Thank you Josh. Have a great weekend. Dave Spano ----- Original Message ----- From: "Josh Durgin" <josh.durgin@xxxxxxxxxxx> To: "Dave Spano" <dspano@xxxxxxxxxxxxxx> Cc: "Greg Farnum" <greg@xxxxxxxxxxx>, "Sébastien Han" <han.sebastien@xxxxxxxxx>, "ceph-devel" <ceph-devel@xxxxxxxxxxxxxxx>, "Sage Weil" <sage@xxxxxxxxxxx>, "Wido den Hollander" <wido@xxxxxxxx>, "Sylvain Munaut" <s.munaut@xxxxxxxxxxxxxxxxxxxx>, "Samuel Just" <sam.just@xxxxxxxxxxx>, "Vladislav Gorbunov" <vadikgo@xxxxxxxxx> Sent: Friday, March 15, 2013 6:11:17 PM Subject: Re: rados cppool and Openstack Glance and Cinder On 03/15/2013 02:55 PM, Dave Spano wrote: > > During my journey of using rados cppool, which is an awesome feature by the way, I found an interesting behavior related to cephx. I wanted to share it for anyone else who may be using Openstack, that decides to rename, or copy a pool. > > My client.glance entry is currently set to this (with the exception of the key, of course): > > client.glance > key: punkrawk > caps: [mon] allow r > caps: [osd] allow class-read object_prefix rbd_children, allow rwx > > It was limited to the images pool based on the following example listed at http://ceph.com/docs/master/rbd/rbd-openstack/ : > > ceph auth get-or-create client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=images' > > client.glance > key: punkrawk > caps: [mon] allow r > caps: [osd] allow class-read object_prefix rbd_children, allow rwx pool=images > > > > What I found was that when I would create my pool as images-new or anything but images, then rename it to images I would have a problem. I could not even upload an image to an empty pool. > > I could, however; upload to the pool if I renamed the original to images-old, then created a brand new pool called images. > > My first guess is that there's a reference to the old name which would interfere whenever my client would try to use it with the client.glance keyring. I have not looked in the code yet, so I don't have any other concrete idea. Yeah, someone ran into this before, but apparently I hadn't finished creating the bug, so now there's http://tracker.ceph.com/issues/4471. Each pg includes its pool name in memory, and that isn't updated when the pool is renamed. Restarting the osd would refresh it, and creating a new pool creates entirely new pgs. > As soon as I lifted the pool restriction, as if by the power greyskull, I could upload, delete and take snapshots in the renamed pool. > > I believe this would be rather easy for anyone to reproduce with a test install of Openstack. No openstack needed, just any ceph client with a restriction based on pool name. > Just create pool named images-new. Rename it to images, then try to upload an image. It should fail. Remove the pool restriction, and it will work. Thanks for the detailed report! Josh -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
