To restrict clients from writing data, use r instead of rw: To prevent clients from writing to or reading data from pools other than those in use for the Ceph File System, set an OSD authentication capability that restricts access to the CephFS data pools: # ceph-fuse -n client.1 -keyring=/etc/ceph/client.1.keyring /mnt/cephfs -r /home/cephf To instruct the client with ID 1 to treat the /home/cephfs/ directory as its root: When a client has capabilities that restrict it to a path, use the -r option with the ceph-fuse command so that the client will treat that path as its root: See the User Management chapter in the Administration Guide for details on authentication capabilities. Path restriction using the authentication capabilities is the most common way to restrict clients. Key = AQACNoZXhrzqIRAABPKHTach4x03JeNadeQ9Uw=Ĭaps mds = "allow r, allow rw path=/home/cephfs" $ ceph auth get-or-create client.1 mon 'allow r' mds 'allow r, allow rw path=/home/cephfs' osd 'allow rw pool=data' Also, it restricts the CephFS client to perform read and write operations only within the data pool: The following example command restricts the MDS to write metadata only to the /home/cephfs/ directory. mon 'allow r' mds 'allow r, allow rw path=' osd 'allow rw pool=data' For example, to restrict the MDS daemon to write metadata only to a particular directory, specify that directory while creating the client capabilities:Ĭeph auth get-or-create client. To restrict clients to only mount and work within a certain directory, use path-based MDS authentication capabilities. Further, when clients mount a subdirectory, for example, /home/, the MDS does not by default verify that subsequent operations are locked within that directory. Configuration Reference"īy default, clients are not restricted in what paths they are allowed to mount. Configuration Reference"Ĭollapse section "A. Mounting Ceph File Systems Permanently in /etc/fstabĮxpand section "A. Mounting Ceph File Systems in User Space (FUSE)Ĥ.4. Mounting Ceph File Systems as Kernel ClientsĤ.3. Mounting and Unmounting Ceph File Systems"Ĥ.2. Mounting and Unmounting Ceph File Systems"Ĭollapse section "4. ![]() Mounting and Unmounting Ceph File SystemsĮxpand section "4. ![]() Creating Ceph File Systems"Ĭollapse section "3. Configuring a Ceph Metadata Server"Įxpand section "3. Configuring a Ceph Metadata Server"Ĭollapse section "2.3. Installing and Configuring Ceph Metadata Servers (MDS)"Įxpand section "2.3. Installing and Configuring Ceph Metadata Servers (MDS)"Ĭollapse section "2. Installing and Configuring Ceph Metadata Servers (MDS)Įxpand section "2. ![]() What is the Ceph File System (CephFS)?"Ģ. What is the Ceph File System (CephFS)?"Ĭollapse section "1. What is the Ceph File System (CephFS)?Įxpand section "1. Ceph File System Guide (Technology Preview)ġ.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |