Hi,
I can't really confirm your observation, I have a test cluster
(running on openSUSE Leap) upgraded from N to Q a few weeks ago
(17.2.3) and this worked fine:
nautilus:~ # ceph auth get-or-create client.cinder mgr 'profile rbd'
mon 'profile rbd' osd 'profile rbd pool=cinder'
nautilus:~ # ceph auth export client.cinder -o
/etc/ceph/ceph.client.cinder.keyring
nautilus:~ # cat /etc/ceph/ceph.client.cinder.keyring
[client.cinder]
key = AQC1kaFj6YVJHhAAloN9PknqzrpQ83prgWGl7g==
caps mgr = "profile rbd"
caps mon = "profile rbd"
caps osd = "profile rbd pool=cinder"
nautilus:~ # rbd --id cinder -k /etc/ceph/ceph.client.cinder.keyring
-p cinder create --size 1024 cinder/test2
nautilus:~ # rbd --id cinder -k /etc/ceph/ceph.client.cinder.keyring
-p cinder ls
test2
Then I upgraded to 17.2.5 a few minutes ago but it still works for me.
Are you running the commands from within the /etc/ceph directory? And
have you tried to run the same command with the full keyring path
('-k')? Although I would have expected a different error message:
nautilus:~ # rbd --id cinder -k ceph.client.cinder.keyring -p cinder
create --size 1024 cinder/test3
2022-12-20T12:09:06.736+0100 7f9680aca380 -1 auth: unable to find a
keyring on ceph.client.cinder.keyring: (2) No such file or directory
2022-12-20T12:09:06.736+0100 7f9680aca380 -1
AuthRegistry(0x560cc61b5f18) no keyring found at
ceph.client.cinder.keyring, disabling cephx
2022-12-20T12:09:06.740+0100 7f9680aca380 -1 auth: unable to find a
keyring on ceph.client.cinder.keyring: (2) No such file or directory
2022-12-20T12:09:06.740+0100 7f9680aca380 -1
AuthRegistry(0x7ffefe11dcc0) no keyring found at
ceph.client.cinder.keyring, disabling cephx
rbd: couldn't connect to the cluster!
Zitat von J-P Methot <jp.methot@xxxxxxxxxxxxxxxxx>:
Hi,
I've upgraded to the latest quincy release using cephadm on my test
cluster (Ubuntu jammy) and I'm running in a very peculiar issue
regarding user authentication:
-I have a pool called "cinder-replicated" for storing RBDs (application: RBD)
-I have a user called cinder with the following authorization caps :
client.cinder
key: [redacted]
caps: [mgr] profile rbd
caps: [mon] profile rbd
caps: [osd] profile rbd pool=cinder-replicated, profile rbd
pool=nova-meta, profile rbd pool=glance-meta, profile rbd
pool=cinder-erasure, profile rbd pool=cinder-meta
-If I use the command "rbd -p cinder-replicated --id cinder -k
ceph.client.cinder.keyring ls" I get a list of RBDs in the pool, as
you would expect
-If I use the command "rbd create --id cinder -k
ceph.client.cinder.keyring --size 1024 cinder-replicated/test2", I
get "rbd: create error: (22) Invalid argument"
-If I use the command "rbd create --size 1024
cinder-replicated/test2" which uses the admin user and keyring by
default, I have no problem creating the RBD.
The fact that it works with the admin user and not with the cinder
user makes me believe that it's an authentication issue. A possible
cause could be that my client is on version 17.2.0 and my cluster is
on 17.2.5, but there doesn't seem to be official jammy packages for
17.2.5 yet. Also, the release notes don't indicate any change to
ceph auth.
--
Jean-Philippe Méthot
Senior Openstack system administrator
Administrateur système Openstack sénior
PlanetHoster inc.
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
