I suppose the correct syntax is that anything after "client." is the
name? So:
ceph fs authorize cephfs client.bob / r / rw
Would authorize a client named bob?
Yes, exactly:
admin:~ # ceph fs authorize cephfs client.bob / r / rw
[client.bob]
key = AQAyw3leAv9tKxAA+wtNEa40yK6svPE/VPlqdA==
admin:~ # mount -t ceph mon1:/ /mnt/ -o
name=bob,secret=AQAyw3leAv9tKxAA+wtNEa40yK6svPE/VPlqdA==
admin:~ # touch /mnt/file
Zitat von "Dungan, Scott A." <sdungan@xxxxxxxxxxx>:
That was it! I am not sure how I got confused with the client name
syntax. When I issued the command to create a client key, I used:
ceph fs authorize cephfs client.1 / r / rw
I assumed from the syntax that my client name is "client.1"
I suppose the correct syntax is that anything after "client." is the
name? So:
ceph fs authorize cephfs client.bob / r / rw
Would authorize a client named bob?
-Scott
________________________________
From: Eugen Block <eblock@xxxxxx>
Sent: Monday, March 23, 2020 11:30 AM
To: Dungan, Scott A. <sdungan@xxxxxxxxxxx>
Cc: Yan, Zheng <ukernel@xxxxxxxxx>; ceph-users@xxxxxxx <ceph-users@xxxxxxx>
Subject: Re: Re: Cephfs mount error 1 = Operation not permitted
Wait, your client name is just "1"? In that case you need to specify
that in your mount command:
mount ... -o name=1,secret=...
It has to match your ceph auth settings, where "client" is only a
prefix and is followed by the client's name
[client.1]
Zitat von "Dungan, Scott A." <sdungan@xxxxxxxxxxx>:
Tried that:
[client.1]
key = *******************************
caps mds = "allow rw path=/"
caps mon = "allow r"
caps osd = "allow rw tag cephfs pool=meta_data, allow rw pool=data"
No change.
________________________________
From: Yan, Zheng <ukernel@xxxxxxxxx>
Sent: Sunday, March 22, 2020 9:28 PM
To: Dungan, Scott A. <sdungan@xxxxxxxxxxx>
Cc: Eugen Block <eblock@xxxxxx>; ceph-users@xxxxxxx <ceph-users@xxxxxxx>
Subject: Re: Re: Cephfs mount error 1 = Operation not permitted
On Sun, Mar 22, 2020 at 8:21 AM Dungan, Scott A.
<sdungan@xxxxxxxxxxx> wrote:
Zitat, thanks for the tips.
I tried appending the key directly in the mount command
(secret=<CLIENT.1.SECRET>) and that produced the same error.
I took a look at the thread you suggested and I ran the commands
that Paul at Croit suggested even though I the ceph dashboard
showed "cephs" as already set as the application on both my data
and metadata pools:
[root@ceph-n4 ~]# ceph osd pool application set data cephfs data cephfs
set application 'cephfs' key 'data' to 'cephfs' on pool 'data'
[root@ceph-n4 ~]# ceph osd pool application set meta_data cephfs
metadata cephfs
set application 'cephfs' key 'metadata' to 'cephfs' on pool 'meta_data'
No change. I get the "mount error 1 = Operation not permitted"
error the same as before.
I also tried manually editing the caps osd pool tags for my
client.1, to allow rw to both the data pool as well as the metadata
pool, as suggested further in the thread:
[client.1]
key = ***********************************
caps mds = "allow rw path=all"
try replacing this with "allow rw path=/"
caps mon = "allow r"
caps osd = "allow rw tag cephfs pool=meta_data, allow rw pool=data"
No change.
________________________________
From: Eugen Block <eblock@xxxxxx>
Sent: Saturday, March 21, 2020 1:16 PM
To: ceph-users@xxxxxxx <ceph-users@xxxxxxx>
Subject: Re: Cephfs mount error 1 = Operation not permitted
I just remembered there was a thread [1] about that a couple of weeks
ago. Seems like you need to add the capabilities to the client.
[1]
https://lists.ceph.io/hyperkitty/list/ceph-users@xxxxxxx/thread/23FDDSYBCDVMYGCUTALACPFAJYITLOHJ/#I6LJR72AJGOCGINVOVEVSCKRIWV5TTZ2
Zitat von Eugen Block <eblock@xxxxxx>:
> Hi,
>
> have you tried to mount with the secret only instead of a secret file?
>
> mount -t ceph ceph-n4:6789:/ /ceph -o name=client.1,secret=<SECRET>
>
> If that works your secret file is not right. If not you should check
> if the client actually has access to the cephfs pools ('ceph auth
> list').
>
>
>
> Zitat von "Dungan, Scott A." <sdungan@xxxxxxxxxxx>:
>
>> I am still very new to ceph and I have just set up my first small
>> test cluster. I have Cephfs enabled (named cephfs) and everything
>> is good in the dashboard. I added an authorized user key for cephfs
>> with:
>>
>> ceph fs authorize cephfs client.1 / r / rw
>>
>> I then copied the key to a file with:
>>
>> ceph auth get-key client.1 > /tmp/client.1.secret
>>
>> Copied the file over to the client and then attempt mount witth the
>> kernel driver:
>>
>> mount -t ceph ceph-n4:6789:/ /ceph -o
>> name=client.1,secretfile=/root/client.1.secret
>> mount error 1 = Operation not permitted
>>
>> I looked in the logs on the mds (which is also the mgr and mon for
>> the cluster) and I don't see any events logged for this. I also
>> tried the mount command with verbose and I didn't get any further
>> detail. Any tips would be most appreciated.
>>
>> --
>>
>> Scott Dungan
>> California Institute of Technology
>> Office: (626) 395-3170
>> sdungan@xxxxxxxxxxx<mailto:sdungan@xxxxxxxxxxx>
>>
>> _______________________________________________
>> ceph-users mailing list -- ceph-users@xxxxxxx
>> To unsubscribe send an email to ceph-users-leave@xxxxxxx
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx