Hi, sorry for the late response, your message landed in the spam folder and I found it just now. # ceph mds dump dumped mdsmap epoch 32 epoch 32 flags 0 created 2015-07-11 23:46:04.963071 modified 2015-07-23 17:43:27.198951 tableserver 0 root 0 session_timeout 60 session_autoclose 300 max_file_size 1099511627776 last_failure 14 last_failure_osd_epoch 3748 compat compat={},rocompat={},incompat={1=base v0.20,2=client writeable ranges,3=default file layouts on dirs,4=dir inode in separate object,5=mds uses versioned encoding,6=dirfrag is stored in omap,8=no anchor table} max_mds 1 in 0 up {0=204141} failed stopped data_pools 3 metadata_pool 4 inline_data disabled 204147: 192.168.122.15:6800/596 'cephmds02' mds.-1.0 up:standby seq 1 204141: 192.168.122.14:6800/597 'cephmds01' mds.0.5 up:active seq 6 # ceph osd lspools 0 rbd,1 libvirt-pool,3 cephfs_data,4 cephfs_metadata, # ceph auth list installed auth entries: client.cephfs key: AQBnQ6JV7g6eMBAAc2ROVrNGccUiLXL4WfOxyg== caps: [mds] allow caps: [mon] allow r caps: [osd] allow class-read object_prefix rbd_children, allow rwx pool=cephfs_data This key works well on an Ubuntu machine mounting cephfs using the kernel module I use the following systemd service to mount cephfs install@cephsmb01:~$ cat /etc/systemd/system/cephfs.service [Unit] Description=mount -t ceph cephmon01:/simpana/DR-Backup /samba/DRBAckup After=network.target ConditionPathIsDirectory=/samba/DRBAckup [Install] RequiredBy=smbd.service [Service] Type=oneshot RemainAfterExit=yes ExecStart=/sbin/mount.ceph 'cephmon01,cephmon02,cephmon03:/simpana/DR-Backup' /samba/DRBAckup -o 'name=cephfs,secretfile=/etc/ceph/cephfs.key,noatime' ExecStop=/bin/umount /samba/DRBAckup But the key doesn't work on SuSE Linux using ceph-fuse I use the following systemd service to mount cephfs cvtmedia01:/etc/ceph # cat /etc/systemd/system/simpana_Library.service [Unit] Description=mount -t ceph cephmon01:/simpana/B2D /opt/simpana/Data After=network.target #RequiresMountsFor ConditionPathIsDirectory=/opt/simpana/Data [Install] WantedBy=remote-fs.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/usr/bin/ceph-fuse -r /simpana/B2D /opt/simpana/Data ExecStop=/bin/umount /opt/simpana/Data cvtmedia01:/etc/ceph # ls -l total 16 -rw-r--r-- 1 root root 192 Jul 24 17:17 ceph.client.cephfs.keyring -rw-r--r-- 1 root root 267 Jul 20 17:17 ceph.conf -rw-r--r-- 1 root root 63 Jul 20 17:17 delete.ceph.client.admin.keyring -rw-r--r-- 1 root root 92 Jul 20 17:17 rbdmap cvtmedia01:/etc/ceph # /usr/bin/ceph-fuse -r /simpana/B2D /opt/simpana/Data ceph-fuse[4633]: starting ceph client2015-07-24 17:20:00.512462 7f8d71a3d780 -1 init, newargv = 0x3c9db30 newargc=11 2015-07-24 17:20:00.513334 7f8d71a3d780 -1 monclient(hunting): ERROR: missing keyring, cannot use cephx for authentication ceph-fuse[4633]: ceph mount failed with (2) No such file or directory ceph-fuse[4631]: mount failed: (2) No such file or directory cvtmedia01:/etc/ceph # ln -s ceph.client.cephfs.keyring ceph.keyring cvtmedia01:/etc/ceph # ls -l total 16 -rw-r--r-- 1 root root 192 Jul 24 17:17 ceph.client.cephfs.keyring -rw-r--r-- 1 root root 267 Jul 20 17:17 ceph.conf lrwxrwxrwx 1 root root 26 Jul 24 17:21 ceph.keyring -> ceph.client.cephfs.keyring -rw-r--r-- 1 root root 63 Jul 20 17:17 delete.ceph.client.admin.keyring -rw-r--r-- 1 root root 92 Jul 20 17:17 rbdmap cvtmedia01:/etc/ceph # /usr/bin/ceph-fuse -r /simpana/B2D /opt/simpana/Data ceph-fuse[4662]: starting ceph client 2015-07-24 17:21:16.890136 7fdc7595e780 -1 init, newargv = 0x2b87b30 newargc=11 ceph-fuse[4662]: ceph mount failed with (1) Operation not permitted ceph-fuse[4660]: mount failed: (1) Operation not permitted cvtmedia01:/etc/ceph # Client Info cvtmedia01:~ # cat /etc/os-release NAME="SLES" VERSION="12" VERSION_ID="12" PRETTY_NAME="SUSE Linux Enterprise Server 12" ID="sles" ANSI_COLOR="0;32" CPE_NAME="cpe:/o:suse:sles:12" cvtmedia01:~ # uname -a Linux cvtmedia01 3.12.43-52.6-default #1 SMP Wed May 20 12:44:39 UTC 2015 (fc0ceac) x86_64 x86_64 x86_64 GNU/Linux cvtmedia01:~ # cat /var/log/ceph/ceph-client.admin.log 2015-07-24 17:20:00.510156 7f8d71a3d780 0 ceph version 0.94-217-g31f1afb (31f1afb873c9d086bdf4f97297c2603fde277d7d), process ceph-fuse, pid 4631 2015-07-24 17:20:00.512462 7f8d71a3d780 -1 init, newargv = 0x3c9db30 newargc=11 2015-07-24 17:20:00.513334 7f8d71a3d780 -1 monclient(hunting): ERROR: missing keyring, cannot use cephx for authentication 2015-07-24 17:21:16.886363 7fdc7595e780 0 ceph version 0.94-217-g31f1afb (31f1afb873c9d086bdf4f97297c2603fde277d7d), process ceph-fuse, pid 4660 2015-07-24 17:21:16.890136 7fdc7595e780 -1 init, newargv = 0x2b87b30 newargc=11 > -----Original Message----- > From: john.spray@xxxxxxxxxx > Sent: Mon, 13 Jul 2015 09:11:29 +0100 > To: boomerb@xxxxxxxxx, ceph-users@xxxxxxxxxxxxxx > Subject: Re: cephfs without admin key > > Yes: clients need an MDS key that says "allow", and an OSD key that > permits it access to the RADOS pool you're using as your CephFS data > pool. > > If you're already trying that and getting an error, please post the caps > you're using. > > Thanks, > John > > > On 12/07/2015 14:12, Bernhard Duebi wrote: >> Hi, >> >> I'm new to ceph. I setup a small cluster and successfully connected >> kvm/qemu to use block devices. Now I'm experimenting with CephFS. I use >> ceph-fuse on SLES12 (ceph 0.94). I can mount the file-system and write >> to it, but only when the admin keyring is present, which gives the FS >> client full admin privileges. >> For kvm/qemu I can limit the privileges by creating key with limited >> privileges. I was googling if the same is possible for CephFS. I found >> some answers but none of them work because I always get "permission >> denied". >> >> Any hints how the key should look like? >> >> Thanks >> Bernhard >> >> ____________________________________________________________ >> FREE 3D MARINE AQUARIUM SCREENSAVER - Watch dolphins, sharks & orcas on >> your desktop! >> Check it out at http://www.inbox.com/marineaquarium >> >> >> _______________________________________________ >> ceph-users mailing list >> ceph-users@xxxxxxxxxxxxxx >> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com ____________________________________________________________ Can't remember your password? Do you need a strong and secure password? Use Password manager! It stores your passwords & protects your account. Check it out at http://mysecurelogon.com/password-manager _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com