Re: Basic cephx configuration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

An update on this issue:
Explicitly setting the "keyring" parameter to its default value, in the client section, like this: 

[client.admin]
keyring = /etc/ceph/ceph.client.admin.keyring
solves the problem in the particular case when ONLY "auth_cluster_required" is set to "cephx", and the two remaining auth parameters are set to "none".
The documentation clearly states that "/etc/ceph/ceph.client.admin.keyring" is the default value of the "keyring" setting [1], so this looks like a bug. Should I report it on the tracker? (BTW, all of this is on v0.72.1.)
Also, does anyone have any idea about why this is not enough to enable the "auth_service_required" setting? That one still gives me the error: 

client.admin authentication error (95) Operation not supported

Best regards,

Nicolas Canceill
Scalable Storage Systems
SURFsara (Amsterdam, NL)

[1] http://ceph.com/docs/master/rados/configuration/auth-config-ref/#keys



On 11/29/2013 10:22 AM, nicolasc wrote:

Hello every one,
Just ran a fresh install of version Emperor on an empty cluster, and I am left clueless, trying to troubleshoot cephx. After ceph-deploy created the keys, I used ceph-authtool to generate the client.admin keyring and the monitor keyring, as indicated in the doc. The configuration is really out-of-the-box: 3 monitors, each with the keyring in /var/lib/ceph/mon/ceph-???/keyring, all keyrings have umask 644 and are owned by ceph.
However, no matter which combination of "auth_cluster_", "auth_service_", or "auth_client_required", is set to cephx; no matter either the keyring options like "-k" and "--id" on the command line. Authentication fails every time with: 

client.admin authentication error (95) Operation not supported
Error connecting to cluster: Error
A big thanks to any one who gives me a hint about what it means. (This message carries so little information, I feel it could be simply replaced by the "!" character.) I have looked in every ceph and system log file, nothing more. 

Best regards,

Nicolas Canceill
Scalable Storage Systems
SURFsara (Amsterdam, NL)

_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com


_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux