On Mon, Oct 13, 2014 at 4:04 PM, Wido den Hollander <wido@xxxxxxxx> wrote: > On 14-10-14 00:53, Anthony Alba wrote: >> Following the manual starter guide, I set up a Ceph cluster with HEALTH_OK, >> (1 mon, 2 osd). In testing out auth commands I misconfigured the >> client.admin key by accidentally deleting "mon 'allow *'". >> >> Now I'm getting EACESS denied for all ceph actions. >> >> Is there a way to recover or recreate a new client.admin key. >> > > You can disable cephx completely, fix the key and enable cephx again. > > auth_cluster_required, auth_service_required and auth_client_required > > Set it to 'none' and restart the monitors and OSDs. You can also inject > it through the admin socket if you want to. Mmm, I don't think that will work — Ceph still refers to the stored client capabilities; it just doesn't validate them. I *believe* if you grab the monitor key you can use that to make the necessary changes, though. Otherwise hacking at the monitor stores is an option. -Greg > >> Key was: >> >> client.admin >> key: ABCDEFG... >> caps: [mon] allow * >> caps: [osd] allow * >> >> Misconfigured >> key: ABCDEFG... >> caps: [osd] allow * >> >> ...now all ceph commands fail, so I'm not sure how to start fixing the >> key on the mons/osds. >> >> - anthony >> _______________________________________________ >> ceph-users mailing list >> ceph-users@xxxxxxxxxxxxxx >> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >> > > > -- > Wido den Hollander > 42on B.V. > > Phone: +31 (0)20 700 9902 > Skype: contact42on > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |