[ceph.git] / ceph / doc / dev / config-key.rst

===================
 config-key layout
===================

*config-key* is a general-purpose key/value storage service offered by
the mons.  Generally speaking, you can put whatever you want there.
Current in-tree users should be captured here with their key layout
schema.

OSD dm-crypt keys
=================

Key::

  dm-crypt/osd/$OSD_UUID/luks = <json string>

The JSON payload has the form::

  { "dm-crypt": <secret> }

where the secret is a base64 encoded LUKS key.

Created by the 'osd new' command (see OSDMonitor.cc).

Consumed by ceph-volume, and similar tools. Normally access to the
dm-crypt/osd/$OSD_UUID prefix is allowed by a client.osd-lockbox.$OSD_UUID
cephx key, such that only the appropriate host can retrieve the LUKS key (which
in turn decrypts the actual raw key, also stored on the device itself).


ceph-mgr modules
================

The convention for keys is::

  mgr/$MODULE/$option = $value

or::

  mgr/$MODULE/$MGRID/$option = $value

For example,::

  mgr/dashboard/server_port = 80
  mgr/dashboard/foo/server_addr = 1.2.3.4
  mgr/dashboard/bar/server_addr = 1.2.3.5


Configuration
=============

Configuration options for clients and daemons are also stored in config-key.

Keys take the form::

  config/$option = $value
  config/$type/$option = $value
  config/$type.$id/$option = $value
  config/$type.$id/$mask[/$mask2...]/$option = $value

Where

* `type` is a daemon type (`osd`, `mon`, `mds`, `mgr`, `client`)
* `id` is a daemon id (e.g., `0`, `foo`), such that `$type.$id` is something like `osd.123` or `mds.foo`)
* `mask` restricts who the option applies to, and can take two forms:

  #. `$crush_type:$crush_value`.  For example, `rack:foorack`
  #. `class:$classname`, in reference to CRUSH device classes (e.g., `ssd`)
Commit	Line	Data
11fdf7f2 TL	1	===================
	2	config-key layout
	3	===================
	4
	5	config-key is a general-purpose key/value storage service offered by
	6	the mons. Generally speaking, you can put whatever you want there.
	7	Current in-tree users should be captured here with their key layout
	8	schema.
	9
	10	OSD dm-crypt keys
	11	=================
	12
	13	Key::
	14
	15	dm-crypt/osd/$OSD_UUID/luks = <json string>
	16
	17	The JSON payload has the form::
	18
	19	{ "dm-crypt": <secret> }
	20
	21	where the secret is a base64 encoded LUKS key.
	22
	23	Created by the 'osd new' command (see OSDMonitor.cc).
	24
	25	Consumed by ceph-volume, and similar tools. Normally access to the
	26	dm-crypt/osd/$OSD_UUID prefix is allowed by a client.osd-lockbox.$OSD_UUID
	27	cephx key, such that only the appropriate host can retrieve the LUKS key (which
	28	in turn decrypts the actual raw key, also stored on the device itself).
	29
	30
	31	ceph-mgr modules
	32	================
	33
	34	The convention for keys is::
	35
	36	mgr/$MODULE/$option = $value
	37
	38	or::
	39
	40	mgr/$MODULE/$MGRID/$option = $value
	41
	42	For example,::
	43
	44	mgr/dashboard/server_port = 80
	45	mgr/dashboard/foo/server_addr = 1.2.3.4
	46	mgr/dashboard/bar/server_addr = 1.2.3.5
	47
	48
	49	Configuration
	50	=============
	51
	52	Configuration options for clients and daemons are also stored in config-key.
	53
	54	Keys take the form::
	55
	56	config/$option = $value
	57	config/$type/$option = $value
	58	config/$type.$id/$option = $value
	59	config/$type.$id/$mask[/$mask2...]/$option = $value
	60
	61	Where
	62
	63	* `type` is a daemon type (`osd`, `mon`, `mds`, `mgr`, `client`)
	64	* `id` is a daemon id (e.g., `0`, `foo`), such that `$type.$id` is something like `osd.123` or `mds.foo`)
65	* `mask` restricts who the option applies to, and can take two forms:
66
67	#. `$crush_type:$crush_value`. For example, `rack:foorack`
68	#. `class:$classname`, in reference to CRUSH device classes (e.g., `ssd`)