Hello list,
I've recently setup a test openstack newton cloud and connected glance to a test ceph cluster (3x mon, 3x osd).
I am able to upload raw images via openstack to the ceph backend but I cannot delete them because "PermissionError: error unprotecting snapshot". The glance user has the following permissions: mon 'allow r' osd 'allow class-read object_prefix rdb_children, allow rwx pool=images'.
Mocking around a bit with the permissions I've noticed that if I change them to "mon 'allow r' osd 'allow *" -OR- allow rwx to all pools (mon 'allow r' osd 'allow class-read object_prefix rdb_children, allow rwx pool=images, allow rwx pool=rbd, allow rwx pool=vms'), I am able to remove the image via the openstack image delete <image-ID>.
Can someone help me understand this behavior?
I've recently setup a test openstack newton cloud and connected glance to a test ceph cluster (3x mon, 3x osd).
I am able to upload raw images via openstack to the ceph backend but I cannot delete them because "PermissionError: error unprotecting snapshot". The glance user has the following permissions: mon 'allow r' osd 'allow class-read object_prefix rdb_children, allow rwx pool=images'.
Mocking around a bit with the permissions I've noticed that if I change them to "mon 'allow r' osd 'allow *" -OR- allow rwx to all pools (mon 'allow r' osd 'allow class-read object_prefix rdb_children, allow rwx pool=images, allow rwx pool=rbd, allow rwx pool=vms'), I am able to remove the image via the openstack image delete <image-ID>.
Can someone help me understand this behavior?
PS: ceph package version is 10.2.9-0ubuntu0.16.04.1 and all machines are running Ubuntu 16.04.
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com