2 ceph-authtool: must specify filename
3 usage: ceph-authtool keyringfile [OPTIONS]...
5 -l, --list will list all keys and capabilities present in
7 -p, --print-key will print an encoded key for the specified
8 entityname. This is suitable for the
9 'mount -o secret=..' argument
10 -C, --create-keyring will create a new keyring, overwriting any
12 -g, --gen-key will generate a new secret key for the
14 --gen-print-key will generate a new secret key without set it
15 to the keyringfile, prints the secret to stdout
16 --import-keyring FILE will import the content of a given keyring
18 -n NAME, --name NAME specify entityname to operate on
19 -u AUID, --set-uid AUID sets the auid (authenticated user id) for the
21 -a BASE64, --add-key BASE64 will add an encoded key to the keyring
22 --cap SUBSYSTEM CAPABILITY will set the capability for given subsystem
23 --caps CAPSFILE will set all of capabilities associated with a
24 given key, for all subsystems
27 # demonstrate that manpage examples fail without config
28 # TODO fix the manpage
29 $ ceph-authtool --create-keyring --name client.foo --gen-key keyring
32 # work around the above
35 To create a new keyring containing a key for client.foo:
37 $ ceph-authtool --create-keyring --id foo --gen-key keyring
40 $ ceph-authtool --create-keyring --name client.foo --gen-key keyring
43 To associate some capabilities with the key (namely, the ability to mount a Ceph filesystem):
45 $ ceph-authtool -n client.foo --cap mds 'allow' --cap osd 'allow rw pool=data' --cap mon 'allow r' keyring
47 To display the contents of the keyring:
49 $ ceph-authtool -l keyring
51 \\tkey = [a-zA-Z0-9+/]+=* \(esc\) (re)
52 \tcaps mds = "allow" (esc)
53 \tcaps mon = "allow r" (esc)
54 \tcaps osd = "allow rw pool=data" (esc)
Code Review / stor4nfv.git / blob