3 =================================================================
4 radosgw-admin -- rados REST gateway user administration utility
5 =================================================================
7 .. program:: radosgw-admin
12 | **radosgw-admin** *command* [ *options* *...* ]
18 :program:`radosgw-admin` is a Ceph Object Gateway user administration utility. It
19 is used to create and modify users.
25 :program:`radosgw-admin` utility provides commands for administration purposes
28 :command:`user create`
31 :command:`user modify`
35 Display information for a user including any subusers and keys.
37 :command:`user rename`
43 :command:`user suspend`
46 :command:`user enable`
47 Re-enable user after suspension.
53 Show user stats as accounted by the quota subsystem.
59 Add user capabilities.
62 Remove user capabilities.
64 :command:`subuser create`
65 Create a new subuser (primarily useful for clients using the Swift API).
67 :command:`subuser modify`
79 :command:`bucket list`
80 List buckets, or, if a bucket is specified with --bucket=<bucket>,
81 list its objects. Adding --allow-unordered
82 removes the ordering requirement, possibly generating results more
83 quickly for buckets with large number of objects.
85 :command:`bucket limit check`
86 Show bucket sharding stats.
88 :command:`bucket link`
89 Link bucket to specified user.
91 :command:`bucket unlink`
92 Unlink bucket from specified user.
94 :command:`bucket chown`
95 Change bucket ownership to the specified user and update object ACLs.
96 Invoke with --marker to resume if the command is interrupted.
98 :command:`bucket stats`
99 Returns bucket statistics.
104 :command:`bucket check`
107 :command:`bucket rewrite`
108 Rewrite all objects in the specified bucket.
110 :command:`bucket radoslist`
111 List the RADOS objects that contain the data for all objects in
112 the designated bucket, if --bucket=<bucket> is specified.
113 Otherwise, list the RADOS objects that contain data for all
116 :command:`bucket reshard`
117 Reshard a bucket's index.
119 :command:`bucket sync disable`
122 :command:`bucket sync enable`
126 Retrieve bucket index object entries.
129 Store bucket index object entries.
132 List raw bucket index entries.
135 Purge bucket index entries.
140 :command:`object stat`
141 Stat an object for its metadata.
143 :command:`object unlink`
144 Unlink object from bucket index.
146 :command:`object rewrite`
147 Rewrite the specified object.
149 :command:`objects expire`
150 Run expired objects cleanup.
155 :command:`period get`
158 :command:`period get-current`
159 Get the current period info.
161 :command:`period pull`
164 :command:`period push`
167 :command:`period list`
170 :command:`period update`
171 Update the staging period.
173 :command:`period commit`
174 Commit the staging period.
179 :command:`quota enable`
182 :command:`quota disable`
185 :command:`global quota get`
186 View global quota parameters.
188 :command:`global quota set`
189 Set global quota parameters.
191 :command:`global quota enable`
192 Enable a global quota.
194 :command:`global quota disable`
195 Disable a global quota.
197 :command:`realm create`
206 :command:`realm get-default`
207 Get the default realm name.
209 :command:`realm list`
212 :command:`realm list-periods`
213 List all realm periods.
215 :command:`realm rename`
219 Set the realm info (requires infile).
221 :command:`realm default`
222 Set the realm as default.
224 :command:`realm pull`
225 Pull a realm and its current period.
227 :command:`zonegroup add`
228 Add a zone to a zonegroup.
230 :command:`zonegroup create`
231 Create a new zone group info.
233 :command:`zonegroup default`
234 Set the default zone group.
236 :command:`zonegroup rm`
237 Remove a zone group info.
239 :command:`zonegroup get`
240 Show the zone group info.
242 :command:`zonegroup modify`
243 Modify an existing zonegroup.
245 :command:`zonegroup set`
246 Set the zone group info (requires infile).
248 :command:`zonegroup remove`
249 Remove a zone from a zonegroup.
251 :command:`zonegroup rename`
254 :command:`zonegroup list`
255 List all zone groups set on this cluster.
257 :command:`zonegroup placement list`
258 List zonegroup's placement targets.
260 :command:`zonegroup placement add`
261 Add a placement target id to a zonegroup.
263 :command:`zonegroup placement modify`
264 Modify a placement target of a specific zonegroup.
266 :command:`zonegroup placement rm`
267 Remove a placement target from a zonegroup.
269 :command:`zonegroup placement default`
270 Set a zonegroup's default placement target.
272 :command:`zone create`
279 Show zone cluster params.
282 Set zone cluster params (requires infile).
284 :command:`zone modify`
285 Modify an existing zone.
288 List all zones set on this cluster.
290 :command:`metadata sync status`
291 Get metadata sync status.
293 :command:`metadata sync init`
296 :command:`metadata sync run`
299 :command:`data sync status`
300 Get data sync status of the specified source zone.
302 :command:`data sync init`
303 Init data sync for the specified source zone.
305 :command:`data sync run`
306 Run data sync for the specified source zone.
308 :command:`sync error list`
311 :command:`sync error trim`
314 :command:`zone rename`
317 :command:`zone placement list`
318 List a zone's placement targets.
320 :command:`zone placement add`
321 Add a zone placement target.
323 :command:`zone placement modify`
324 Modify a zone placement target.
326 :command:`zone placement rm`
327 Remove a zone placement target.
330 Add an existing pool for data placement.
333 Remove an existing pool from data placement set.
335 :command:`pools list`
336 List placement active set.
339 Display bucket/object policy.
345 Dump a log from specific object or (bucket + date + bucket-id).
346 (NOTE: required to specify formatting of date to "YYYY-MM-DD-hh")
351 :command:`usage show`
352 Show the usage information (with optional user and date range).
354 :command:`usage trim`
355 Trim usage information (with optional user and date range).
358 Dump expired garbage collection objects (specify --include-all to list all
359 entries, including unexpired).
361 :command:`gc process`
362 Manually process garbage.
365 List all bucket lifecycle progress.
367 :command:`lc process`
368 Manually process lifecycle transitions. If a bucket is specified (e.g., via
369 --bucket_id or via --bucket and optional --tenant), only that bucket
372 :command:`metadata get`
375 :command:`metadata put`
378 :command:`metadata rm`
379 Remove metadata info.
381 :command:`metadata list`
384 :command:`mdlog list`
385 List metadata log which is needed for multi-site deployments.
387 :command:`mdlog trim`
388 Trim metadata log manually instead of relying on the gateway's integrated log sync.
389 Before trimming, compare the listings and make sure the last sync was
390 complete, otherwise it can reinitiate a sync.
392 :command:`mdlog status`
393 Read metadata log status.
395 :command:`bilog list`
396 List bucket index log which is needed for multi-site deployments.
398 :command:`bilog trim`
399 Trim bucket index log (use start-marker, end-marker) manually instead
400 of relying on the gateway's integrated log sync.
401 Before trimming, compare the listings and make sure the last sync was
402 complete, otherwise it can reinitiate a sync.
404 :command:`datalog list`
405 List data log which is needed for multi-site deployments.
407 :command:`datalog trim`
408 Trim data log manually instead of relying on the gateway's integrated log sync.
409 Before trimming, compare the listings and make sure the last sync was
410 complete, otherwise it can reinitiate a sync.
412 :command:`datalog status`
413 Read data log status.
415 :command:`orphans find`
416 Init and run search for leaked RADOS objects.
417 DEPRECATED. See the "rgw-orphan-list" tool.
419 :command:`orphans finish`
420 Clean up search for leaked RADOS objects.
421 DEPRECATED. See the "rgw-orphan-list" tool.
423 :command:`orphans list-jobs`
424 List the current orphans search job IDs.
425 DEPRECATED. See the "rgw-orphan-list" tool.
427 :command:`role create`
428 Create a new role for use with STS (Security Token Service).
437 List the roles with specified path prefix.
439 :command:`role modify`
440 Modify the assume role policy of an existing role.
442 :command:`role-policy put`
443 Add/update permission policy to role.
445 :command:`role-policy list`
446 List the policies attached to a role.
448 :command:`role-policy get`
449 Get the specified inline policy document embedded with the given role.
451 :command:`role-policy rm`
452 Remove the policy attached to a role
454 :command:`reshard add`
455 Schedule a resharding of a bucket
457 :command:`reshard list`
458 List all bucket resharding or scheduled to be resharded
460 :command:`reshard process`
461 Process of scheduled reshard jobs
463 :command:`reshard status`
464 Resharding status of a bucket
466 :command:`reshard cancel`
467 Cancel resharding a bucket
469 :command:`topic list`
470 List bucket notifications/pubsub topics
473 Get a bucket notifications/pubsub topic
476 Remove a bucket notifications/pubsub topic
478 :command:`subscription get`
479 Get a pubsub subscription definition
481 :command:`subscription rm`
482 Remove a pubsub subscription
484 :command:`subscription pull`
485 Show events in a pubsub subscription
487 :command:`subscription ack`
488 Acknowledge (remove) events in a pubsub subscription
494 .. option:: -c ceph.conf, --conf=ceph.conf
496 Use ``ceph.conf`` configuration file instead of the default
497 ``/etc/ceph/ceph.conf`` to determine monitor addresses during
500 .. option:: -m monaddress[:port]
502 Connect to specified monitor (instead of selecting one
505 .. option:: --tenant=<tenant>
509 .. option:: --uid=uid
511 The user on which to operate.
513 .. option:: --new-uid=uid
515 The new ID of the user. Used with 'user rename' command.
517 .. option:: --subuser=<name>
521 .. option:: --access-key=<key>
525 .. option:: --email=email
527 The e-mail address of the user.
529 .. option:: --secret/--secret-key=<key>
533 .. option:: --gen-access-key
535 Generate random access key (for S3).
538 .. option:: --gen-secret
540 Generate random secret key.
542 .. option:: --key-type=<type>
544 Key type, options are: swift, s3.
546 .. option:: --temp-url-key[-2]=<key>
550 .. option:: --max-buckets
552 Maximum number of buckets for a user (0 for no limit, negative value to disable bucket creation).
555 .. option:: --access=<access>
557 Set the access permissions for the subuser.
558 Available access permissions are read, write, readwrite and full.
560 .. option:: --display-name=<name>
562 The display name of the user.
566 Set the admin flag on the user.
570 Set the system flag on the user.
572 .. option:: --bucket=[tenant-id/]bucket
574 Specify the bucket name. If tenant-id is not specified, the tenant-id
575 of the user (--uid) is used.
577 .. option:: --pool=<pool>
579 Specify the pool name.
580 Also used with `orphans find` as data pool to scan for leaked rados objects.
582 .. option:: --object=object
584 Specify the object name.
586 .. option:: --date=yyyy-mm-dd
588 The date in the format yyyy-mm-dd.
590 .. option:: --start-date=yyyy-mm-dd
592 The start date in the format yyyy-mm-dd.
594 .. option:: --end-date=yyyy-mm-dd
596 The end date in the format yyyy-mm-dd.
598 .. option:: --bucket-id=<bucket-id>
600 Specify the bucket id.
602 .. option:: --bucket-new-name=[tenant-id/]<bucket>
604 Optional for `bucket link`; use to rename a bucket.
605 While the tenant-id can be specified, this is not
606 necessary in normal operation.
608 .. option:: --shard-id=<shard-id>
610 Optional for mdlog list, bi list, data sync status. Required for ``mdlog trim``.
612 .. option:: --max-entries=<entries>
614 Optional for listing operations to specify the max entries.
616 .. option:: --purge-data
618 When specified, user removal will also purge the user's data.
620 .. option:: --purge-keys
622 When specified, subuser removal will also purge the subuser' keys.
624 .. option:: --purge-objects
626 When specified, the bucket removal will also purge all objects in it.
628 .. option:: --metadata-key=<key>
630 Key from which to retrieve metadata, used with ``metadata get``.
632 .. option:: --remote=<remote>
634 Zone or zonegroup id of remote gateway.
636 .. option:: --period=<id>
640 .. option:: --url=<url>
642 URL for pushing/pulling period or realm.
644 .. option:: --epoch=<number>
650 Commit the period during 'period update'.
652 .. option:: --staging
654 Get the staging period info.
660 .. option:: --master-zone=<id>
664 .. option:: --rgw-realm=<name>
668 .. option:: --realm-id=<id>
672 .. option:: --realm-new-name=<name>
674 New name for the realm.
676 .. option:: --rgw-zonegroup=<name>
680 .. option:: --zonegroup-id=<id>
684 .. option:: --zonegroup-new-name=<name>
686 The new name of the zonegroup.
688 .. option:: --rgw-zone=<zone>
690 Zone in which the gateway is running.
692 .. option:: --zone-id=<id>
696 .. option:: --zone-new-name=<name>
698 The new name of the zone.
700 .. option:: --source-zone
702 The source zone for data sync.
704 .. option:: --default
706 Set the entity (realm, zonegroup, zone) as default.
708 .. option:: --read-only
710 Set the zone as read-only when adding to the zonegroup.
712 .. option:: --placement-id
714 Placement ID for the zonegroup placement commands.
716 .. option:: --tags=<list>
718 The list of tags for zonegroup placement add and modify commands.
720 .. option:: --tags-add=<list>
722 The list of tags to add for zonegroup placement modify command.
724 .. option:: --tags-rm=<list>
726 The list of tags to remove for zonegroup placement modify command.
728 .. option:: --endpoints=<list>
732 .. option:: --index-pool=<pool>
734 The placement target index pool.
736 .. option:: --data-pool=<pool>
738 The placement target data pool.
740 .. option:: --data-extra-pool=<pool>
742 The placement target data extra (non-EC) pool.
744 .. option:: --placement-index-type=<type>
746 The placement target index type (normal, indexless, or #id).
748 .. option:: --placement-inline-data=<true>
750 Whether the placement target is configured to store a data chunk inline in head objects.
752 .. option:: --tier-type=<type>
756 .. option:: --tier-config=<k>=<v>[,...]
758 Set zone tier config keys, values.
760 .. option:: --tier-config-rm=<k>[,...]
762 Unset zone tier config keys.
764 .. option:: --sync-from-all[=false]
766 Set/reset whether zone syncs from all zonegroup peers.
768 .. option:: --sync-from=[zone-name][,...]
770 Set the list of zones from which to sync.
772 .. option:: --sync-from-rm=[zone-name][,...]
774 Remove zone(s) from list of zones from which to sync.
776 .. option:: --bucket-index-max-shards
778 Override a zone's or zonegroup's default number of bucket index shards. This
779 option is accepted by the 'zone create', 'zone modify', 'zonegroup add',
780 and 'zonegroup modify' commands, and applies to buckets that are created
781 after the zone/zonegroup changes take effect.
785 Fix the bucket index in addition to checking it.
787 .. option:: --check-objects
789 Bucket check: Rebuilds the bucket index according to actual object state.
791 .. option:: --format=<format>
793 Specify output format for certain operations. Supported formats: xml, json.
795 .. option:: --sync-stats
797 Option for the 'user stats' command. When specified, it will update user stats with
798 the current stats reported by the user's buckets indexes.
800 .. option:: --show-config
804 .. option:: --show-log-entries=<flag>
806 Enable/disable dumping of log entries on log show.
808 .. option:: --show-log-sum=<flag>
810 Enable/disable dump of log summation on log show.
812 .. option:: --skip-zero-entries
814 Log show only dumps entries that don't have zero value in one of the numeric
819 Specify a file to read when setting data.
821 .. option:: --categories=<list>
823 Comma separated list of categories, used in usage show.
825 .. option:: --caps=<caps>
827 List of capabilities (e.g., "usage=read, write; user=read").
829 .. option:: --compression=<compression-algorithm>
831 Placement target compression algorithm (lz4|snappy|zlib|zstd).
833 .. option:: --yes-i-really-mean-it
835 Required as a guardrail for certain destructive operations.
837 .. option:: --min-rewrite-size
839 Specify the minimum object size for bucket rewrite (default 4M).
841 .. option:: --max-rewrite-size
843 Specify the maximum object size for bucket rewrite (default ULLONG_MAX).
845 .. option:: --min-rewrite-stripe-size
847 Specify the minimum stripe size for object rewrite (default 0). If the value
848 is set to 0, then the specified object will always be
849 rewritten when restriping.
851 .. option:: --warnings-only
853 When specified with bucket limit check,
854 list only buckets nearing or over the current max objects per shard value.
856 .. option:: --bypass-gc
858 When specified with bucket deletion,
859 triggers object deletion without involving GC.
861 .. option:: --inconsistent-index
863 When specified with bucket deletion and bypass-gc set to true,
864 ignores bucket index consistency.
866 .. option:: --max-concurrent-ios
868 Maximum concurrent bucket operations. Affects operations that
869 scan the bucket index, e.g., listing, deletion, and all scan/search
870 operations such as finding orphans or checking the bucket index.
876 .. option:: --max-objects
878 Specify the maximum number of objects (negative value to disable).
880 .. option:: --max-size
882 Specify the maximum object size (in B/K/M/G/T, negative value to disable).
884 .. option:: --quota-scope
886 The scope of quota (bucket, user).
889 Orphans Search Options
890 ======================
892 .. option:: --num-shards
894 Number of shards to use for temporary scan info
896 .. option:: --orphan-stale-secs
898 Number of seconds to wait before declaring an object to be an orphan.
899 The efault is 86400 (24 hours).
903 Set the job id (for orphans find)
906 Orphans list-jobs options
907 =========================
909 .. option:: --extra-info
911 Provide extra info in the job list.
917 .. option:: --role-name
919 The name of the role to create.
923 The path to the role.
925 .. option:: --assume-role-policy-doc
927 The trust relationship policy document that grants an entity permission to
930 .. option:: --policy-name
932 The name of the policy document.
934 .. option:: --policy-doc
936 The permission policy document.
938 .. option:: --path-prefix
940 The path prefix for filtering the roles.
943 Bucket Notifications/PubSub Options
944 ===================================
947 The bucket notifications/pubsub topic name.
949 .. option:: --subscription
951 The pubsub subscription name.
953 .. option:: --event-id
955 The event id in a pubsub subscription.
961 Generate a new user::
963 $ radosgw-admin user create --display-name="johnny rotten" --uid=johnny
964 { "user_id": "johnny",
966 "display_name": "johnny rotten",
972 "access_key": "TCICW53D9BQ2VGC46I44",
973 "secret_key": "tfm9aHMI8X76L3UdgE+ZQaJag1vJQmE6HDb5Lbrz"}],
978 $ radosgw-admin user rm --uid=johnny
982 $ radosgw-admin user rename --uid=johnny --new-uid=joe
984 Remove a user and all associated buckets with their contents::
986 $ radosgw-admin user rm --uid=johnny --purge-data
990 $ radosgw-admin bucket rm --bucket=foo
992 Link bucket to specified user::
994 $ radosgw-admin bucket link --bucket=foo --bucket_id=<bucket id> --uid=johnny
996 Unlink bucket from specified user::
998 $ radosgw-admin bucket unlink --bucket=foo --uid=johnny
1002 $ radosgw-admin bucket link --bucket=foo --bucket-new-name=bar --uid=johnny
1004 Move a bucket from the old global tenant space to a specified tenant::
1006 $ radosgw-admin bucket link --bucket=foo --uid='12345678$12345678'
1008 Link bucket to specified user and change object ACLs::
1010 $ radosgw-admin bucket chown --bucket=foo --uid='12345678$12345678'
1012 Show the logs of a bucket from April 1st, 2012::
1014 $ radosgw-admin log show --bucket=foo --date=2012-04-01-01 --bucket-id=default.14193.1
1016 Show usage information for user from March 1st to (but not including) April 1st, 2012::
1018 $ radosgw-admin usage show --uid=johnny \
1019 --start-date=2012-03-01 --end-date=2012-04-01
1021 Show only summary of usage information for all users::
1023 $ radosgw-admin usage show --show-log-entries=false
1025 Trim usage information for user until March 1st, 2012::
1027 $ radosgw-admin usage trim --uid=johnny --end-date=2012-04-01
1033 :program:`radosgw-admin` is part of Ceph, a massively scalable, open-source,
1034 distributed storage system. Please refer to the Ceph documentation at
1035 https://docs.ceph.com for more information.
1041 :doc:`ceph <ceph>`\(8)
1042 :doc:`radosgw <radosgw>`\(8)