That's a known issue. You probably did "enable application cephfs" on the pools. This prevents a meta data tag to be applied correctly. If you google for your problem, you will find threads on this with fixes. There was at least one this year.
Also, you could just start from scratch one more time and follow the instructions but ignore the enable application part.
Best regards,
=================
Frank Schilder
AIT Risø Campus
Bygning 109, rum S14
________________________________________
From: Jonathan D. Proulx <jon@xxxxxxxxxxxxx>
Sent: 19 November 2020 15:33:06
To: ceph-users
Subject: newbie Cephfs auth permissions issues
Hi All,
I've been using ceph block and object storage for years but just
wandering into cephfs now (Nautilus all servers on 14.2.9 ).
I created small data and metadata pools, a new filesystem and used:
ceph fs authorize <fsname> client.<name> / rw
creating two new users to mount it, both can one using fuse (14.2.9)
and one using kernel client (Ubuntu 20.04 kernel 5.4.0-53).
so far so good, but then it gets "weird" I can perform metadata
operations like "mkdir" and "touch" but not actually write any data:
testy-mctestface% touch /mnt/cephfs/boo
testy-mctestface% echo foo > /mnt/cephfs/boo
echo: write error: operation not permitted
auth caps look good to me, but seem most likely to be worng:
root@ceph-mon0:/ # ceph auth get client.client0
exported keyring for client.client0
[client.client0]
key = <SEKRET>
caps mds = "allow rw"
caps mon = "allow r"
caps osd = "allow rw tag cephfs data=<fsname>"
is "data" hear supposed to be <fsname> or <data_pool_name>? Presumably
it's fsname since that what the "fa authorize" put there and it should
know...
can anyone see what I'm doing wrong here?
Thanks,
-Jon
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
