Hi I'm trying to enable Cephx on a cluster already running without Cephx. Here is what I did. 1. I shutdown the cluster. 2. Enabled Cephx in ceph.conf, Mon and Mgr. 3. Brought the Monitor cluster up. No issue. 4. Tried to bring first Manager up, I'm getting following error: === mgr.a === Starting Ceph mgr.a on pcsg3... failed to fetch mon config (--no-mon-config to skip) failed: 'ulimit -n 32768; /usr/local/bin/ceph-mgr -i a --pid-file /var/run/ceph/mgr.a.pid -c /usr/local/etc/ceph/ceph.conf --cluster ceph --setuser ceph --setgroup ceph And in ceph-mon.a.log: cephx server mgr.a: couldn't find entity name: mgr.a My cluster is ceph version 14.2.21. I followed the following as a guide: https://docs.ceph.com/en/nautilus/rados/configuration/auth-config-ref/ I cannot understand why the entity "mgr.a" could not be found! Please find the exact details on what I did below. Appreciate your help. Best regards Sagara Here are the exact details on what I did: 1. Create a client.admin key ceph-authtool --create-keyring /etc/ceph/ceph.client.admin.keyring --gen-key -n client.admin \ --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow *' --cap mgr 'allow *' chown root:ceph /etc/ceph/ceph.client.admin.keyring chmod 640 /etc/ceph/ceph.client.admin.keyring 2. Copy ceph.client.admin.keyring to other Monitors in /etc/ceph/ chown root:ceph /etc/ceph/ceph.client.admin.keyring chmod 640 /etc/ceph/ceph.client.admin.keyring 3. Create a keyring for your monitor cluster and generate a monitor secret key. At monitor a: ceph-authtool --create-keyring /tmp/ceph.mon.keyring --gen-key -n mon. --cap mon 'allow *' cp -v /tmp/ceph.mon.keyring /var/lib/ceph/mon/ceph-a/keyring chown root:ceph /var/lib/ceph/mon/ceph-a/keyring chmod 640 /var/lib/ceph/mon/ceph-a/keyring 4. Copy the monitor keyring to other monitors chown root:ceph /etc/ceph/ceph.mon.b.keyring chmod 640 /etc/ceph/ceph.mon.b.keyring cp -v /etc/ceph/ceph.mon.b.keyring /var/lib/ceph/mon/ceph-b/keyring chown root:ceph /etc/ceph/ceph.mon.c.keyring chmod 640 /etc/ceph/ceph.mon.c.keyring cp -v /etc/ceph/ceph.mon.c.keyring /var/lib/ceph/mon/ceph-c/keyring 5 Start all Monitors. Success. 6. Generate a secret key for every MGR At monitor a: ceph-authtool --create-keyring /tmp/ceph.mgr.keyring --gen-key -n mgr.a \ --cap mon 'allow profile mgr' --cap mds 'allow *' --cap osd 'allow *' cp -v /tmp/ceph.mgr.keyring /var/lib/ceph/mgr/ceph-a/keyring chown root:ceph /var/lib/ceph/mgr/ceph-a/keyring chmod 640 /var/lib/ceph/mgr/ceph-a/keyring cp -v /var/lib/ceph/mgr/ceph-a/keyring /etc/ceph/ceph.mgr.a.keyring 7. Copy the ceph.mgr.keyring to other monitors: chown root:ceph /etc/ceph/ceph.mgr.a.keyring chmod 640 /etc/ceph/ceph.mgr.a.keyring 8. Repeat the above steps 6 and 7 on Monitors b an c for Managers b and c. 9. Start Managers _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |