>>> tombo <tombo@xxxxxx> schrieb am Dienstag, 9. Juni 2015 um 21:44: > > Hello guys, > Hi tombo, that seem's to be related to http://tracker.ceph.com/issues/4282. We had the same effects but limited by 1 hour. After that the authentication works again. When increasing the log level when the problem apears you'll see that the clients key rotation seems to be the problem. It tries to connect with old key which is no longer valid. > today we had one storage (19xosd) down for 4 hours > and now we are observing different problems and when I tried to restart > one osd, I got error related to cephx > > 2015-06-09 21:09:49.983522 > 7fded00c7700 0 auth: could not find secret_id=6238 > 2015-06-09 > 21:09:49.983585 7fded00c7700 0 cephx: verify_authorizer could not get > service secret for service osd secret_id=6238 > 2015-06-09 21:09:49.983595 > 7fded00c7700 0 -- X.X.X.32:6808/728850 >> X.X.X.32:6852/1474277 > pipe(0x7fdf47291200 sd=90 :6808 s=0 p > gs=0 cs=0 l=0 > c=0x7fdf33340940).accept: got bad authorizer > What does the ceph client X.X.X.32 use? A kernel based rbd or qemu. In case of kernel rbd did you change the kernel on X.X.X.32? > configuration is > > auth > cluster required = cephx > auth service required = none > auth client > required = none > > So as I understand, it is not possible to disable whole > auth on fly...so it is possible to renew key for osd to see if it helps? > If yes, how? Remove old with > > ceph auth del osd.{osd-num} and generate > new ceph auth add osd.{osd-num} osd 'allow *' mon 'allow rwx' -i > /var/lib/ceph/osd/ceph-{osd-num}/keyring ? And I don't want to loose > that osd data ( as usually, nobody wants :) ) > > Thanks for help. Regards Steffen -- Klinik-Service Neubrandenburg GmbH Allendestr. 30, 17036 Neubrandenburg Amtsgericht Neubrandenburg, HRB 2457 Geschaeftsfuehrerin: Gudrun Kappich _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |