For permanent fix, you need to fix this using patched kernel or upgrade to 4.9 kernel or higher(which has the patch fix)
http://tracker.ceph.com/issues/17191
Using
[mds] allow r
gives users “read” permission to “/” share ie any directory/files under “/” , Example “/dir1”,”dir2” or “/MTY” can be read using the KEY and USER(client.mtyadm).
If this is not concern to you, then I guess you are fine, else consider upgrading the kernel or get your current kernel patched for this cephFS kernel client fix.
caps: [mds] allow r,allow rw path=/MTY
--
Deepak
From: ceph-users [mailto:ceph-users-bounces@xxxxxxxxxxxxxx]
On Behalf Of c.monty@xxxxxx
Sent: Monday, July 24, 2017 7:00 AM
To: Дмитрий Глушенок
Cc: ceph-users@xxxxxxxxxxxxxx
Subject: Re: [ceph-users] Mount CephFS with dedicated user fails: mount error 13 = Permission denied
THX.
Mount is working now.
The auth list for user mtyadm is now:
client.mtyadm
key: AQAlyXVZEfsYNRAAM4jHuV1Br7lpRx1qaINO+A==
caps: [mds] allow r,allow rw path=/MTY
caps: [mon] allow r
caps: [osd] allow rw pool=hdb-backup,allow rw pool=hdb-backup_metadata
24. Juli 2017 13:25, "Дмитрий Глушенок" <glush@xxxxxxxxxx> schrieb:
Hello!
I want to mount CephFS with a dedicated user in order to avoid putting the admin key on every client host.
Therefore I created a user account
ceph auth get-or-create client.mtyadm mon 'allow r' mds 'allow rw path=/MTY' osd 'allow rw pool=hdb-backup,allow rw pool=hdb-backup_metadata' -o /etc/ceph/ceph.client.mtyadm.keyring
and wrote out the keyring
ceph-authtool -p -n client.mtyadm ceph.client.mtyadm.keyring > ceph.client.mtyadm.key
This user is now displayed in auth list:
client.mtyadm
key: AQBYu3VZLg66LBAAGM1jW+cvNE6BoJWfsORZKA==
caps: [mds] allow rw path=/MTY
caps: [mon] allow r
caps: [osd] allow rw pool=hdb-backup,allow rw pool=hdb-backup_metadata
When I try to mount directory /MTY on the client host I get this error:
ld2398:/etc/ceph # mount -t ceph ldcephmon1,ldcephmon2,ldcephmon2:/MTY /mnt/cephfs -o name=mtyadm,secretfile=/etc/ceph/ceph.client.mtyadm.key
mount error 13 = Permission denied
The mount works using admin though:
ld2398:/etc/ceph # mount -t ceph ldcephmon1,ldcephmon2,ldcephmon2:/MTY /mnt/cephfs -o name=admin,secretfile=/etc/ceph/ceph.client.admin.key
ld2398:/etc/ceph # mount | grep cephfs
10.96.5.37,10.96.5.38,10.96.5.38:/MTY on /mnt/cephfs type ceph (rw,relatime,name=admin,secret=<hidden>,acl)
What is causing this mount error?
THX
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
--
Dmitry Glushenok
Jet Infosystems
This email message is for the sole use of the intended recipient(s) and may
contain confidential information. Any unauthorized review, use, disclosure
or distribution is prohibited. If you are not the intended recipient,
please contact the sender by reply email and destroy all copies of the original
message.
|
