That was it! I am not sure how I got confused with the client name syntax. When I issued the command to create a client key, I used: ceph fs authorize cephfs client.1 / r / rw I assumed from the syntax that my client name is "client.1" I suppose the correct syntax is that anything after "client." is the name? So: ceph fs authorize cephfs client.bob / r / rw Would authorize a client named bob? -Scott ________________________________ From: Eugen Block <eblock@xxxxxx> Sent: Monday, March 23, 2020 11:30 AM To: Dungan, Scott A. <sdungan@xxxxxxxxxxx> Cc: Yan, Zheng <ukernel@xxxxxxxxx>; ceph-users@xxxxxxx <ceph-users@xxxxxxx> Subject: Re: Re: Cephfs mount error 1 = Operation not permitted Wait, your client name is just "1"? In that case you need to specify that in your mount command: mount ... -o name=1,secret=... It has to match your ceph auth settings, where "client" is only a prefix and is followed by the client's name [client.1] Zitat von "Dungan, Scott A." <sdungan@xxxxxxxxxxx>: > Tried that: > > [client.1] > key = ******************************* > caps mds = "allow rw path=/" > caps mon = "allow r" > caps osd = "allow rw tag cephfs pool=meta_data, allow rw pool=data" > > No change. > > > ________________________________ > From: Yan, Zheng <ukernel@xxxxxxxxx> > Sent: Sunday, March 22, 2020 9:28 PM > To: Dungan, Scott A. <sdungan@xxxxxxxxxxx> > Cc: Eugen Block <eblock@xxxxxx>; ceph-users@xxxxxxx <ceph-users@xxxxxxx> > Subject: Re: Re: Cephfs mount error 1 = Operation not permitted > > On Sun, Mar 22, 2020 at 8:21 AM Dungan, Scott A. <sdungan@xxxxxxxxxxx> wrote: >> >> Zitat, thanks for the tips. >> >> I tried appending the key directly in the mount command >> (secret=<CLIENT.1.SECRET>) and that produced the same error. >> >> I took a look at the thread you suggested and I ran the commands >> that Paul at Croit suggested even though I the ceph dashboard >> showed "cephs" as already set as the application on both my data >> and metadata pools: >> >> [root@ceph-n4 ~]# ceph osd pool application set data cephfs data cephfs >> set application 'cephfs' key 'data' to 'cephfs' on pool 'data' >> [root@ceph-n4 ~]# ceph osd pool application set meta_data cephfs >> metadata cephfs >> set application 'cephfs' key 'metadata' to 'cephfs' on pool 'meta_data' >> >> No change. I get the "mount error 1 = Operation not permitted" >> error the same as before. >> >> I also tried manually editing the caps osd pool tags for my >> client.1, to allow rw to both the data pool as well as the metadata >> pool, as suggested further in the thread: >> >> [client.1] >> key = *********************************** >> caps mds = "allow rw path=all" > > > try replacing this with "allow rw path=/" > >> caps mon = "allow r" >> caps osd = "allow rw tag cephfs pool=meta_data, allow rw pool=data" >> >> No change. >> >> ________________________________ >> From: Eugen Block <eblock@xxxxxx> >> Sent: Saturday, March 21, 2020 1:16 PM >> To: ceph-users@xxxxxxx <ceph-users@xxxxxxx> >> Subject: Re: Cephfs mount error 1 = Operation not permitted >> >> I just remembered there was a thread [1] about that a couple of weeks >> ago. Seems like you need to add the capabilities to the client. >> >> [1] >> https://lists.ceph.io/hyperkitty/list/ceph-users@xxxxxxx/thread/23FDDSYBCDVMYGCUTALACPFAJYITLOHJ/#I6LJR72AJGOCGINVOVEVSCKRIWV5TTZ2 >> >> >> Zitat von Eugen Block <eblock@xxxxxx>: >> >> > Hi, >> > >> > have you tried to mount with the secret only instead of a secret file? >> > >> > mount -t ceph ceph-n4:6789:/ /ceph -o name=client.1,secret=<SECRET> >> > >> > If that works your secret file is not right. If not you should check >> > if the client actually has access to the cephfs pools ('ceph auth >> > list'). >> > >> > >> > >> > Zitat von "Dungan, Scott A." <sdungan@xxxxxxxxxxx>: >> > >> >> I am still very new to ceph and I have just set up my first small >> >> test cluster. I have Cephfs enabled (named cephfs) and everything >> >> is good in the dashboard. I added an authorized user key for cephfs >> >> with: >> >> >> >> ceph fs authorize cephfs client.1 / r / rw >> >> >> >> I then copied the key to a file with: >> >> >> >> ceph auth get-key client.1 > /tmp/client.1.secret >> >> >> >> Copied the file over to the client and then attempt mount witth the >> >> kernel driver: >> >> >> >> mount -t ceph ceph-n4:6789:/ /ceph -o >> >> name=client.1,secretfile=/root/client.1.secret >> >> mount error 1 = Operation not permitted >> >> >> >> I looked in the logs on the mds (which is also the mgr and mon for >> >> the cluster) and I don't see any events logged for this. I also >> >> tried the mount command with verbose and I didn't get any further >> >> detail. Any tips would be most appreciated. >> >> >> >> -- >> >> >> >> Scott Dungan >> >> California Institute of Technology >> >> Office: (626) 395-3170 >> >> sdungan@xxxxxxxxxxx<mailto:sdungan@xxxxxxxxxxx> >> >> >> >> _______________________________________________ >> >> ceph-users mailing list -- ceph-users@xxxxxxx >> >> To unsubscribe send an email to ceph-users-leave@xxxxxxx >> >> >> _______________________________________________ >> ceph-users mailing list -- ceph-users@xxxxxxx >> To unsubscribe send an email to ceph-users-leave@xxxxxxx >> _______________________________________________ >> ceph-users mailing list -- ceph-users@xxxxxxx >> To unsubscribe send an email to ceph-users-leave@xxxxxxx _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |