Hi François,
"usermod -aG ceph snmp" is better ;)
2016-03-11 3:37 GMT+01:00 Francois Lafont <flafdivers@xxxxxxx>:
> Hi,
>
> I have a ceph cluster on Infernalis and I'm using a snmp agent to retrieve
> data and generate generic graphs concerning each cluster node. Currently, I
> can see in the syslog of each node this kind of lines (every 5 minutes):
>
> Mar 11 03:15:26 ceph01 snmpd[16824]: Cannot statfs /var/lib/ceph/mon/ceph-ceph01#012: Permission denied
> Mar 11 03:15:26 ceph01 snmpd[16824]: Cannot statfs /var/lib/ceph/osd/ceph-16#012: Permission denied
>
> Of course, it's a basic problem of Unix rights. The snmp agent uses the
> account "snmp" and the Unix rights of the ceph home directory are:
>
> ~# ll -d /var/lib/ceph
> drwxr-x--- 9 ceph ceph 4096 Nov 4 06:34 /var/lib/ceph/
>
> So, of course, currently the snmp account can't access to
> /var/lib/ceph/{osd,mon}/$cluster-$id/.
>
> 1. Is there a problem (an eventually side effect) if I just do that?
>
> chmod o+rx /var/lib/ceph/
>
> Can I have security problem with that?
>
>
> 2. Or do you think it's a better idea to just add "snmp" in the Unix group
> "ceph"? Maybe better than 1. because I don't change the permissions of the
> directory _and_ it seems to me that a member of the "ceph" group has never
> the "w" right in /var/lib/ceph/.
>
> Thanks in advance for your help.
>
> --
> François Lafont
> _______________________________________________
> ceph-users mailing list
> ceph-users@xxxxxxxxxxxxxx
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
--
________________________________________________________
Cordialement,
David CASIER
3B Rue Taylor, CS20004
75481 PARIS Cedex 10 Paris
Ligne directe: 01 75 98 53 85
Email: david.casier@xxxxxxxx
________________________________________________________
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
