For future reference, You can reset your keyring's permissions using a keyring located on the monitors at /var/lib/ceph/mon/your-mon/keyring. Specify the -k option for the ceph command and the full path to the keyring and you can correct this without having to restart the cluster a couple of times. On Mon, 2016-04-04 at 18:25 +0000, Plewes, Dave (IS) wrote: > Oliver, > > Following your recommendation to stop the cluster, restart cluster authentication disabled allowed me to fix the incorrect capability settings on the client.admin user. Then, I re-enabled authentication and restarted the cluster. Everything is back to normal. > > Thank you for your help, > > Dave > > > -----Original Message----- > From: ceph-users [mailto:ceph-users-bounces@xxxxxxxxxxxxxx] On Behalf Of Plewes, Dave (IS) > Sent: Monday, April 04, 2016 10:34 AM > To: Oliver Dzombic; ceph-users@xxxxxxxxxxxxxx > Subject: Re: EXT :Re: ceph auth list - access denied > > Oliver, > > Thank you for the quick response. > > I suspected that I made a mistake with the update rather than a write. > > My cluster still shows a "HEALTH_OK" with all 3 osds and all 3 mons in quorum but I suspect that totally killed auth. > > I will look at re-establishing authentication according to your recommendation. > > Thanks, > > Dave > > > -----Original Message----- > From: ceph-users [mailto:ceph-users-bounces@xxxxxxxxxxxxxx] On Behalf Of Oliver Dzombic > Sent: Monday, April 04, 2016 10:14 AM > To: ceph-users@xxxxxxxxxxxxxx > Subject: EXT :Re: ceph auth list - access denied > > Hi David, > > you killed your auth. > > When updating auth, you always have to write all auth's not only the change. > > Means, if you update, the auth is completely reset newly according to your change. > > So its not adding, its replacing. > > --- > > You will have to start your cluster now without auth, giving your key again ALL rights on everything. > > Then restart the cluster again with authentication enabled. > > -- > Mit freundlichen Gruessen / Best regards > > Oliver Dzombic > IP-Interactive > > mailto:info@xxxxxxxxxxxxxxxxx > > Anschrift: > > IP Interactive UG ( haftungsbeschraenkt ) Zum Sonnenberg 1-3 > 63571 Gelnhausen > > HRB 93402 beim Amtsgericht Hanau > Geschäftsführung: Oliver Dzombic > > Steuer Nr.: 35 236 3622 1 > UST ID: DE274086107 > > > Am 04.04.2016 um 16:07 schrieb Plewes, Dave (IS): > > All, > > > > > > > > I am fairly new to using Ceph. I have successfully established a Ceph > > Cluster with 3 OSDs of 8TB each for a total cluster of 24TBs. > > Recently, I was attempting to use Libvirt with Ceph RBD as documented here: > > http://docs.ceph.com/docs/hammer/rbd/libvirt/ > > > > > > > > I was able to create (and list) a pool and the image using the > > following > > commands: > > > > > > > > 1) ceph osd pool create libvirt-pool 128 128 > > > > 2) ceph osd lspools > > > > 3) rbd create libvirt-image -size 1024 -pool libvirt-pool > > > > 4) rbd ls libvirt-pool > > > > 5) rbd -image libvirt-image -p libvirt-pool info > > > > Then, I wanted to modify the "client.admin" user to allow access to > > the pool using the following command: > > > > > > > > ceph auth caps client.admin mon 'allow r' osd 'allow rwx pool=libvirt-pool' > > > > which returned response of: > > > > > > > > updated caps for client.admin > > > > > > > > However, I can no longer execute a "ceph auth list" command. I > > receive the following access denied: > > > > > > > > Error EACCES: access denied > > > > > > > > > > > > How can I recover access to "ceph auth"? > > > > > > > > Prior to the "ceph auths caps" command I could execute the "ceph auth" > > command with no problem and it > > > > Returned the auth entries for osd.0, osd.1, osd.2, client.admin, > > client.bootstrap-mds, client.bootstrap-osd, and client.bootstrap.rgw > > > > > > > > > > > > Any assistance will be helpful and appreciated. > > > > > > > > Thanks, > > > > > > > > Dave P. > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > ceph-users mailing list > > ceph-users@xxxxxxxxxxxxxx > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |