Cephx configuration options
Understand the various Cephx configuration options that can be set up during deployment.
-
auth_cluster_required -
Description: Valid settings are
cephxornone. -
auth_service_required -
Description: Valid settings are
cephxornone. -
auth_client_required -
Description: If enabled, the IBM Storage Ceph cluster daemons require Ceph clients to authenticate with the IBM Storage Ceph cluster in order to access Ceph services. Valid settings are
cephxornone. -
keyring -
Description: The path to the keyring file.
-
keyfile -
Description: The path to a key file (that is. a file containing only the key).
-
key -
Description: The key (that is, the text string of the key itself). Not recommended.
-
ceph-mon -
Location:
$mon_data/keyring -
ceph-osd -
Location:
$osd_data/keyring -
radosgw -
Location:
$rgw_data/keyring -
cephx_require_signatures -
Description: If set to
true, Ceph requires signatures on all message traffic between the Ceph client and the IBM Storage Ceph cluster, and between daemons comprising the IBM Storage Ceph cluster. -
cephx_cluster_require_signatures -
Description: If set to
true, Ceph requires signatures on all message traffic between Ceph daemons comprising the IBM Storage Ceph cluster. -
cephx_service_require_signatures -
Description: If set to
true, Ceph requires signatures on all message traffic between Ceph clients and the IBM Storage Ceph cluster. -
cephx_sign_messages -
Description: If the Ceph version supports message signing, Ceph will sign all messages so they cannot be spoofed.
-
auth_service_ticket_ttl -
Description: When the IBM Storage Ceph cluster sends a Ceph client a ticket for authentication, the cluster assigns the ticket a time to live.