Re: ceph nautilus namespaces for rbd and rbd image access problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, May 20, 2019 at 8:56 AM Rainer Krienke <krienke@xxxxxxxxxxxxxx> wrote:
>
> Hello,
>
> on a ceph Nautilus cluster (14.2.1) running on Ubuntu 18.04 I try to set
> up rbd images with namespaces in order to allow different clients to
> access only their "own" rbd images in different namespaces in just one
> pool. The rbd image data are in an erasure encoded pool named "ecpool"
> and the metadata in the default "rbd" pool.
>
> With this setup I am experiencing trouble when I try to access a rbd
> image in a namespace from a (OpenSuSE Leap 15.0 with Ceph 14.2.1) client
> and I do not understand what I am doing wrong. Hope someone can see the
> problem and give me a hint:
>
> # On one of the the ceph servers
>
> $ rbd namespace create --namespace testnamespace
> $ rbd namespace ls
> NAME
> testnamespace
>
> $ ceph auth caps client.rainer mon 'profile rbd' osd 'profile rbd
> pool=rbd namespace=testnamespace'
>
> $ ceph auth get client.rainer
> [client.rainer]
>         key = AQCcVt5cHC+WJhBBoRPKhErEYzxGuU8U/GA0xA++
>         caps mon = "profile rbd"
>         caps osd = "profile rbd pool=rbd namespace=testnamespace"
>
> $ rbd create rbd/rbdtestns --namespace testnamespace --size 50G
> --data-pool=rbd-ecpool
>
> $ rbd --namespace testnamespace ls -l
> NAME      SIZE   PARENT FMT PROT LOCK
> rbdtestns 50 GiB          2
>
> On the openSuSE Client:
>
> $ rbd --namespace=testnamespace map rbd/rbdtestns --name client.rainer
> --keyring=/etc/ceph/ceph.keyring
> rbd: sysfs write failed
> rbd: error opening image rbdtestns: (1) Operation not permitted
> In some cases useful info is found in syslog - try "dmesg | tail".
> 2019-05-20 08:18:29.187 7f42ab7fe700 -1 librbd::image::RefreshRequest:
> failed to retrieve pool metadata: (1) Operation not permitted
> 2019-05-20 08:18:29.187 7f42aaffd700 -1 librbd::image::OpenRequest:
> failed to refresh image: (1) Operation not permitted
> 2019-05-20 08:18:29.187 7f42aaffd700 -1 librbd::ImageState:
> 0x561792408860 failed to open image: (1) Operation not permitted
> rbd: map failed: (22) Invalid argument

Hmm, it looks like we overlooked updating the 'rbd' profile when PR
27423 [1] was merged into v14.2.1. We'll get that fixed, but in the
meantime, you can add a "class rbd metadata_list" cap on the base pool
(w/o the namespace restriction) [2].

> Thanks for your help
> Rainer
> --
> Rainer Krienke, Uni Koblenz, Rechenzentrum, A22, Universitaetsstrasse 1
> 56070 Koblenz, Tel: +49261287 1312 Fax +49261287 100 1312
> Web: http://userpages.uni-koblenz.de/~krienke
> PGP: http://userpages.uni-koblenz.de/~krienke/mypgp.html
> _______________________________________________
> ceph-users mailing list
> ceph-users@xxxxxxxxxxxxxx
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com


[1] https://github.com/ceph/ceph/pull/27423
[2] http://docs.ceph.com/docs/master/rados/operations/user-management/#authorization-capabilities

-- 
Jason
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux