This is a draft document that was built and uploaded automatically. It may document beta software and be incomplete or even incorrect. Use this document at your own risk.

Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
Tuning Guide / Introduction / User Privileges and Command Prompts
Applies to SUSE Enterprise Storage 6

1 User Privileges and Command Prompts

As a Ceph cluster administrator, you will be configuring and adjusting the cluster behavior by running specific commands. There are several types of commands you will need:

1.1 Salt/DeepSea Related Commands

These commands help you to deploy or upgrade the Ceph cluster, run commands on several (or all) cluster nodes at the same time, or assist you when adding or removing cluster nodes. The most frequently used are salt, salt-run, and deepsea. You need to run Salt commands on the Salt master node (refer to Book “Deployment Guide”, Chapter 5 “Deploying with DeepSea/Salt”, Section 5.2 “Introduction to DeepSea” for details) as root. These commands are introduced with the following prompt: 

root@master #

For example: 

root@master # salt '*.example.net' test.ping

1.2 Ceph Related Commands

These are lower level commands to configure and fine tune all aspects of the cluster and its gateways on the command line, for example ceph, rbd, radosgw-admin, or crushtool.

To run Ceph related commands, you need to have read access to a Ceph key. The key's capabilities then define your privileges within the Ceph environment. One option is to run Ceph commands as root (or via sudo) and use the unrestricted default keyring 'ceph.client.admin.key'.

Safer and recommended option is to create a more restrictive individual key for each administrator user and put it in a directory where the users can read it, for example: 

~/.ceph/ceph.client.USERNAME.keyring
Tip
Tip: Path to Ceph Keys

To use a custom admin user and keyring, you need to specify the user name and path to the key each time you run the ceph command using the -n client.USER_NAME and --keyring PATH/TO/KEYRING options.

To avoid this, include these options in the CEPH_ARGS variable in the individual users' ~/.bashrc files.

Although you can run Ceph related commands on any cluster node, we recommend running them on the Admin Node. This documentation uses the cephadm user to run the commands, therefore they are introduced with the following prompt: 

cephadm@adm >

For example: 

cephadm@adm > ceph auth list
Tip
Tip: Commands for Specific Nodes

If the documentation instructs you to run a command on a cluster node with a specific role, it will be addressed by the prompt. For example: 

cephadm@mon >

1.3 General Linux Commands

Linux commands not related to Ceph or DeepSea, such as mount, cat, or openssl, are introduced either with the cephadm@adm > or root # prompts, depending on which privileges the related command requires.

1.4 Additional Information

For more information on Ceph key management, refer to Book “Administration Guide”, Chapter 19 “Authentication with cephx”, Section 19.2 “Key Management”.