Re: cephfs without admin key

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

sorry for the late response, your message landed in the spam folder and I found it just now.



# ceph mds dump
dumped mdsmap epoch 32
epoch   32
flags   0
created 2015-07-11 23:46:04.963071
modified        2015-07-23 17:43:27.198951
tableserver     0
root    0
session_timeout 60
session_autoclose       300
max_file_size   1099511627776
last_failure    14
last_failure_osd_epoch  3748
compat  compat={},rocompat={},incompat={1=base v0.20,2=client writeable ranges,3=default file layouts on dirs,4=dir inode in separate object,5=mds uses versioned encoding,6=dirfrag is stored in omap,8=no anchor table}
max_mds 1
in      0
up      {0=204141}
failed
stopped
data_pools      3
metadata_pool   4
inline_data     disabled
204147: 192.168.122.15:6800/596 'cephmds02' mds.-1.0 up:standby seq 1
204141: 192.168.122.14:6800/597 'cephmds01' mds.0.5 up:active seq 6

# ceph osd lspools
0 rbd,1 libvirt-pool,3 cephfs_data,4 cephfs_metadata,


# ceph auth list
installed auth entries:
 
client.cephfs
        key: AQBnQ6JV7g6eMBAAc2ROVrNGccUiLXL4WfOxyg==
        caps: [mds] allow
        caps: [mon] allow r
        caps: [osd] allow class-read object_prefix rbd_children, allow rwx pool=cephfs_data


This key works well on an Ubuntu machine mounting cephfs using the kernel module
I use the following systemd service to mount cephfs


install@cephsmb01:~$ cat /etc/systemd/system/cephfs.service
[Unit]
Description=mount -t ceph cephmon01:/simpana/DR-Backup /samba/DRBAckup
After=network.target
ConditionPathIsDirectory=/samba/DRBAckup
 
[Install]
RequiredBy=smbd.service
 
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/sbin/mount.ceph 'cephmon01,cephmon02,cephmon03:/simpana/DR-Backup' /samba/DRBAckup -o 'name=cephfs,secretfile=/etc/ceph/cephfs.key,noatime'
ExecStop=/bin/umount /samba/DRBAckup
 

But the key doesn't work on SuSE Linux using ceph-fuse
I use the following systemd service to mount cephfs
 
 
cvtmedia01:/etc/ceph # cat /etc/systemd/system/simpana_Library.service
[Unit]
Description=mount -t ceph cephmon01:/simpana/B2D /opt/simpana/Data
After=network.target
#RequiresMountsFor
ConditionPathIsDirectory=/opt/simpana/Data
 
[Install]
WantedBy=remote-fs.target
 
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/ceph-fuse -r /simpana/B2D /opt/simpana/Data
ExecStop=/bin/umount /opt/simpana/Data

 
cvtmedia01:/etc/ceph # ls -l
total 16
-rw-r--r-- 1 root root 192 Jul 24 17:17 ceph.client.cephfs.keyring
-rw-r--r-- 1 root root 267 Jul 20 17:17 ceph.conf
-rw-r--r-- 1 root root  63 Jul 20 17:17 delete.ceph.client.admin.keyring
-rw-r--r-- 1 root root  92 Jul 20 17:17 rbdmap
 
cvtmedia01:/etc/ceph # /usr/bin/ceph-fuse -r /simpana/B2D /opt/simpana/Data
ceph-fuse[4633]: starting ceph client2015-07-24 17:20:00.512462 7f8d71a3d780 -1
init, newargv = 0x3c9db30 newargc=11
2015-07-24 17:20:00.513334 7f8d71a3d780 -1 monclient(hunting): ERROR: missing keyring, cannot use cephx for authentication
ceph-fuse[4633]: ceph mount failed with (2) No such file or directory
ceph-fuse[4631]: mount failed: (2) No such file or directory

cvtmedia01:/etc/ceph # ln -s ceph.client.cephfs.keyring ceph.keyring
cvtmedia01:/etc/ceph # ls -l
total 16
-rw-r--r-- 1 root root 192 Jul 24 17:17 ceph.client.cephfs.keyring
-rw-r--r-- 1 root root 267 Jul 20 17:17 ceph.conf
lrwxrwxrwx 1 root root  26 Jul 24 17:21 ceph.keyring -> ceph.client.cephfs.keyring
-rw-r--r-- 1 root root  63 Jul 20 17:17 delete.ceph.client.admin.keyring
-rw-r--r-- 1 root root  92 Jul 20 17:17 rbdmap

cvtmedia01:/etc/ceph # /usr/bin/ceph-fuse -r /simpana/B2D /opt/simpana/Data
ceph-fuse[4662]: starting ceph client
2015-07-24 17:21:16.890136 7fdc7595e780 -1 init, newargv = 0x2b87b30 newargc=11
ceph-fuse[4662]: ceph mount failed with (1) Operation not permitted
ceph-fuse[4660]: mount failed: (1) Operation not permitted
cvtmedia01:/etc/ceph #


Client Info

cvtmedia01:~ # cat /etc/os-release
NAME="SLES"
VERSION="12"
VERSION_ID="12"
PRETTY_NAME="SUSE Linux Enterprise Server 12"
ID="sles"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:suse:sles:12"

cvtmedia01:~ # uname -a
Linux cvtmedia01 3.12.43-52.6-default #1 SMP Wed May 20 12:44:39 UTC 2015 (fc0ceac) x86_64 x86_64 x86_64 GNU/Linux

cvtmedia01:~ # cat /var/log/ceph/ceph-client.admin.log
2015-07-24 17:20:00.510156 7f8d71a3d780  0 ceph version 0.94-217-g31f1afb (31f1afb873c9d086bdf4f97297c2603fde277d7d), process ceph-fuse, pid 4631
2015-07-24 17:20:00.512462 7f8d71a3d780 -1 init, newargv = 0x3c9db30 newargc=11
2015-07-24 17:20:00.513334 7f8d71a3d780 -1 monclient(hunting): ERROR: missing keyring, cannot use cephx for authentication
2015-07-24 17:21:16.886363 7fdc7595e780  0 ceph version 0.94-217-g31f1afb (31f1afb873c9d086bdf4f97297c2603fde277d7d), process ceph-fuse, pid 4660
2015-07-24 17:21:16.890136 7fdc7595e780 -1 init, newargv = 0x2b87b30 newargc=11



> -----Original Message-----
> From: john.spray@xxxxxxxxxx
> Sent: Mon, 13 Jul 2015 09:11:29 +0100
> To: boomerb@xxxxxxxxx, ceph-users@xxxxxxxxxxxxxx
> Subject: Re:  cephfs without admin key
> 
> Yes: clients need an MDS key that says "allow", and an OSD key that
> permits it access to the RADOS pool you're using as your CephFS data
> pool.
> 
> If you're already trying that and getting an error, please post the caps
> you're using.
> 
> Thanks,
> John
> 
> 
> On 12/07/2015 14:12, Bernhard Duebi wrote:
>> Hi,
>> 
>> I'm new to ceph. I setup a small cluster and successfully connected
>> kvm/qemu to use block devices. Now I'm experimenting with CephFS. I use
>> ceph-fuse on SLES12 (ceph 0.94). I can mount the file-system and write
>> to it, but only when the admin keyring is present, which gives the FS
>> client full admin privileges.
>> For kvm/qemu I can limit the privileges by creating key with limited
>> privileges. I was googling if the same is possible for CephFS. I found
>> some answers but none of them work because I always get "permission
>> denied".
>> 
>> Any hints how the key should look like?
>> 
>> Thanks
>> Bernhard
>> 
>> ____________________________________________________________
>> FREE 3D MARINE AQUARIUM SCREENSAVER - Watch dolphins, sharks & orcas on
>> your desktop!
>> Check it out at http://www.inbox.com/marineaquarium
>> 
>> 
>> _______________________________________________
>> ceph-users mailing list
>> ceph-users@xxxxxxxxxxxxxx
>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

____________________________________________________________
Can't remember your password? Do you need a strong and secure password?
Use Password manager! It stores your passwords & protects your account.
Check it out at http://mysecurelogon.com/password-manager


_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux