Am 20.05.19 um 09:06 schrieb Jason Dillaman: >> $ rbd --namespace=testnamespace map rbd/rbdtestns --name client.rainer >> --keyring=/etc/ceph/ceph.keyring >> rbd: sysfs write failed >> rbd: error opening image rbdtestns: (1) Operation not permitted >> In some cases useful info is found in syslog - try "dmesg | tail". >> 2019-05-20 08:18:29.187 7f42ab7fe700 -1 librbd::image::RefreshRequest: >> failed to retrieve pool metadata: (1) Operation not permitted >> 2019-05-20 08:18:29.187 7f42aaffd700 -1 librbd::image::OpenRequest: >> failed to refresh image: (1) Operation not permitted >> 2019-05-20 08:18:29.187 7f42aaffd700 -1 librbd::ImageState: >> 0x561792408860 failed to open image: (1) Operation not permitted >> rbd: map failed: (22) Invalid argument > > Hmm, it looks like we overlooked updating the 'rbd' profile when PR > 27423 [1] was merged into v14.2.1. We'll get that fixed, but in the > meantime, you can add a "class rbd metadata_list" cap on the base pool > (w/o the namespace restriction) [2]. > Thanks for your answer. Well I still have Kernel 4.15 so namespaces won't work for me at the moment. Could you please explain what the magic behind "class rbd metadata_list" is? Is it thought to "simply" allow access to the basepool (rbd in my case), so I authorize access to the pool instead of a namespaces? And if this is true then I do not understand the difference of your class cap compared to a cap like osd 'allow rw pool=rbd'? -- Rainer Krienke, Uni Koblenz, Rechenzentrum, A22, Universitaetsstrasse 1 56070 Koblenz, Tel: +49261287 1312 Fax +49261287 100 1312 Web: http://userpages.uni-koblenz.de/~krienke PGP: http://userpages.uni-koblenz.de/~krienke/mypgp.html _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |