summaryrefslogtreecommitdiffstats
path: root/doc/dev/config-key.rst
diff options
context:
space:
mode:
Diffstat (limited to 'doc/dev/config-key.rst')
-rw-r--r--doc/dev/config-key.rst68
1 files changed, 68 insertions, 0 deletions
diff --git a/doc/dev/config-key.rst b/doc/dev/config-key.rst
new file mode 100644
index 000000000..d7b79db2f
--- /dev/null
+++ b/doc/dev/config-key.rst
@@ -0,0 +1,68 @@
+===================
+ config-key layout
+===================
+
+*config-key* is a general-purpose key/value storage service offered by
+the mons. Generally speaking, you can put whatever you want there.
+Current in-tree users should be captured here with their key layout
+schema.
+
+OSD dm-crypt keys
+=================
+
+Key::
+
+ dm-crypt/osd/$OSD_UUID/luks = <json string>
+
+The JSON payload has the form::
+
+ { "dm-crypt": <secret> }
+
+where the secret is a base64 encoded LUKS key.
+
+Created by the 'osd new' command (see OSDMonitor.cc).
+
+Consumed by ceph-volume, and similar tools. Normally access to the
+dm-crypt/osd/$OSD_UUID prefix is allowed by a client.osd-lockbox.$OSD_UUID
+cephx key, such that only the appropriate host can retrieve the LUKS key (which
+in turn decrypts the actual raw key, also stored on the device itself).
+
+
+ceph-mgr modules
+================
+
+The convention for keys is::
+
+ mgr/$MODULE/$option = $value
+
+or::
+
+ mgr/$MODULE/$MGRID/$option = $value
+
+For example,::
+
+ mgr/dashboard/server_port = 80
+ mgr/dashboard/foo/server_addr = 1.2.3.4
+ mgr/dashboard/bar/server_addr = 1.2.3.5
+
+
+Configuration
+=============
+
+Configuration options for clients and daemons are also stored in config-key.
+
+Keys take the form::
+
+ config/$option = $value
+ config/$type/$option = $value
+ config/$type.$id/$option = $value
+ config/$type.$id/$mask[/$mask2...]/$option = $value
+
+Where
+
+* `type` is a daemon type (`osd`, `mon`, `mds`, `mgr`, `client`)
+* `id` is a daemon id (e.g., `0`, `foo`), such that `$type.$id` is something like `osd.123` or `mds.foo`)
+* `mask` restricts who the option applies to, and can take two forms:
+
+ #. `$crush_type:$crush_value`. For example, `rack:foorack`
+ #. `class:$classname`, in reference to CRUSH device classes (e.g., `ssd`)