Jason Dillaman wrote:
The caps for those users looks correct for Luminous and later
clusters. Any chance you are using data pools with the images? It's
just odd that you have enough permissions to open the RBD image but
cannot read its data objects.
Yes, I use erasure-pool as data-pool for these images
(to save on replication overhead).
Should I add it to the [osd] profile list ?
Indeed, that's the problem since the libvirt and/or iso user doesn't
have access to the data-pool.
This really helped, thanks !
client.iso
key: AQBp...gA==
caps: [mon] profile rbd
caps: [osd] profile rbd pool=iso, profile rbd pool=jerasure21
client.libvirt
key: AQBt...IA==
caps: [mon] profile rbd
caps: [osd] profile rbd pool=libvirt, profile rbd pool=jerasure21
Now I can boot the VM from the .iso image and install Windows.
One more question, how should I set profile 'rbd-read-only' properly ?
I tried to set is for 'client.iso' on both 'iso' and 'jerasure21' pools,
and this did not work. Set profile on both pools to 'rbd', it worked.
But I don't want my iso imaged to be accidentally modified by virtual
guests. Can this be solved with Ceph auth, or in some other way ? (in
fact, I look for Ceph equivalent of 'chattr +i')
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
