Re: Cephfs : security questions?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Quoting Yoann Moulin (yoann.moulin@xxxxxxx):
> 
> >> Kernels on client is 4.4.0-93 and on ceph node are 4.4.0-96
> >>
> >> What is exactly an older kernel client ? 4.4 is old ?
> > 
> > See
> > http://docs.ceph.com/docs/master/cephfs/best-practices/#which-kernel-version
> > 
> > If you're on Ubuntu Xenial I would advise to use
> > "linux-generic-hwe-16.04". Currently gives you 4.10.0-* kernel.
> 
> OK, but I still cannot set caps without read access to "/" on cephfs volume, is there something else I must do ?
> 
> # ceph auth get-or-create client.foo mon "allow r" osd "allow rw pool=cephfs_data" mds "allow rw path=/foo"
> Error EINVAL: key for client.foo exists but cap mds does not match
> 
> # ceph fs authorize cephfs client.foo /foo rw
> Error EINVAL: key for client.foo exists but cap mds does not match

Use "ceph auth list" to check the current caps for the client. With ceph
auth caps (note, _not_ get-or-create) you can update the caps:

ceph auth caps client.foo mon "allow r" osd "allow rw
pool=cephfs_data" mds "allow rw path=/foo"

The command should return "updated caps for client.foo"

Gr. Stefan

-- 
| BIT BV  http://www.bit.nl/        Kamer van Koophandel 09090351
| GPG: 0xD14839C6                   +31 318 648 688 / info@xxxxxx
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux