rw------- 1 root root121 Oct2 01:25 client.usera.keyring[root@ceph-admin ~]# ceph auth get client.useraError ENOENT: failed to find client.usera in keyring[root@ceph-admin ~]# cat client.usera.keyring[client.usera]key = AQAIeDhjTnmLGhAAWgL3GqtJsPwmOD6CPbJO8Q==caps mon = "allow r"caps osd = "allow rw pool=rbdpool"[root@ceph-admin ~]#

經(jīng)驗總結擴展閱讀