They are currently defined to the following (translated to cap syntax): mon: 'allow service mon r, allow service osd r, allow service pg r, allow command "osd blacklist" with blacklistop=add addr regex "^[^/]+/[0-9]+$"' osd: 'allow class-read object_prefix rbd_children, allow class-read object_prefix rbd_mirroring, allow [pool <pool name>] rwx' On Thu, Nov 9, 2017 at 5:24 AM, John Spray <jspray@xxxxxxxxxx> wrote: > > On Thu, Nov 9, 2017 at 10:12 AM, Marc Roos <M.Roos@xxxxxxxxxxxxxxxxx> wrote: > > > > How/where can I see how eg. 'profile rbd' is defined? > > > > As in > > [client.rbd.client1] > > key = xxx== > > caps mon = "profile rbd" > > caps osd = "profile rbd pool=rbd" > > The profiles are defined internally and are subject to change, but you > can peek at them in the code: > https://github.com/ceph/ceph/blob/master/src/mon/MonCap.cc#L285 > https://github.com/ceph/ceph/blob/master/src/osd/OSDCap.cc#L250 > > John > > > > > > > > > > > _______________________________________________ > > ceph-users mailing list > > ceph-users@xxxxxxxxxxxxxx > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com -- Jason _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |