Enabling Cephx In cephadm depolyment

Question

Hello i am trying to enable cephx in my ceph cluster i added this three lines to /etc/ceph/ceph.conf

 auth_cluster_required = cephx
 auth_service_required = cephx
 auth_client_required = cephx

i didn't don generate any keyring since cephadm did that for me already. the problem is after a while this 3 lines automatically gets removed from ceph.conf ;

Ceph evolved from using the ceph.conf to a [config database](https://docs.ceph.com/en/latest/rados/configuration/ceph-conf/#monitor-configuration-database). Usually, only a minimal ceph.conf required for all nodes and the rest is handled in the config database. The [docs](https://docs.ceph.com/en/quincy/cephadm/operations/#etc-ceph-ceph-conf) also cover how to distribute a copy of the conf file to hosts. So in theory (haven't tried that myself) you should be able to run it like this: `$ ceph config set global auth_client_required cephx` and respectively for the other config options. — eblock, Nov 30 '22 at 12:32

Hoodad Tabibi · Accepted Answer · 2022-12-18T10:57:01.327

0

 auth_cluster_required = cephx
 auth_service_required = cephx
 auth_client_required = cephx

this configs should be set on client side not on cluster nodes.

in cluster client config is

auth_client_required = cephx,none

i don't know a way to force cephx and deny none cephx :/

edited Dec 18 '22 at 10:57

answered Dec 18 '22 at 10:54

Hoodad Tabibi

109
6

Enabling Cephx In cephadm depolyment

1 Answers1