Re: rbd map error: couldn't connect to the cluster!

[Eugen Block <eblock@xxxxxx>]

I tried to recreate this restrictive client access, one thing is that  
the rbd_id is in lower-case. I created a test client named "TEST":

storage01:~ # rados -p pool ls | grep -vE  
"5473cdeb5c62c|1f553ba0f6222" | grep test
rbd_id.test

But after adding all necessary caps I'm still not allowed to get the  
image info:

client:~ # rbd -p pool info test --id TEST --keyring  
/etc/ceph/ceph.client.TEST.keyring
2023-02-23T16:35:16.740+0100 7faebaffd700 -1  
librbd::mirror::GetInfoRequest: 0x556072a66560  
handle_get_mirror_image: failed to retrieve mirroring state: (1)  
Operation not permitted
rbd: info: (1) Operation not permitted

And I don't have rbd-mirror enabled in this cluster, so that's kind of  
strange... I'll try to find out which other caps it requires. I  
already disabled all image features but to no avail.

Zitat von Thomas Schneider <74cmonty@xxxxxxxxx>:

> I'll delete existing authentication and its caps "VCT" and recreate it.
>
> Just to be sure: there's no ingress communication to the client  
> (from Ceph server)?
>
> Am 23.02.2023 um 16:01 schrieb Eugen Block:
> > For rbd commands you don't specify the "client" prefix for the --id  
> > parameter, just the client name, in your case "VCT". Your second  
> > approach shows a different error message, so it can connect with  
> > "VCT" successfully, but the permissions seem not to be sufficient.  
> > Those caps look very restrictive, not sure which prevent the map  
> > command though.
> >
> > Zitat von Thomas Schneider <74cmonty@xxxxxxxxx>:
> >
> > > Hm... I'm not sure about the correct rbd command syntax, but I  
> > > thought it's correct.
> > >
> > > Anyway, using a different ID fails, too:
> > > # rbd map hdb_backup/VCT --id client.VCT --keyring  
> > > /etc/ceph/ceph.client.VCT.keyring
> > > rbd: couldn't connect to the cluster!
> > >
> > > # rbd map hdb_backup/VCT --id VCT --keyring  
> > > /etc/ceph/ceph.client.VCT.keyring
> > > 2023-02-23T15:46:16.848+0100 7f222d19d700 -1  
> > > librbd::image::GetMetadataRequest: 0x7f220c001ef0  
> > > handle_metadata_list: failed to retrieve image metadata: (1)  
> > > Operation not permitted
> > > 2023-02-23T15:46:16.848+0100 7f222d19d700 -1  
> > > librbd::image::RefreshRequest: failed to retrieve pool metadata:  
> > > (1) Operation not permitted
> > > 2023-02-23T15:46:16.848+0100 7f222d19d700 -1  
> > > librbd::image::OpenRequest: failed to refresh image: (1) Operation  
> > > not permitted
> > > 2023-02-23T15:46:16.848+0100 7f222c99c700 -1 librbd::ImageState:  
> > > 0x5569d8a16ba0 failed to open image: (1) Operation not permitted
> > > rbd: error opening image VCT: (1) Operation not permitted
> > >
> > >
> > > Am 23.02.2023 um 15:30 schrieb Eugen Block:
> > > > You don't specify which client in your rbd command:
> > > >
> > > > > rbd map hdb_backup/VCT --id client --keyring  
> > > > > /etc/ceph/ceph.client.VCT.keyring
> > > >
> > > > Have you tried this (not sure about upper-case client names,  
> > > > haven't tried that)?
> > > >
> > > > rbd map hdb_backup/VCT --id VCT --keyring  
> > > > /etc/ceph/ceph.client.VCT.keyring
> > > >
> > > >
> > > > Zitat von Thomas Schneider <74cmonty@xxxxxxxxx>:
> > > >
> > > > > Hello,
> > > > >
> > > > > I'm trying to mount RBD using rbd map, but I get this error message:
> > > > > # rbd map hdb_backup/VCT --id client --keyring  
> > > > > /etc/ceph/ceph.client.VCT.keyring
> > > > > rbd: couldn't connect to the cluster!
> > > > >
> > > > > Checking on Ceph server the required permission for relevant  
> > > > > keyring exists:
> > > > > # ceph-authtool -l /etc/ceph/ceph.client.VCT.keyring
> > > > > [client.VCT]
> > > > >         key = AQBj3LZjNGn/BhAAG8IqMyH0WLKi4kTlbjiW7g==
> > > > >
> > > > > # ceph auth get client.VCT
> > > > > [client.VCT]
> > > > >         key = AQBj3LZjNGn/BhAAG8IqMyH0WLKi4kTlbjiW7g==
> > > > >         caps mon = "allow r"
> > > > >         caps osd = "allow rwx pool hdb_backup object_prefix  
> > > > > rbd_data.b768d4baac048b; allow rwx pool hdb_backup object_prefix  
> > > > > rbd_header.b768d4baac048b; allow rx pool hdb_backup  
> > > > > object_prefix rbd_id.VCT"
> > > > > exported keyring for client.VCT
> > > > >
> > > > >
> > > > > Can you please advise how to fix this error?
> > > > >
> > > > >
> > > > > THX
> > > > > _______________________________________________
> > > > > ceph-users mailing list -- ceph-users@xxxxxxx
> > > > > To unsubscribe send an email to ceph-users-leave@xxxxxxx
> > > >
> > > >
> > > > _______________________________________________
> > > > ceph-users mailing list -- ceph-users@xxxxxxx
> > > > To unsubscribe send an email to ceph-users-leave@xxxxxxx
> > > _______________________________________________
> > > ceph-users mailing list -- ceph-users@xxxxxxx
> > > To unsubscribe send an email to ceph-users-leave@xxxxxxx
> >
> >
> > _______________________________________________
> > ceph-users mailing list -- ceph-users@xxxxxxx
> > To unsubscribe send an email to ceph-users-leave@xxxxxxx
> _______________________________________________
> ceph-users mailing list -- ceph-users@xxxxxxx
> To unsubscribe send an email to ceph-users-leave@xxxxxxx


_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx