On Fri, Jan 24, 2020 at 1:43 PM Frank Schilder <frans@xxxxxx> wrote: > > Dear Ilya, > > I had exactly the same problem with authentication of cephfs clients on a mimic-13.2.2 cluster. The key created with "ceph fs authorize ..." did not grant access to the data pool. I ended up adding "rw" access to this pool by hand. > > Following up on your remark about pool tags, could you please point me to any documentation about how this tagging is used and what key-value pair you are referring to? It sounds like this is the new way to go, but I cannot find anything useful about it in here: > > https://docs.ceph.com/docs/mimic/cephfs/client-auth/ Hi Frank, This is the correct page, but this key-value pair is more or less an internal implementation detail. "ceph fs authorize" is all the users should know about, but there seems to be a bug lurking there. In general, for a cap that looks like allow <r/w/x> tag <tag name> <key>=<value> the OSD will allow <r/w/x> access to the pool iff a) the pool is tagged with <tag name> and b) the tag metadata has that <key>: <value> pair in it. In the cephfs case, the key is "data" for data pool and "metadata" for metadata pools, the value is the name of the filesystem. Thanks, Ilya _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |