Hello Iban,
We finally did it ! With your example, we set up a client which does
what we need.
We only regret that the documentation of ceph auth in not a little more
explicit, that
could have led us quicker to the solution.
Many thanks Iban, and Kai Stian Olstad too
Best regards
JM
Le 19/07/2022 à 14:12, Jean-Marc FONTANA a écrit :
Hello Iban,
Thanks for your answering ! We finally managed to connect with the
admin keyring
and we think that is not the best practice. We shall try your conf
and get you advised of the result.
Best regards
JM
Le 19/07/2022 à 11:08, Iban Cabrillo a écrit :
Hi Jean,
If you do not want to use the admin user, which is the most logical thing to do, you must create a client with rbd access to the pool on which you are going to perform the I/O actions.
For example in our case it is the user cinder:
client.cinder
key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
caps: [mgr] allow r
caps: [mon] profile rbd
caps: [osd] profile rbd pool=vol1, profile rbd pool=vol2 ..... profile rbd pool=volx
And the install the client keyring on the client node:
cephclient:~ # ls -la /etc/ceph/
total 28
drwxr-xr-x 2 root root 4096 Jul 18 11:37 .
drwxr-xr-x 132 root root 12288 Jul 18 11:37 ...
-rw-r--r-- 1 root root root 64 Oct 19 2017 ceph.client.cinder.keyring
-rw-r--r-- 1 root root root 2018 Jul 18 11:37 ceph.conf
In our case we have added
cat /etc/profile.d/ceph-cinder.sh
export CEPH_ARGS="--keyring /etc/ceph/ceph.client.cinder.keyring --id cinder"
so that it picks it up automatically-
cephclient:~ # rbd ls -p volumes
image01_to_remove
volume-01bbf2ee-198c-446d-80bf-f68292130f5c
volume-036865ad-6f9b-4966-b2ea-ce10bf09b6a9
volume-04445a86-a032-4731-8bff-203dfc5d02e1
......
I hope this help you.
Cheers, I
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx