And to answer my own question, I was missing a meaningful error message: what the ObjectNotFound exception I got from librados didn't tell me was that I didn't have the images keyring file in /etc/ceph/ on my compute node. After 'ceph auth get-or-create client.images > /etc/ceph/ceph.client.images.keyring' and reverting images caps back to original state, it all works! On Tue, Nov 12, 2013 at 12:19 PM, Dmitry Borodaenko <dborodaenko@xxxxxxxxxxxx> wrote: > I can get ephemeral storage for Nova to work with RBD backend, but I > don't understand why it only works with the admin cephx user? With a > different user starting a VM fails, even if I set its caps to 'allow > *'. > > Here's what I have in nova.conf: > libvirt_images_type=rbd > libvirt_images_rbd_pool=images > rbd_secret_uuid=fd9a11cc-6995-10d7-feb4-d338d73a4399 > rbd_user=images > > The secret UUID is defined following the same steps as for Cinder and Glance: > http://ceph.com/docs/master/rbd/libvirt/ > > BTW rbd_user option doesn't seem to be documented anywhere, is that a > documentation bug? > > And here's what 'ceph auth list' tells me about my cephx users: > > client.admin > key: AQCoSX1SmIo0AxAAnz3NffHCMZxyvpz65vgRDg== > caps: [mds] allow > caps: [mon] allow * > caps: [osd] allow * > client.images > key: AQC1hYJS0LQhDhAAn51jxI2XhMaLDSmssKjK+g== > caps: [mds] allow > caps: [mon] allow * > caps: [osd] allow * > client.volumes > key: AQALSn1ScKruMhAAeSETeatPLxTOVdMIt10uRg== > caps: [mon] allow r > caps: [osd] allow class-read object_prefix rbd_children, allow > rwx pool=volumes, allow rx pool=images > > Setting rbd_user to images or volumes doesn't work. > > What am I missing? > > Thanks, > > -- > Dmitry Borodaenko -- Dmitry Borodaenko _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |