On 09/12/2012 02:25 AM, Sage Weil wrote:
The next stable release will have cephx authentication enabled by default.
We will probably do it in the next development release (v0.53) to work out
any upgrade kinks well before that. The process for setting up teh
authentication keys on an existing cluster is at
http://ceph.com/docs/master/cluster-ops/authentication/
This needs a few eyeballs to make sure the upgrade process makes sense...
"Generate a secret key for every OSD, where {$id} is the OSD number:"
Where does {$id} come from? I know it's just a variable which the users
needs to fill in, but it could be somewhat confusing.
You could do:
for id in {0..10}; do
ceph auth get-or-create osd.${id} mon 'allow rwx' osd 'allow *' -o
/var/lib/ceph/osd/ceph-${id}/keyring;
done
I know this doesn't work for the mds which uses alpha-numeric names, but
imho the {$id} variable seems to come from nowhere.
Maybe an example to make it more clear, because later in the page $id is
used without the brackets ( { & } )
Later on, this command won't work:
$ sudo ceph auth get-or-create client.admin mds 'allow' osd 'allow *'
mon 'allow *' > /etc/ceph/keyring
The "ceph" command gets executed as root, but the output won't, so
writing to /etc/ceph/keyring will fail.
We could assume everybody executes these commands as root, but it might
be somewhat confusing if one command has "sudo" prefixed and other
don't. That might suggest it's somewhat special.
The same goes for a couple of commands after the one mentioned above.
I haven't tested the upgrade itself, but this is what I noticed while
reading the docs.
Wido
Thanks!
sage
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
