On Sun, Jul 22, 2012 at 2:04 PM, Jonathan Proulx <jon@xxxxxxxxxxxxx> wrote: > On Sun, Jul 22, 2012 at 12:31 PM, Yehuda Sadeh <yehuda@xxxxxxxxxxx> wrote: >> On Sun, Jul 22, 2012 at 8:46 AM, Jonathan Proulx <jon@xxxxxxxxxxxxx> wrote: > >>> are these the right capabilities for that user >>> (http://ceph.com/docs/master/radosgw/config suggests they are)? >>> >>> client.rados.gateway >>> key: <redacted> >>> caps: [mon] allow r >>> caps: [osd] allow rwx >> >> I think the radosgw needs the 'w' cap for the monitor for >> automatically creating the rados pools. Though it may be that you'd be >> better off creating the pools yourself with the required amount of pgs >> than letting it do that by itself, as the default number of pgs that >> will be created is very low. >>> ceph.conf points to /etc/ceph/keyring.rados.gateway which has is >>> readable and has matching key >>> >> Try running 'ceph auth list' and see if you see the auth info for that >> user. If not then you'll need to 'ceph auth add' that keyring. > > 'ceph auth list' is where I got the capabilites list, though the > keyring file above list the same caps > > Hmmm, how do I change the capabilities of a key, that doc section is > blank http://ceph.com/docs/master/ops/manage/key/#capabilities. I > tried "ceph-authtool -n client.rados.gateway --cap osd 'allow rwx' > --cap mon 'allow rw' /etc/ceph/keyring.rados.gateway" which changed > the keyfile but not the output of "ceph auth list" > > And radosgw is still exiting with an auth error... > > root@ceph-mon:/tmp/rbd# /etc/init.d/radosgw restart > No /usr/bin/radosgw found running; none killed. > Starting client.radosgw.gateway... You're starting radosgw with user 'client.radosgw.gateway', whereas the key is for user 'client.rados.gateway'. Yehuda -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
