On Thu, Feb 6, 2020 at 11:20 AM Andras Pataki <apataki@xxxxxxxxxxxxxxxxxxxxx> wrote: > > I'm trying to set up a cephx key to mount RBD images read-only. I have > the following two keys: > > [client.rbd] > key = xxx > caps mgr = "profile rbd" > caps mon = "profile rbd" > caps osd = "profile rbd pool=rbd_vm" > > [client.rbd-ro] > key = xxx > caps mgr = "profile rbd-read-only" > caps mon = "profile rbd" > caps osd = "profile rbd-read-only pool=rbd_vm" > > The following works: > > # rbd map --pool rbd_vm andras_test --name client.rbd > /dev/rbd0 > > and so does this: > > # rbd map --pool rbd_vm andras_test --name client.rbd --read-only > /dev/rbd0 > > but the using the rbd-ro key doesn't work: > > # rbd map --pool rbd_vm andras_test --name client.rbd-ro --read-only > rbd: sysfs write failed > In some cases useful info is found in syslog - try "dmesg | tail". > rbd: map failed: (1) Operation not permitted > > the logs only have the following: > > [1281776.788709] libceph: mon4 10.128.150.14:6789 session established > [1281776.801747] libceph: client88900164 fsid > d7b33135-0940-4e48-8aa6-1d2026597c2f > > The back end of mimic 13.2.8, the kernel is the CentOS kernel > 3.10.0-957.27.2.el7.x86_64 > > Any ideas what I'm doing wrong here? You need kernel v5.5 or later to map an RBD image via krbd using read-only caps [1]. Prior to this patch, krbd would be in a quasi-read-only state internally. > Andras > > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx > To unsubscribe send an email to ceph-users-leave@xxxxxxx [1] https://tracker.ceph.com/issues/42667 -- Jason _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |