经验总结

  1. 首页 > 生活 > >

分布式存储系统之Ceph集群CephX认证和授权( 三 )

生活百科

提示:该命令是列出集群上所有用户信息,即非人为用户和普通用户;也可以是ceph auth ls命令来列出所有用户信息;
检索特定用户命令格式:ceph auth get TYPE.ID或者ceph auth export TYPE.ID
[root@ceph-admin ~]# ceph auth get client.adminexported keyring for client.admin[client.admin]key = AQB94C1jTO8jJhAAY4Zhy40wduyIONnRqxtkEA==caps mds = "allow *"caps mgr = "allow *"caps mon = "allow *"caps osd = "allow *"[root@ceph-admin ~]# ceph auth export client.adminexport auth(auid = 18446744073709551615 key=AQB94C1jTO8jJhAAY4Zhy40wduyIONnRqxtkEA== with 4 caps)[client.admin]key = AQB94C1jTO8jJhAAY4Zhy40wduyIONnRqxtkEA==caps mds = "allow *"caps mgr = "allow *"caps mon = "allow *"caps osd = "allow *"[root@ceph-admin ~]#提示:如果我们需要将上述信息导出到文件,可以使用-o来指定文件,或者输出重定向到方式;
[root@ceph-admin ~]# ceph auth get client.admin -o client.admin.keyringexported keyring for client.admin[root@ceph-admin ~]# lsceph-deploy-ceph.logclient.admin.keyring[root@ceph-admin ~]# cat client.admin.keyring[client.admin]key = AQB94C1jTO8jJhAAY4Zhy40wduyIONnRqxtkEA==caps mds = "allow *"caps mgr = "allow *"caps mon = "allow *"caps osd = "allow *"[root@ceph-admin ~]# ceph auth export client.admin > client.admin.cluster.keyringexport auth(auid = 18446744073709551615 key=AQB94C1jTO8jJhAAY4Zhy40wduyIONnRqxtkEA== with 4 caps)[root@ceph-admin ~]# lsceph-deploy-ceph.logclient.admin.cluster.keyringclient.admin.keyring[root@ceph-admin ~]# cat client.admin.cluster.keyring[client.admin]key = AQB94C1jTO8jJhAAY4Zhy40wduyIONnRqxtkEA==caps mds = "allow *"caps mgr = "allow *"caps mon = "allow *"caps osd = "allow *"[root@ceph-admin ~]#【分布式存储系统之Ceph集群CephX认证和授权】添加用户命令格式:auth add <entity> {<caps> [<caps>...]}
[root@ceph-admin ~]# ceph auth add client.testuser mon 'allow r' osd 'allow rw'added key for client.testuser[root@ceph-admin ~]# ceph auth get client.testuserexported keyring for client.testuser[client.testuser]key = AQAoaThjCJLsBhAA8gwl/UQkjjSF+DwB6oB/wg==caps mon = "allow r"caps osd = "allow rw"[root@ceph-admin ~]#提示:ceph add 是添加用户的规范方法,它能够创建用户、生成密钥并添加指定的caps;这里需要注意我指定的用户是有type.id组成,一般普通用户都是client类型,后面的ID就是用户名称;
ceph auth get-or-create:简便方法,创建用户并返回密钥文件格式的密钥信息,或者在用户存在时返回用户名及密钥文件格式的密钥信息;
[root@ceph-admin ~]# ceph auth get-or-create client.testuser mon 'allow *' osd 'allow rw pool=rbdpool'Error EINVAL: key for client.testuser exists but cap mon does not match[root@ceph-admin ~]# ceph auth get-or-create client.testuser mon 'allow r' osd 'allow rw'[client.testuser]key = AQAoaThjCJLsBhAA8gwl/UQkjjSF+DwB6oB/wg==[root@ceph-admin ~]# ceph auth get-or-create client.tom mon 'allow *' osd 'allow rw pool=rbdpool'[client.tom]key = AQBcajhj8INfChAAKKFCESxmbHFJqAwiRE4ufg==[root@ceph-admin ~]#ceph auth get client.tomexported keyring for client.tom[client.tom]key = AQBcajhj8INfChAAKKFCESxmbHFJqAwiRE4ufg==caps mon = "allow *"caps osd = "allow rw pool=rbdpool"[root@ceph-admin ~]#提示:使用ceph auth get-or-create命令添加用户,如果用户存在,但授权不匹配,它会提示我们用户存在,但是权限不匹配;如果用户存在,权限信息也都匹配,则返回对应用户的key;如果用户不存在,则创建对应用并返回用户的key;
ceph auth get-or-create-key:简便方法,创建用户并返回密钥信息,或者在用户存在时返回密钥信息;
[root@ceph-admin ~]# ceph auth get-or-create-key client.testuser mon 'allow r' osd 'allow *'Error EINVAL: key for client.testuser exists but cap osd does not match[root@ceph-admin ~]# ceph auth get-or-create-key client.testuser mon 'allow r' osd 'allow rw'AQAoaThjCJLsBhAA8gwl/UQkjjSF+DwB6oB/wg==[root@ceph-admin ~]# ceph auth get-or-create-key client.jerry mon 'allow r' osd 'allow rw'AQDDazhjLbMTIhAADsXyBkPS079vU7dqGs2E+A==[root@ceph-admin ~]# ceph auth get client.jerryexported keyring for client.jerry[client.jerry]key = AQDDazhjLbMTIhAADsXyBkPS079vU7dqGs2E+A==caps mon = "allow r"caps osd = "allow rw"[root@ceph-admin ~]#

经验总结扩展阅读


上一篇:芥末酱的注意事项是什么

下一篇:脸色不好是贫血吗