On Thu, Feb 22, 2018, 8:09 PM Gregory Farnum <gfarnum@xxxxxxxxxx> wrote:
On Wed, Feb 21, 2018 at 10:54 AM, Enrico Kern
<enrico.kern@xxxxxxxxxxxxxxx> wrote:
> Hey all,
>
> i would suggest some changes to the ceph auth caps command.
>
> Today i almost fucked up half of one of our openstack regions with i/o
> errors because of user failure.
>
> I tried to add osd blacklist caps to a cinder keyring after luminous
> upgrade.
>
> I did so by issuing ceph auth caps client.cinder mon 'bla'
>
> doing this i forgot that this will wipe also other caps and not just only
> updates caps for mon because you need to specify all in one line. Result was
> all of our vms passing out with read only filesystems after a while because
> osd caps were gone.
>
> I suggest that if you only pass
>
> Ceph auth caps mon
>
> It only updates caps for mon or osd etc. and leaves others untouched. Or at
> least print some huge error message.
>
> I know it is more a pebkac problem, but ceph is doing great in being idiot
> proof and this would make it even more idiot proof ;)
This sounds like a good idea to me! I created a ticket at
http://tracker.ceph.com/issues/23096
-Greg
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
