On Tue, Mar 3, 2020 at 10:05 AM Rainer Krienke <krienke@xxxxxxxxxxxxxx> wrote: > > Hello, > > I do not know how to restrict a client.user to a certain rbd pool where > this pool has a replicated metadata pool pool.rbd and an erasure coded > data pool named pool.ec . I am running ceph nautilus. > > I tried this for a client.user: > > # ceph auth caps client.user mon 'profile rbd' osd 'profile rbd > pool=pool.rbd' > > # ceph auth get client.user > ./client.user > > # rbd -n client.user -k ./client.user create pool.rbd/test --size=1G > --data-pool=pool.ec > 2020-03-03 15:54:43.813 7f2817fff700 -1 > librbd::image::ValidatePoolRequest: handle_read_rbd_info: failed to read > RBD info: (1) Operation not permitted > 2020-03-03 15:54:43.813 7f2817fff700 -1 librbd::image::CreateRequest: > 0x563421cf4730 handle_validate_data_pool: failed to validate pool: (1) > Operation not permitted > rbd: create error: (1) Operation not permitted > > If I remove the "... pool=pool.rbd" -section in "ceph auth caps ..." > call from above everything works. > > Any idea how I can get this setup to work? You haven't given the user any access to "rbd.ec" so it's failing when attempting to validate that data pool. You would need something like the following: osd "profile rbd pool=pool.rbd, profile rbd pool=pool.ec" > Thanks > Rainer > -- > Rainer Krienke, Uni Koblenz, Rechenzentrum, A22, Universitaetsstrasse 1 > 56070 Koblenz, Tel: +49261287 1312 Fax +49261287 100 1312 > Web: http://userpages.uni-koblenz.de/~krienke > PGP: http://userpages.uni-koblenz.de/~krienke/mypgp.html > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx > To unsubscribe send an email to ceph-users-leave@xxxxxxx > -- Jason _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |