Jason Dillaman wrote:
Can you run "rbd --id libvirt --pool libvirt win206-test-3tb <some
temprary file name>" w/o error? It sounds like your CephX caps for
client.libvirt are not permitting read access to the image data
objects.
I tried to run 'rbd export' with these params,
but it said it was unable to find a keyring.
Is keyring file mandatory for every client ?
'ceph auth ls' shows these accounts with seemingly-proper
permissions :
client.iso
key: AQBp...gA==
caps: [mon] profile rbd
caps: [osd] profile rbd pool=iso
client.libvirt
key: AQBt...IA==
caps: [mon] profile rbd
caps: [osd] profile rbd pool=libvirt
And these same keys are listed in /etc/libvirt/secrets :
/etc/libvirt/secrets# ls | while read a ; do echo $a : $(cat $a) ; done
ac1d8d7b-d243-4474-841d-91c26fd93a14.base64 : AQBt...IA==
ac1d8d7b-d243-4474-841d-91c26fd93a14.xml : <secret ephemeral='no'
private='yes'> <uuid>ac1d8d7b-d243-4474-841d-91c26fd93a14</uuid>
<description>CEPH passphrase example</description> <usage type='ceph'>
<name>ceph_example</name> </usage> </secret>
cf00c7e4-740a-4935-9d7c-223d3c81871f.base64 : AQBp...gA==
cf00c7e4-740a-4935-9d7c-223d3c81871f.xml : <secret ephemeral='no'
private='yes'> <uuid>cf00c7e4-740a-4935-9d7c-223d3c81871f</uuid>
<description>CEPH ISO pool</description> <usage type='ceph'>
<name>ceph_iso</name> </usage> </secret>
I just thought this should be enough. no ?
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com