Thanks Jason! I've tried to capture this in our docs, here: https://github.com/ceph/ceph/pull/10542 When that's nailed down, we can get a fix into ceph-ansible as well. - Ken On Tue, Aug 2, 2016 at 7:19 AM, Jason Dillaman <jdillama@xxxxxxxxxx> wrote: > Our documented process is to create a new cephx user (e.g. > client.libvirt) and libvirt / QEMU will then use that client (and its > configuration file settings) since you probably don't want to be > running with admin credentials [1]. You can create a "[client]" > section as a catch-all in addition to user-specific sections like > "[client.libvirt]". > > [1] http://docs.ceph.com/docs/master/rbd/libvirt/ > > On Mon, Aug 1, 2016 at 4:18 PM, Gregory Farnum <gfarnum@xxxxxxxxxx> wrote: >> On Mon, Aug 1, 2016 at 12:25 PM, Ken Dreyer <kdreyer@xxxxxxxxxx> wrote: >>> With the new unprivileged user support in Jewel, I'm seeing some >>> issues with logging and file permissions. >>> >>> ceph-ansible always configures client logging on every cluster node, like so: >>> >>> [client] >>> log file = /var/log/ceph/qemu-guest-$pid.log >>> >>> As a result, every single client command (eg "ceph health") will >>> create a new root-owned "qemu-guest-$pid" log file (which leads to >>> issues with logrotate failing to rotate the root-owned files in the >>> diretory...) >>> >>> It's clear we need to remove that bit from the ceph.conf files that >>> ceph-ansible writes, but I'm wondering what it *should* be? >>> >>> Is there a more granular way to configure Ceph so that we only log >>> qemu/librbd interactions to qemu-guest-$pid, rather than all client >>> logs? >> >> I don't know the full toolchain these all use (is this for teuthology >> or a wider thing?), but generally: >> * you can specify different config files on the command line when the >> client starts >> * you can specify override config values of any kind on the command >> line when a client starts >> * I believe that QEMU/KVM configs for CephFS let you specify config >> values independently >> * I think(?) you can specify config "sections" based on specific >> client IDs, not just the [client] type >> >> So I'd look into whichever of those options is most convenient. :) >> -Greg >> -- >> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html > > > > -- > Jason -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
