ceph-authtool is a utility to create, view, and modify a Ceph keyring file. A keyring file stores one or more Ceph authentication keys and possibly an associated capability specification. Each key is associated with an entity name, of the form {client,mon,mds,osd}.name.

-l, --list will list all keys and capabilities present in the keyring
-p, --print-key will print an encoded key for the specified entityname. This is suitable for the 'mount -o secret=..' argument
-C, --create-keyring will create a new keyring, overwriting any existing keyringfile
-g, --gen-key will generate a new secret key for the specified entityname
--gen-print-key will generate a new secret key without set it to the keyringfile, prints the secret to stdout
--import-keyring FILE will import the content of a given keyring into the keyringfile
-n NAME, --name NAME specify entityname to operate on
-a BASE64, --add-key BASE64 will add an encoded key to the keyring
--cap SUBSYSTEM CAPABILITY will set the capability for given subsystem
--caps CAPSFILE will set all of capabilities associated with a given key, for all subsystems
--mode MODE will set the desired file mode to the keyring e.g: '0644', defaults to '0600'

EXAMPLE
To create a new keyring containing a key for client.foo with a 0644 file mode:

      ceph-authtool -C -n client.foo --gen-key keyring --mode 0644

   To associate some capabilities with the key (namely, the ability to mount a Ceph file system):

      ceph-authtool -n client.foo --cap mds 'allow' --cap osd 'allow rw pool=data' --cap mon 'allow r' keyring

   To display the contents of the keyring:

      ceph-authtool -l keyring

   When mounting a Ceph file system, you can grab the appropriately encoded secret key with:

      mount -t ceph serverhost:/ mountpoint -o name=foo,secret=`ceph-authtool -p -n client.foo keyring`

monmaptool is a utility to create, view, and modify a monitor cluster map for the Ceph distributed storage system. The monitor map specifies the only fixed addresses in the Ceph distributed system. All other daemons bind to arbitrary addresses and register them‐selves with the monitors.
When creating a map with --create, a new monitor map with a new, random UUID will be created. It should be followed by one or more mon‐itor addresses. The default Ceph monitor port is 6789.