Ok thanks : mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=kvm1, allow rx pool=templates' seems to be enough. One more question about RBD layering : I've made a clone (child) in my pool 'kvm' from my protected snapshot in my pool 'template' and after launching my vm, the whole fs is read-only. Am I wrong thinking the protected snapshot acts like the base image and additional data will be store in the clone ? >Objet?: Re: [ceph-users] RBD layering On 07/02/2014 10:08 AM, NEVEU Stephane wrote: >> Hi all, >> >> I'm missing around with "rbd layering" to store some ready-to-use >> templates (format 2) in a template pool : >> >> /Rbd -p templates ls/ >> >> /Ubuntu1404/ >> >> /Centos6/ >> >> /./ >> >> // >> >> /Rbd snap create templates/Ubuntu1404 at Ubuntu1404-snap-protected/ >> >> /Rbd snap protect templates/Ubuntu1404 at Ubuntu1404-snap-protected/ >> >> /Rbd clone templates/Ubuntu1404 at Ubuntu1404-snap-protected >> kvm1/Ubuntu1404-snap-protected-children/ >> >> My libvirt key is created with : >> >> /Ceph auth get-or-create client.kvm1 mon 'allow r' osd 'allow >>class-read object_prefix rbd_children, allow rwx pool=kvm1, allow r >>pool=templates'/ >> >> // >> >> But read permission for the pool 'templates' seems to be not enough, >> libvirt is complaining "RBD cannot access the rbd disk >> kvm1/Ubuntu1404-snap-protected-children" so : >> >> /Ceph auth get-or-create client.kvm1 mon 'allow r' osd 'allow >> class-read object_prefix rbd_children, allow rwx pool=kvm1, allow >> *rwx* pool=templates'/ >> >I think that rx should be enough instead of rwx. Could you try that? >Wido Hi Wido, thank you: I'm trying this : Ceph auth get-or-create client.kvm1 mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=kvm1, allow rx pool=templates' Error EIVAL: key for client.kvm1 exists but cap osd does not match Is there another way to directly modify caps ? or do I need to suppress the key and re-create it ? > // > > It's actually working but it's probably a bit too much, because I > don't want people to be able to modify the parent template so do I > have a better choice ? > > Libvirt seems to be happier but this clone is read-only and I want now > people to use this OS image as a base file and write differences in a > backing file (like with qemu . -b .). > > How can I do such a thing ? or maybe I'm doing it in a wrong way. any help ? Am I clear enough here ? > > Thanks > > > > _______________________________________________ > ceph-users mailing list > ceph-users at lists.ceph.com > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > -- Wido den Hollander 42on B.V. Ceph trainer and consultant Phone: +31 (0)20 700 9902 Skype: contact42on _______________________________________________ ceph-users mailing list ceph-users at lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users at lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |