> I have a Nautilus (14.2.8) cluster and I'd like to give access to a pool with librados to a user. > > Here what I have > >> # ceph osd pool ls detail | grep user1 >> pool 5 'user1' replicated size 3 min_size 2 crush_rule 0 object_hash rjenkins pg_num 256 pgp_num 256 autoscale_mode warn last_change 108 flags hashpspool max_bytes 1099511627776 stripe_width 0 application user1 > >> # ceph auth get client.user1 >> exported keyring for client.user1> client.user1 >> key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX== >> caps: [mon] allow r >> caps: [osd] allow rw pool=user1 namespace=user1 > On the client > >> $ cat ~/ceph.conf>> [global] >> mon host = [v2:10.90.36.16:3300,v1:10.90.36.16:6789],[v2:10.90.36.17:3300,v1:10.90.36.17:6789],[v2:10.90.36.18:3300,v1:10.90.36.18:6789] >> keyring = ~/user1.keyring > >> $ cat ~/user1.keyring >> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX== > >> $ rados -c ~/ceph.conf -p pool ls >> 2020-04-02 12:44:59.900 7fd78aea3700 -1 monclient(hunting): handle_auth_bad_method server allowed_methods [2] but i only support [2,1] >> 2020-04-02 12:44:59.900 7fd789ea1700 -1 monclient(hunting): handle_auth_bad_method server allowed_methods [2] but i only support [2,1] >> 2020-04-02 12:44:59.900 7fd78a6a2700 -1 monclient(hunting): handle_auth_bad_method server allowed_methods [2] but i only support [2,1] >> failed to fetch mon config (--no-mon-config to skip) > > Is there something I missed? I did more tests and even with those capabilities, it doesn't work. [client.user1] key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX== caps mds = "allow *" caps mgr = "allow *" caps mon = "allow *" caps osd = "allow *" But if I use client.admin user, it works. [client.admin] key = YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY== caps mds = "allow *" caps mgr = "allow *" caps mon = "allow *" caps osd = "allow *" $ rados -c ~/ceph.conf -p pool ls $ -- Yoann Moulin EPFL IC-IT _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |