I think the cluster was quiet for a week or two. (I cant remember exactly)
But now the warning is there and does not dissappear anymore.
Am 19.07.2021 um 20:48 schrieb Sage Weil:
IIRC 'ceph health mute' is new in octopus (15.2.x). But disabling the
mon_warn_on_insecure_global_id_reclaim_allowed setting should be
sufficient to make the cluster be quiet...
On Mon, Jul 19, 2021 at 10:53 AM Siegfried Höllrigl
<siegfried.hoellrigl@xxxxxxxxxx> wrote:
Hi !
We have upgraded our Ceph Cluster to version 14.2.20 now.
But we can not upgrade all clients at the moment, so we would like to
stick with the insecure global id for a while.
So we have set :
ceph config set mon mon_warn_on_insecure_global_id_reclaim_allowed false
and
ceph config set mon auth_expose_insecure_global_id_reclaim false
So that the mon warning disappears.
But we still have the warning about the insecure clients.
According to https://docs.ceph.com/en/latest/security/CVE-2021-20288/
- this warning can be muted (for a limited time).
But this command doesn´t seem to work :
ceph health mute AUTH_INSECURE_GLOBAL_ID_RECLAIM_ALLOWED 1w
mute not valid: mute not in detail
Invalid command: unused arguments: [u'mute',
u'AUTH_INSECURE_GLOBAL_ID_RECLAIM_ALLOWED', u'1w']
health {detail} : show cluster health
Error EINVAL: invalid command
This is not a real problem for the moment, but it would be nice, if we
could mute this warning because our monitoring doesnt work correctly in
this case (this is checking for "health ok").
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
--
Siegfried Höllrigl
Technik
________________________________________________________________________________
Xidras GmbH
Stockern 47
3744 Stockern
Austria
Tel: +43 (0)2983 201 30505
Fax: +43 (0)2983 201 30505 9
Email: siegfried.hoellrigl@xxxxxxxxxx
Web: http://www.xidras.com
FN 317036 f | Landesgericht Krems | ATU64485024
________________________________________________________________________________
VERTRAULICHE INFORMATIONEN!
Diese eMail enthält vertrauliche Informationen und ist nur für den berechtigten
Empfänger bestimmt. Wenn diese eMail nicht für Sie bestimmt ist, bitten wir Sie,
diese eMail an uns zurückzusenden und anschließend auf Ihrem Computer und
Mail-Server zu löschen. Solche eMails und Anlagen dürfen Sie weder nutzen,
noch verarbeiten oder Dritten zugänglich machen, gleich in welcher Form.
Wir danken für Ihre Kooperation!
CONFIDENTIAL!
This email contains confidential information and is intended for the authorised
recipient only. If you are not an authorised recipient, please return the email
to us and then delete it from your computer and mail-server. You may neither
use nor edit any such emails including attachments, nor make them accessible
to third parties in any manner whatsoever.
Thank you for your cooperation
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
