Question about user's key

Question about user's key

[Chen, Wei D]

[-- Attachment #1: Type: text/plain, Size: 593 bytes --]

Hi,

I have read through some documents about authentication and user management about ceph, everything works fine with me, I can create
a user and play with the keys and caps of that user. But I cannot find where those keys or capabilities stored, obviously, I can
export those info to a file but where are they if I don't export them out?

Looks like these information (keys and caps) of the user is stored in memory? but I still can list them out after rebooting my
machine. Or these info are persisted in some type of DB I didn't aware?

Can anyone help me out?


Best Regards,
Dave Chen


[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 7582 bytes --]

Re: Question about user's key

[Martin Palma]

[-- Attachment #1.1: Type: text/plain, Size: 817 bytes --]

Hi,

They are stored on the monitore nodes.

Best,
Martin

On Fri, 20 Jan 2017 at 04:53, Chen, Wei D <wei.d.chen-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org> wrote:

> Hi,
>
>
>
> I have read through some documents about authentication and user
> management about ceph, everything works fine with me, I can create
>
> a user and play with the keys and caps of that user. But I cannot find
> where those keys or capabilities stored, obviously, I can
>
> export those info to a file but where are they if I don't export them out?
>
>
>
> Looks like these information (keys and caps) of the user is stored in
> memory? but I still can list them out after rebooting my
>
> machine. Or these info are persisted in some type of DB I didn't aware?
>
>
>
> Can anyone help me out?
>
>
>
>
>
> Best Regards,
>
> Dave Chen
>
>
>
>

[-- Attachment #1.2: Type: text/html, Size: 1459 bytes --]

[-- Attachment #2: Type: text/plain, Size: 178 bytes --]

_______________________________________________
ceph-users mailing list
ceph-users-idqoXFIVOFJgJs9I8MT0rw@public.gmane.org
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

RE: Question about user's key

[Chen, Wei D]

[-- Attachment #1: Type: text/plain, Size: 1229 bytes --]

Hi Martin,

Thanks for your response! 
Could you pls tell me where it is on the monitor nodes? only in the memory or persisted in any files or DBs? Looks like it’s not just in memory but I cannot find where those value saved, thanks!

Best Regards,
Dave Chen

From: Martin Palma [mailto:martin@palma.bz] 
Sent: Friday, January 20, 2017 3:36 PM
To: Ceph-User; Chen, Wei D; ceph-devel@vger.kernel.org
Subject: Re: Question about user's key

Hi,

They are stored on the monitore nodes.

Best,
Martin

On Fri, 20 Jan 2017 at 04:53, Chen, Wei D <wei.d.chen@intel.com> wrote:
Hi,



I have read through some documents about authentication and user management about ceph, everything works fine with me, I can create

a user and play with the keys and caps of that user. But I cannot find where those keys or capabilities stored, obviously, I can

export those info to a file but where are they if I don't export them out?



Looks like these information (keys and caps) of the user is stored in memory? but I still can list them out after rebooting my

machine. Or these info are persisted in some type of DB I didn't aware?



Can anyone help me out?





Best Regards,

Dave Chen



[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 7582 bytes --]

Re: Question about user's key

[Martin Palma]

I don't know exactly where but I'm guessing in the database of the
monitor server which should be located at
"/var/lib/ceph/mon/<mon_hostname>".

Best,
Martin

On Fri, Jan 20, 2017 at 8:55 AM, Chen, Wei D <wei.d.chen@intel.com> wrote:
> Hi Martin,
>
> Thanks for your response!
> Could you pls tell me where it is on the monitor nodes? only in the memory or persisted in any files or DBs? Looks like it’s not just in memory but I cannot find where those value saved, thanks!
>
> Best Regards,
> Dave Chen
>
> From: Martin Palma [mailto:martin@palma.bz]
> Sent: Friday, January 20, 2017 3:36 PM
> To: Ceph-User; Chen, Wei D; ceph-devel@vger.kernel.org
> Subject: Re: Question about user's key
>
> Hi,
>
> They are stored on the monitore nodes.
>
> Best,
> Martin
>
> On Fri, 20 Jan 2017 at 04:53, Chen, Wei D <wei.d.chen@intel.com> wrote:
> Hi,
>
>
>
> I have read through some documents about authentication and user management about ceph, everything works fine with me, I can create
>
> a user and play with the keys and caps of that user. But I cannot find where those keys or capabilities stored, obviously, I can
>
> export those info to a file but where are they if I don't export them out?
>
>
>
> Looks like these information (keys and caps) of the user is stored in memory? but I still can list them out after rebooting my
>
> machine. Or these info are persisted in some type of DB I didn't aware?
>
>
>
> Can anyone help me out?
>
>
>
>
>
> Best Regards,
>
> Dave Chen
>
>
_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Re: Question about user's key

[Joao Eduardo Luis]

On 01/20/2017 03:52 AM, Chen, Wei D wrote:
> Hi,
>
> I have read through some documents about authentication and user management about ceph, everything works fine with me, I can create
> a user and play with the keys and caps of that user. But I cannot find where those keys or capabilities stored, obviously, I can
> export those info to a file but where are they if I don't export them out?
>
> Looks like these information (keys and caps) of the user is stored in memory? but I still can list them out after rebooting my
> machine. Or these info are persisted in some type of DB I didn't aware?
>
> Can anyone help me out?

Authentication keys and caps are kept by the monitor in its store, 
either a leveldb or a rocksdb, in its data directory.

The monitor's data directory are, by default, in 
/var/lib/ceph/mon/ceph-X, with X being the monitor's id. The store is 
within that directory, named `store.db`.

The store in not in human-readable format, but you can use 
ceph-kvstore-tool to walk the keys if you want. Please note that, should 
you want to do this, the monitor must be shutdown first.

   -Joao

RE: Question about user's key

[Chen, Wei D]

[-- Attachment #1: Type: text/plain, Size: 1472 bytes --]

Hi Joao & Martin,

Thanks for your sharing, that's a big help for me!

Best Regards,
Dave Chen


> -----Original Message-----
> From: Joao Eduardo Luis [mailto:joao@suse.de]
> Sent: Friday, January 20, 2017 9:53 PM
> To: Chen, Wei D; ceph-devel@vger.kernel.org; Ceph-User
> Subject: Re: Question about user's key
> 
> On 01/20/2017 03:52 AM, Chen, Wei D wrote:
> > Hi,
> >
> > I have read through some documents about authentication and user
> > management about ceph, everything works fine with me, I can create a
> > user and play with the keys and caps of that user. But I cannot find where those keys or capabilities stored, obviously, I can
> export those info to a file but where are they if I don't export them out?
> >
> > Looks like these information (keys and caps) of the user is stored in
> > memory? but I still can list them out after rebooting my machine. Or these info are persisted in some type of DB I didn't
> aware?
> >
> > Can anyone help me out?
> 
> Authentication keys and caps are kept by the monitor in its store, either a leveldb or a rocksdb, in its data directory.
> 
> The monitor's data directory are, by default, in /var/lib/ceph/mon/ceph-X, with X being the monitor's id. The store is within
> that directory, named `store.db`.
> 
> The store in not in human-readable format, but you can use ceph-kvstore-tool to walk the keys if you want. Please note that,
> should you want to do this, the monitor must be shutdown first.
> 
>    -Joao


[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 7582 bytes --]