On Wed, Feb 21, 2018 at 10:54 AM, Enrico Kern <enrico.kern@xxxxxxxxxxxxxxx> wrote: > Hey all, > > i would suggest some changes to the ceph auth caps command. > > Today i almost fucked up half of one of our openstack regions with i/o > errors because of user failure. > > I tried to add osd blacklist caps to a cinder keyring after luminous > upgrade. > > I did so by issuing ceph auth caps client.cinder mon 'bla' > > doing this i forgot that this will wipe also other caps and not just only > updates caps for mon because you need to specify all in one line. Result was > all of our vms passing out with read only filesystems after a while because > osd caps were gone. > > I suggest that if you only pass > > Ceph auth caps mon > > It only updates caps for mon or osd etc. and leaves others untouched. Or at > least print some huge error message. > > I know it is more a pebkac problem, but ceph is doing great in being idiot > proof and this would make it even more idiot proof ;) This sounds like a good idea to me! I created a ticket at http://tracker.ceph.com/issues/23096 -Greg _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |