For example, if there are 2 users. There are 3 rbd images (image1, image2, image3) created in pool1.  

User1 is allowed to access only the rbd image1 in pool1. User2 is allowed to access rbd image 2 and image 3 in pool1.


First, get Object Prefix for the images using the below command. Record the block_name_prifix of each image. The 


[root@node161-428ab ~]# rbd info pool1/image1

rbd image 'image1':

    size 51200 MB in 12800 objects

    order 22 (4096 kB objects)

    block_name_prefix: rbd_data.344e06b8b4567

    format: 2

    features: layering

    flags: 

    create_timestamp: Wed Jan  2 13:31:53 2019


[root@node161-428ab ~]# rbd info pool1/image2

rbd image 'image2':

    size 51200 MB in 12800 objects

    order 22 (4096 kB objects)

    block_name_prefix: rbd_data.345026b8b4567

    format: 2

    features: layering

    flags: 

    create_timestamp: Wed Jan  2 14:10:39 2019


[root@node161-428ab ~]# rbd info pool1/image3

rbd image 'image3':

    size 102400 MB in 25600 objects

    order 22 (4096 kB objects)

    block_name_prefix: rbd_data.345db6b8b4567

    format: 2

    features: layering

    flags: 

    create_timestamp: Wed Jan  2 16:27:17 2019



Then use edit to add capability in UVS manager CephX page as below


For user1: Replace the blue parts with the on in customer’s case.

allow rwx pool pool1 object_prefix rbd_data.344e06b8b4567; allow rwx pool pool1 object_prefix rbd_header.344e06b8b4567; allow rx pool pool1 object_prefix rbd_id.image1


For user2: Replace the blue parts with the on in customer’s case.

allow rwx pool pool1 object_prefix rbd_data.345026b8b4567; allow rwx pool pool1 object_prefix rbd_header.345026b8b4567; allow rx pool pool1 object_prefix rbd_id.image2; allow rwx pool pool1 object_prefix rbd_data.345db6b8b4567; allow rwx pool pool1 object_prefix rbd_header.345db6b8b4567; allow rx pool pool1 object_prefix rbd_id.image3



Download the keyring file and ceph.conf files from UVS and copy them to /etc/ceph/ directory of the client server.

Then he can map and mount the rbd image. 

The user name will be client.x.user1 and client.x.user2 in this example. 


map example:

rbd map pool1/image1 -m 192.168.1.161:6789  --name client.x.user1 --keyring=/etc/ceph/ceph.client.x.user1.keyring


or

rbd map pool1/image1 -m 192.168.1.161:6789 --id x.user1 --keyring=/etc/ceph/ceph.client.x.user1.keyring


Please refer to the commands in the UVS manager user manual. 




PastedGraphic-3.png



PastedGraphic-2.png