On 01/30/2013 08:21 AM, Wido den Hollander wrote:
Hi, Yesterday I ran into a weird situation where my libvirt RBD pool just wouldn't work. Turned out the credentials I was using only had rw permissions for OSDs instead of rwx or *. This caused rbd_open to fail, looking at librbd itself I understand why execute permissions are required to do so (locks, watches).
It's actually not the watches, but the general metadata stored in the header object (snapshots, locks, and for format 2 images everything else).
What is however the best way to detect if you don't have the required permissions?
rbd_open() should return -EPERM. From the cli, doing 'rbd info' will do this and tell you. The one case where you need more permissions (allow class-read object_prefix rbd_children) is when unprotecting a snapshot, which will fail with -EPERM when it is attempted. That only matters for format 2 images though.
This piece of code: http://libvirt.org/git/?p=libvirt.git;a=blob;f=src/storage/storage_backend_rbd.c;h=8a0e517502c482f23f01bc63e95f1dc210d711cd;hb=master#l215 I simply check if the open fails, but just "failed to open the RBD image" wasn't really that clear. I'd like to give a more useful error instead of that, but what error codes can I expect?
-EPERM for this case, others could be -EIO, -ENOSPC (since a watch is a write), -ENOENT, -ENOSYS (trying to open an image that librbd or the osds don't support), and possibly others I'm forgetting. Josh -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
