1RADOSGW-ADMIN(8) Ceph RADOSGW-ADMIN(8)
2
6 radosgw-admin - rados REST gateway user administration utility
7
9 radosgw-admin command [ options ... ]
10
13 radosgw-admin is a RADOS gateway user administration utility. It allows
14 creating and modifying users.
15
17 radosgw-admin utility uses many commands for administration purpose
18 which are as follows:
19 user create
21 Create a new user.
22 user modify
24 Modify a user.
25 user info
27 Display information of a user, and any potentially available
28 subusers and keys.
29 user rename
31 Renames a user.
32 user rm
34 Remove a user.
35 user suspend
37 Suspend a user.
38 user enable
40 Re-enable user after suspension.
41 user check
43 Check user info.
44 user stats
46 Show user stats as accounted by quota subsystem.
47 user list
49 List all users.
50 caps add
52 Add user capabilities.
53 caps rm
55 Remove user capabilities.
56 subuser create
58 Create a new subuser (primarily useful for clients using the
59 Swift API).
60 subuser modify
62 Modify a subuser.
63 subuser rm
65 Remove a subuser.
66 key create
68 Create access key.
69 key rm Remove access key.
71 bucket list
73 List buckets, or, if bucket specified with --bucket=<bucket>,
74 list its objects. If bucket specified adding --allow-unordered
75 removes ordering requirement, possibly generating results more
76 quickly in buckets with large number of objects.
77 bucket limit check
79 Show bucket sharding stats.
80 bucket link
82 Link bucket to specified user.
83 bucket unlink
85 Unlink bucket from specified user.
86 bucket chown
88 Link bucket to specified user and update object ACLs. Use
89 --marker to resume if command gets interrupted.
90 bucket stats
92 Returns bucket statistics.
93 bucket rm
95 Remove a bucket.
96 bucket check
98 Check bucket index.
99 bucket rewrite
101 Rewrite all objects in the specified bucket.
102 bucket radoslist
104 List the rados objects that contain the data for all objects is
105 the designated bucket, if --bucket=<bucket> is specified, or
106 otherwise all buckets.
107 bucket reshard
109 Reshard a bucket.
110 bucket sync disable
112 Disable bucket sync.
113 bucket sync enable
115 Enable bucket sync.
116 bi get Retrieve bucket index object entries.
118 bi put Store bucket index object entries.
120 bi list
122 List raw bucket index entries.
123 bi purge
125 Purge bucket index entries.
126 object rm
128 Remove an object.
129 object stat
131 Stat an object for its metadata.
132 object unlink
134 Unlink object from bucket index.
135 object rewrite
137 Rewrite the specified object.
138 objects expire
140 Run expired objects cleanup.
141 period rm
143 Remove a period.
144 period get
146 Get the period info.
147 period get-current
149 Get the current period info.
150 period pull
152 Pull a period.
153 period push
155 Push a period.
156 period list
158 List all periods.
159 period update
161 Update the staging period.
162 period commit
164 Commit the staging period.
165 quota set
167 Set quota params.
168 quota enable
170 Enable quota.
171 quota disable
173 Disable quota.
174 global quota get
176 View global quota parameters.
177 global quota set
179 Set global quota parameters.
180 global quota enable
182 Enable a global quota.
183 global quota disable
185 Disable a global quota.
186 realm create
188 Create a new realm.
189 realm rm
191 Remove a realm.
192 realm get
194 Show the realm info.
195 realm get-default
197 Get the default realm name.
198 realm list
200 List all realms.
201 realm list-periods
203 List all realm periods.
204 realm rename
206 Rename a realm.
207 realm set
209 Set the realm info (requires infile).
210 realm default
212 Set the realm as default.
213 realm pull
215 Pull a realm and its current period.
216 zonegroup add
218 Add a zone to a zonegroup.
219 zonegroup create
221 Create a new zone group info.
222 zonegroup default
224 Set the default zone group.
225 zonegroup rm
227 Remove a zone group info.
228 zonegroup get
230 Show the zone group info.
231 zonegroup modify
233 Modify an existing zonegroup.
234 zonegroup set
236 Set the zone group info (requires infile).
237 zonegroup remove
239 Remove a zone from a zonegroup.
240 zonegroup rename
242 Rename a zone group.
243 zonegroup list
245 List all zone groups set on this cluster.
246 zonegroup placement list
248 List zonegroup's placement targets.
249 zonegroup placement add
251 Add a placement target id to a zonegroup.
252 zonegroup placement modify
254 Modify a placement target of a specific zonegroup.
255 zonegroup placement rm
257 Remove a placement target from a zonegroup.
258 zonegroup placement default
260 Set a zonegroup's default placement target.
261 zone create
263 Create a new zone.
264 zone rm
266 Remove a zone.
267 zone get
269 Show zone cluster params.
270 zone set
272 Set zone cluster params (requires infile).
273 zone modify
275 Modify an existing zone.
276 zone list
278 List all zones set on this cluster.
279 metadata sync status
281 Get metadata sync status.
282 metadata sync init
284 Init metadata sync.
285 metadata sync run
287 Run metadata sync.
288 data sync status
290 Get data sync status of the specified source zone.
291 data sync init
293 Init data sync for the specified source zone.
294 data sync run
296 Run data sync for the specified source zone.
297 sync error list
299 list sync error.
300 sync error trim
302 trim sync error.
303 zone rename
305 Rename a zone.
306 zone placement list
308 List zone's placement targets.
309 zone placement add
311 Add a zone placement target.
312 zone placement modify
314 Modify a zone placement target.
315 zone placement rm
317 Remove a zone placement target.
318 pool add
320 Add an existing pool for data placement.
321 pool rm
323 Remove an existing pool from data placement set.
324 pools list
326 List placement active set.
327 policy Display bucket/object policy.
329 log list
331 List log objects.
332 log show
334 Dump a log from specific object or (bucket + date + bucket-id).
335 (NOTE: required to specify formatting of date to
336 "YYYY-MM-DD-hh")
337 log rm Remove log object.
339 usage show
341 Show the usage information (with optional user and date range).
342 usage trim
344 Trim usage information (with optional user and date range).
345 gc list
347 Dump expired garbage collection objects (specify --include-all
348 to list all entries, including unexpired).
349 gc process
351 Manually process garbage.
352 lc list
354 List all bucket lifecycle progress.
355 lc process
357 Manually process lifecycle.
358 metadata get
360 Get metadata info.
361 metadata put
363 Put metadata info.
364 metadata rm
366 Remove metadata info.
367 metadata list
369 List metadata info.
370 mdlog list
372 List metadata log.
373 mdlog trim
375 Trim metadata log.
376 mdlog status
378 Read metadata log status.
379 bilog list
381 List bucket index log.
382 bilog trim
384 Trim bucket index log (use start-marker, end-marker).
385 datalog list
387 List data log.
388 datalog trim
390 Trim data log.
391 datalog status
393 Read data log status.
394 orphans find
396 Init and run search for leaked rados objects. DEPRECATED. See
397 the "rgw-orphan-list" tool.
398 orphans finish
400 Clean up search for leaked rados objects. DEPRECATED. See the
401 "rgw-orphan-list" tool.
402 orphans list-jobs
404 List the current job-ids for the orphans search. DEPRECATED.
405 See the "rgw-orphan-list" tool.
406 role create
408 create a new AWS role for use with STS.
409 role rm
411 Remove a role.
412 role get
414 Get a role.
415 role list
417 List the roles with specified path prefix.
418 role modify
420 Modify the assume role policy of an existing role.
421 role-policy put
423 Add/update permission policy to role.
424 role-policy list
426 List the policies attached to a role.
427 role-policy get
429 Get the specified inline policy document embedded with the given
430 role.
431 role-policy rm
433 Remove the policy attached to a role
434 reshard add
436 Schedule a resharding of a bucket
437 reshard list
439 List all bucket resharding or scheduled to be resharded
440 reshard process
442 Process of scheduled reshard jobs
443 reshard status
445 Resharding status of a bucket
446 reshard cancel
448 Cancel resharding a bucket
449
451 -c ceph.conf, --conf=ceph.conf
452 Use ceph.conf configuration file instead of the default
453 /etc/ceph/ceph.conf to determine monitor addresses during
454 startup.
455 -m monaddress[:port]
457 Connect to specified monitor (instead of looking through
458 ceph.conf).
459 --tenant=<tenant>
461 Name of the tenant.
462 --uid=uid
464 The radosgw user ID.
465 --new-uid=uid
467 ID of the new user. Used with 'user rename' command.
468 --subuser=<name>
470 Name of the subuser.
471 --access-key=<key>
473 S3 access key.
474 --email=email
476 The e-mail address of the user.
477 --secret/--secret-key=<key>
479 The secret key.
480 --gen-access-key
482 Generate random access key (for S3).
483 --gen-secret
485 Generate random secret key.
486 --key-type=<type>
488 key type, options are: swift, s3.
489 --temp-url-key[-2]=<key>
491 Temporary url key.
492 --max-buckets
494 max number of buckets for a user (0 for no limit, negative value
495 to disable bucket creation). Default is 1000.
496 --access=<access>
498 Set the access permissions for the sub-user. Available access
499 permissions are read, write, readwrite and full.
500 --display-name=<name>
502 The display name of the user.
503 --admin
505 Set the admin flag on the user.
506 --system
508 Set the system flag on the user.
509 --bucket=[tenant-id/]bucket
511 Specify the bucket name. If tenant-id is not specified, the
512 tenant-id of the user (--uid) is used.
513 --pool=<pool>
515 Specify the pool name. Also used with orphans find as data pool
516 to scan for leaked rados objects.
517 --object=object
519 Specify the object name.
520 --date=yyyy-mm-dd
522 The date in the format yyyy-mm-dd.
523 --start-date=yyyy-mm-dd
525 The start date in the format yyyy-mm-dd.
526 --end-date=yyyy-mm-dd
528 The end date in the format yyyy-mm-dd.
529 --bucket-id=<bucket-id>
531 Specify the bucket id.
532 --bucket-new-name=[tenant-id/]<bucket>
534 Optional for bucket link; use to rename a bucket.
536 While tenant-id/ can be specified, this is never neces‐
537 sary for normal operation.
538 --shard-id=<shard-id>
540 Optional for mdlog list, bi list, data sync status. Required for
541 mdlog trim.
542 --max-entries=<entries>
544 Optional for listing operations to specify the max entires
545 --purge-data
547 When specified, user removal will also purge all the user data.
548 --purge-keys
550 When specified, subuser removal will also purge all the subuser
551 keys.
552 --purge-objects
554 When specified, the bucket removal will also purge all objects
555 in it.
556 --metadata-key=<key>
558 Key to retrieve metadata from with metadata get.
559 --remote=<remote>
561 Zone or zonegroup id of remote gateway.
562 --period=<id>
564 Period id.
565 --url=<url>
567 url for pushing/pulling period or realm.
568 --epoch=<number>
570 Period epoch.
571 --commit
573 Commit the period during 'period update'.
574 --staging
576 Get the staging period info.
577 --master
579 Set as master.
580 --master-zone=<id>
582 Master zone id.
583 --rgw-realm=<name>
585 The realm name.
586 --realm-id=<id>
588 The realm id.
589 --realm-new-name=<name>
591 New name of realm.
592 --rgw-zonegroup=<name>
594 The zonegroup name.
595 --zonegroup-id=<id>
597 The zonegroup id.
598 --zonegroup-new-name=<name>
600 The new name of the zonegroup.
601 --rgw-zone=<zone>
603 Zone in which radosgw is running.
604 --zone-id=<id>
606 The zone id.
607 --zone-new-name=<name>
609 The new name of the zone.
610 --source-zone
612 The source zone for data sync.
613 --default
615 Set the entity (realm, zonegroup, zone) as default.
616 --read-only
618 Set the zone as read-only when adding to the zonegroup.
619 --placement-id
621 Placement id for the zonegroup placement commands.
622 --tags=<list>
624 The list of tags for zonegroup placement add and modify com‐
625 mands.
626 --tags-add=<list>
628 The list of tags to add for zonegroup placement modify command.
629 --tags-rm=<list>
631 The list of tags to remove for zonegroup placement modify com‐
632 mand.
633 --endpoints=<list>
635 The zone endpoints.
636 --index-pool=<pool>
638 The placement target index pool.
639 --data-pool=<pool>
641 The placement target data pool.
642 --data-extra-pool=<pool>
644 The placement target data extra (non-ec) pool.
645 --placement-index-type=<type>
647 The placement target index type (normal, indexless, or #id).
648 --tier-type=<type>
650 The zone tier type.
651 --tier-config=<k>=<v>[,...]
653 Set zone tier config keys, values.
654 --tier-config-rm=<k>[,...]
656 Unset zone tier config keys.
657 --sync-from-all[=false]
659 Set/reset whether zone syncs from all zonegroup peers.
660 --sync-from=[zone-name][,...]
662 Set the list of zones to sync from.
663 --sync-from-rm=[zone-name][,...]
665 Remove the zones from list of zones to sync from.
666 --bucket-index-max-shards
668 Override a zone's or zonegroup's default number of bucket index
669 shards. This option is accepted by the 'zone create', 'zone mod‐
670 ify', 'zonegroup add', and 'zonegroup modify' commands, and
671 applies to buckets that are created after the zone/zonegroup
672 changes take effect.
673 --fix Besides checking bucket index, will also fix it.
675 --check-objects
677 bucket check: Rebuilds bucket index according to actual objects
678 state.
679 --format=<format>
681 Specify output format for certain operations. Supported formats:
682 xml, json.
683 --sync-stats
685 Option for 'user stats' command. When specified, it will update
686 user stats with the current stats reported by user's buckets
687 indexes.
688 --show-log-entries=<flag>
690 Enable/disable dump of log entries on log show.
691 --show-log-sum=<flag>
693 Enable/disable dump of log summation on log show.
694 --skip-zero-entries
696 Log show only dumps entries that don't have zero value in one of
697 the numeric field.
698 --infile
700 Specify a file to read in when setting data.
701 --categories=<list>
703 Comma separated list of categories, used in usage show.
704 --caps=<caps>
706 List of caps (e.g., "usage=read, write; user=read".
707 --compression=<compression-algorithm>
709 Placement target compression algorithm (lz4|snappy|zlib|zstd)
710 --yes-i-really-mean-it
712 Required for certain operations.
713 --min-rewrite-size
715 Specify the min object size for bucket rewrite (default 4M).
716 --max-rewrite-size
718 Specify the max object size for bucket rewrite (default
719 ULLONG_MAX).
720 --min-rewrite-stripe-size
722 Specify the min stripe size for object rewrite (default 0). If
723 the value is set to 0, then the specified object will always be
724 rewritten for restriping.
725 --warnings-only
727 When specified with bucket limit check, list only buckets near‐
728 ing or over the current max objects per shard value.
729 --bypass-gc
731 When specified with bucket deletion, triggers object deletions
732 by not involving GC.
733 --inconsistent-index
735 When specified with bucket deletion and bypass-gc set to true,
736 ignores bucket index consistency.
737 --max-concurrent-ios
739 Maximum concurrent ios for bucket operations. Affects operations
740 that scan the bucket index, e.g., listing, deletion, and all
741 scan/search operations such as finding orphans or checking the
742 bucket index. Default is 32.
743
745 --max-objects
746 Specify max objects (negative value to disable).
747 --max-size
749 Specify max size (in B/K/M/G/T, negative value to disable).
750 --quota-scope
752 The scope of quota (bucket, user).
753
755 --num-shards
756 Number of shards to use for keeping the temporary scan info
757 --orphan-stale-secs
759 Number of seconds to wait before declaring an object to be an
760 orphan. Default is 86400 (24 hours).
761 --job-id
763 Set the job id (for orphans find)
764
766 --extra-info
767 Provide extra info in the job list.
768
770 --role-name
771 The name of the role to create.
772 --path The path to the role.
774 --assume-role-policy-doc
776 The trust relationship policy document that grants an entity
777 permission to assume the role.
778 --policy-name
780 The name of the policy document.
781 --policy-doc
783 The permission policy document.
784 --path-prefix
786 The path prefix for filtering the roles.
787
789 Generate a new user:
790 $ radosgw-admin user create --display-name="johnny rotten" --uid=johnny
792 { "user_id": "johnny",
793 "rados_uid": 0,
794 "display_name": "johnny rotten",
795 "email": "",
796 "suspended": 0,
797 "subusers": [],
798 "keys": [
799 { "user": "johnny",
800 "access_key": "TCICW53D9BQ2VGC46I44",
801 "secret_key": "tfm9aHMI8X76L3UdgE+ZQaJag1vJQmE6HDb5Lbrz"}],
802 "swift_keys": []}
803 Remove a user:
805 $ radosgw-admin user rm --uid=johnny
807 Rename a user:
809 $ radosgw-admin user rename --uid=johny --new-uid=joe
811 Remove a user and all associated buckets with their contents:
813 $ radosgw-admin user rm --uid=johnny --purge-data
815 Remove a bucket:
817 $ radosgw-admin bucket rm --bucket=foo
819 Link bucket to specified user:
821 $ radosgw-admin bucket link --bucket=foo --bucket_id=<bucket id> --uid=johnny
823 Unlink bucket from specified user:
825 $ radosgw-admin bucket unlink --bucket=foo --uid=johnny
827 Rename a bucket:
829 $ radosgw-admin bucket link --bucket=foo --bucket-new-name=bar --uid=johnny
831 Move a bucket from the old global tenant space to a specified tenant:
833 $ radosgw-admin bucket link --bucket=/foo --uid=12345678$12345678'
835 Link bucket to specified user and change object ACLs:
837 $ radosgw-admin bucket chown --bucket=/foo --uid=12345678$12345678'
839 Show the logs of a bucket from April 1st, 2012:
841 $ radosgw-admin log show --bucket=foo --date=2012-04-01-01 --bucket-id=default.14193.1
843 Show usage information for user from March 1st to (but not including)
845 April 1st, 2012:
846 $ radosgw-admin usage show --uid=johnny \
848 --start-date=2012-03-01 --end-date=2012-04-01
849 Show only summary of usage information for all users:
851 $ radosgw-admin usage show --show-log-entries=false
853 Trim usage information for user until March 1st, 2012:
855 $ radosgw-admin usage trim --uid=johnny --end-date=2012-04-01
857
859 radosgw-admin is part of Ceph, a massively scalable, open-source, dis‐
860 tributed storage system. Please refer to the Ceph documentation at
861 http://ceph.com/docs for more information.
862
864 ceph(8) radosgw(8)
865
867 2010-2021, Inktank Storage, Inc. and contributors. Licensed under Cre‐
868 ative Commons Attribution Share Alike 3.0 (CC-BY-SA-3.0)
869dev Mar 18, 2021 RADOSGW-ADMIN(8)