Confirming that a CephX client has access to multiple RBD pools
Problem
Configure a libvirt user in CephX so that the libvirt user has limited access to various RBD pools.
In this example, the pools that the libvirt user has limited access to are
hot-pool, warm-pool, and cold-pool`.
Solution
Use the ceph auth get-or-create command to create an authorization profile
called profile rbd that grants client.ceph-user access to the RBD pools
proxmox-hot-tier, proxmox-warm-tier, and proxmox-cold-tier.
-
Run the following command to create a profile called
profile rbdthat grants access to the three pools:root@ceph/# ceph auth get-or-create client.ceph-user mon
'profile rbd' osd 'profile rbd pool=proxmox-hot-tier,profile rbd
pool=proxmox-warm-tier,profile rbd pool=proxmox-cold-tier'
[client.proxmox]
key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx== -
Use the
ceph auth getcommand to confirm that the permissions were correctly granted:root@st-diz-ceph-mon4:/# ceph auth get client.ceph-user
[client.ceph-user]
key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx==
caps mon = "profile rbd"
caps osd = "profile rbd pool=proxmox-hot-tier,profile rbd
pool=proxmox-warm-tier,profile rbd pool=proxmox-cold-tier"