openstack newton, glance user permission issue with ceph backend

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello list,


I've recently setup a test openstack newton cloud and connected glance to a test ceph cluster (3x mon, 3x osd).

I am able to upload raw images via openstack to the ceph backend but I cannot delete them because "PermissionError: error unprotecting snapshot". The glance user has the following permissions: mon 'allow r' osd 'allow class-read object_prefix rdb_children, allow rwx pool=images'.

Mocking around a bit with the permissions I've noticed that if I change them to "mon 'allow r' osd 'allow *" -OR- allow rwx to all pools (mon 'allow r' osd 'allow class-read object_prefix rdb_children, allow rwx pool=images, allow rwx pool=rbd, allow rwx pool=vms'), I am able to remove the image via the openstack image delete <image-ID>.

Can someone help me understand this behavior?

PS: ceph package version is 10.2.9-0ubuntu0.16.04.1 and all machines are running Ubuntu 16.04.

_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux