Re: EXT :Re: ceph auth list - access denied

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Oliver,

Following your recommendation to stop the cluster, restart cluster authentication disabled allowed me to fix the incorrect capability settings on the client.admin user.  Then, I re-enabled authentication and restarted the cluster.  Everything is back to normal.

Thank you for your help,

Dave


-----Original Message-----
From: ceph-users [mailto:ceph-users-bounces@xxxxxxxxxxxxxx] On Behalf Of Plewes, Dave (IS)
Sent: Monday, April 04, 2016 10:34 AM
To: Oliver Dzombic; ceph-users@xxxxxxxxxxxxxx
Subject: Re:  EXT :Re: ceph auth list - access denied

Oliver,

Thank you for the quick response.  

I suspected that I made a mistake with the update rather than a write. 

My cluster still shows a "HEALTH_OK" with all 3 osds and all 3 mons in quorum but I suspect that totally killed auth.

I will look at re-establishing authentication according to your recommendation.

Thanks,

Dave


-----Original Message-----
From: ceph-users [mailto:ceph-users-bounces@xxxxxxxxxxxxxx] On Behalf Of Oliver Dzombic
Sent: Monday, April 04, 2016 10:14 AM
To: ceph-users@xxxxxxxxxxxxxx
Subject: EXT :Re:  ceph auth list - access denied

Hi David,

you killed your auth.

When updating auth, you always have to write all auth's not only the change.

Means, if you update, the auth is completely reset newly according to your change.

So its not adding, its replacing.

---

You will have to start your cluster now without auth, giving your key again ALL rights on everything.

Then restart the cluster again with authentication enabled.

--
Mit freundlichen Gruessen / Best regards

Oliver Dzombic
IP-Interactive

mailto:info@xxxxxxxxxxxxxxxxx

Anschrift:

IP Interactive UG ( haftungsbeschraenkt ) Zum Sonnenberg 1-3
63571 Gelnhausen

HRB 93402 beim Amtsgericht Hanau
Geschäftsführung: Oliver Dzombic

Steuer Nr.: 35 236 3622 1
UST ID: DE274086107


Am 04.04.2016 um 16:07 schrieb Plewes, Dave (IS):
> All,
> 
>  
> 
> I am fairly new to using Ceph.  I have successfully established a Ceph 
> Cluster with 3 OSDs of 8TB each for a total cluster of 24TBs.
> Recently, I was attempting to use Libvirt with Ceph RBD as documented here:
> http://docs.ceph.com/docs/hammer/rbd/libvirt/
> 
>  
> 
> I was able to create (and list) a pool and the image using the 
> following
> commands:
> 
>  
> 
> 1)      ceph osd pool create libvirt-pool 128 128
> 
> 2)      ceph osd lspools
> 
> 3)      rbd create libvirt-image -size 1024 -pool libvirt-pool
> 
> 4)      rbd ls libvirt-pool
> 
> 5)      rbd -image libvirt-image -p libvirt-pool info
> 
> Then, I wanted to modify the "client.admin" user to allow access to 
> the pool using the following command:
> 
>  
> 
> ceph auth caps client.admin mon 'allow r' osd 'allow rwx pool=libvirt-pool'
> 
> which returned response of:
> 
>  
> 
>                updated caps for client.admin
> 
>  
> 
> However, I can no longer execute a "ceph auth list" command.  I 
> receive the following access denied:
> 
>  
> 
> Error EACCES: access denied
> 
>  
> 
>  
> 
> How can I recover access to "ceph auth"?
> 
>  
> 
> Prior to the "ceph auths caps" command I could execute the "ceph auth"
> command with no problem and it
> 
> Returned the auth entries for osd.0, osd.1, osd.2, client.admin, 
> client.bootstrap-mds, client.bootstrap-osd, and client.bootstrap.rgw
> 
>  
> 
>  
> 
> Any assistance will be helpful and appreciated.
> 
>  
> 
> Thanks,
> 
>  
> 
> Dave P.
> 
>  
> 
>  
> 
>  
> 
>  
> 
> 
> 
> _______________________________________________
> ceph-users mailing list
> ceph-users@xxxxxxxxxxxxxx
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> 
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com




[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux