Oliver, Following your recommendation to stop the cluster, restart cluster authentication disabled allowed me to fix the incorrect capability settings on the client.admin user. Then, I re-enabled authentication and restarted the cluster. Everything is back to normal. Thank you for your help, Dave -----Original Message----- From: ceph-users [mailto:ceph-users-bounces@xxxxxxxxxxxxxx] On Behalf Of Plewes, Dave (IS) Sent: Monday, April 04, 2016 10:34 AM To: Oliver Dzombic; ceph-users@xxxxxxxxxxxxxx Subject: Re: EXT :Re: ceph auth list - access denied Oliver, Thank you for the quick response. I suspected that I made a mistake with the update rather than a write. My cluster still shows a "HEALTH_OK" with all 3 osds and all 3 mons in quorum but I suspect that totally killed auth. I will look at re-establishing authentication according to your recommendation. Thanks, Dave -----Original Message----- From: ceph-users [mailto:ceph-users-bounces@xxxxxxxxxxxxxx] On Behalf Of Oliver Dzombic Sent: Monday, April 04, 2016 10:14 AM To: ceph-users@xxxxxxxxxxxxxx Subject: EXT :Re: ceph auth list - access denied Hi David, you killed your auth. When updating auth, you always have to write all auth's not only the change. Means, if you update, the auth is completely reset newly according to your change. So its not adding, its replacing. --- You will have to start your cluster now without auth, giving your key again ALL rights on everything. Then restart the cluster again with authentication enabled. -- Mit freundlichen Gruessen / Best regards Oliver Dzombic IP-Interactive mailto:info@xxxxxxxxxxxxxxxxx Anschrift: IP Interactive UG ( haftungsbeschraenkt ) Zum Sonnenberg 1-3 63571 Gelnhausen HRB 93402 beim Amtsgericht Hanau Geschäftsführung: Oliver Dzombic Steuer Nr.: 35 236 3622 1 UST ID: DE274086107 Am 04.04.2016 um 16:07 schrieb Plewes, Dave (IS): > All, > > > > I am fairly new to using Ceph. I have successfully established a Ceph > Cluster with 3 OSDs of 8TB each for a total cluster of 24TBs. > Recently, I was attempting to use Libvirt with Ceph RBD as documented here: > http://docs.ceph.com/docs/hammer/rbd/libvirt/ > > > > I was able to create (and list) a pool and the image using the > following > commands: > > > > 1) ceph osd pool create libvirt-pool 128 128 > > 2) ceph osd lspools > > 3) rbd create libvirt-image -size 1024 -pool libvirt-pool > > 4) rbd ls libvirt-pool > > 5) rbd -image libvirt-image -p libvirt-pool info > > Then, I wanted to modify the "client.admin" user to allow access to > the pool using the following command: > > > > ceph auth caps client.admin mon 'allow r' osd 'allow rwx pool=libvirt-pool' > > which returned response of: > > > > updated caps for client.admin > > > > However, I can no longer execute a "ceph auth list" command. I > receive the following access denied: > > > > Error EACCES: access denied > > > > > > How can I recover access to "ceph auth"? > > > > Prior to the "ceph auths caps" command I could execute the "ceph auth" > command with no problem and it > > Returned the auth entries for osd.0, osd.1, osd.2, client.admin, > client.bootstrap-mds, client.bootstrap-osd, and client.bootstrap.rgw > > > > > > Any assistance will be helpful and appreciated. > > > > Thanks, > > > > Dave P. > > > > > > > > > > > > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com