Good catch but sadly that didn't make any difference. Is there some permission I'm missing?
Am Montag, 11. Juni 2018, 14:10:01 MESZ hat Jason Dillaman <jdillama@xxxxxxxxxx> Folgendes geschrieben:
It appears like you have a typo in your cap: "rdb_children" -> "rbd_children"
On Sun, Jun 10, 2018 at 7:35 AM, frm mrf <frm73@xxxxxxxxx> wrote:
> Hello list,
>
>
> I've recently setup a test openstack newton cloud and connected glance to a
> test ceph cluster (3x mon, 3x osd).
>
> I am able to upload raw images via openstack to the ceph backend but I
> cannot delete them because "PermissionError: error unprotecting snapshot".
> The glance user has the following permissions: mon 'allow r' osd 'allow
> class-read object_prefix rdb_children, allow rwx pool=images'.
>
> Mocking around a bit with the permissions I've noticed that if I change them
> to "mon 'allow r' osd 'allow *" -OR- allow rwx to all pools (mon 'allow r'
> osd 'allow class-read object_prefix rdb_children, allow rwx pool=images,
> allow rwx pool=rbd, allow rwx pool=vms'), I am able to remove the image via
> the openstack image delete <image-ID>.
>
> Can someone help me understand this behavior?
>
> PS: ceph package version is 10.2.9-0ubuntu0.16.04.1 and all machines are
> running Ubuntu 16.04.
>
>
> _______________________________________________
> ceph-users mailing list
> ceph-users@xxxxxxxxxxxxxx
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
--
Jason
On Sun, Jun 10, 2018 at 7:35 AM, frm mrf <frm73@xxxxxxxxx> wrote:
> Hello list,
>
>
> I've recently setup a test openstack newton cloud and connected glance to a
> test ceph cluster (3x mon, 3x osd).
>
> I am able to upload raw images via openstack to the ceph backend but I
> cannot delete them because "PermissionError: error unprotecting snapshot".
> The glance user has the following permissions: mon 'allow r' osd 'allow
> class-read object_prefix rdb_children, allow rwx pool=images'.
>
> Mocking around a bit with the permissions I've noticed that if I change them
> to "mon 'allow r' osd 'allow *" -OR- allow rwx to all pools (mon 'allow r'
> osd 'allow class-read object_prefix rdb_children, allow rwx pool=images,
> allow rwx pool=rbd, allow rwx pool=vms'), I am able to remove the image via
> the openstack image delete <image-ID>.
>
> Can someone help me understand this behavior?
>
> PS: ceph package version is 10.2.9-0ubuntu0.16.04.1 and all machines are
> running Ubuntu 16.04.
>
>
> _______________________________________________
> ceph-users mailing list
> ceph-users@xxxxxxxxxxxxxx
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
--
Jason
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
