On Wed, Sep 27, 2017 at 12:09 AM, Travis Nielsen <Travis.Nielsen@xxxxxxxxxxx> wrote: > Is it possible to use the same cephx key for all instances of MDS or do > they each require their own? Mons require the same keyring so I tried > following the same pattern by creating a keyring with "mds.", but the MDS > is complaining about not being authorized when it tries to start. Am I > missing something or is this not possible for MDS keys? If I create a > unique key for each MDS instance it works fine, but it would simplify my > scenario if I could use the same key. I'm running on Luminous. I've never heard of anyone trying to do this. It's probably not a great idea, because if all MDS daemons are using the same key then you lose the ability to simply remove an MDS's key to ensure that it can't talk to the system any more. This is useful when tearing something down, because it means you're not taking it on faith that the daemon is really physically stopped. John > The key was generated with this: > ceph auth get-or-create-key mds. osd allow * mds allow mon allow profile > mds > > > > The keyring contents are: > [mds.] > key = AQD62spZw3zRGhAAkHHVokP3BDf8PEy4+vXGMg== > > > I run the following with that keyring: > ceph-mds --foreground --name=mds.mymds -i mymds > > And I see the error: > 2017-09-26 22:55:55.973047 7fb004459200 -1 mds.mds81c2n ERROR: failed to > authenticate: (22) Invalid argument > > > > Thanks, > Travis > > > -- > To unsubscribe from this list: send the line "unsubscribe ceph-devel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
