Hey, I have a test setup with a 3-node samba cluster. This cluster consists of 3 vm's storing its locks on a replicated gluster volume. I want to switch to 2 physical smb-gateways for performance reasons (not enough money for 3), and since the 2-node cluster can't get quorum, I hope to switch to storing the ctdb lock in ceph and hope that will work reliably. (experiences with 2 node SMB clusters?) I am looking into the ctdb rados helper: [cluster] recovery lock = !/usr/lib/x86_64-linux-gnu/ctdb/ctdb_mutex_ceph_rados_helper ceph client.tenant1 cephfs_metadata ctdb_lock Now I do have a bit of experience with cephfs, rbd and rgw, but not rados. How do I give the user client.tenant1 permissions? We have a single cephfs, with 4 different tenants (departments). Each department has their own samba cluster. We're using cephfs permissions to limit the tenants to their own path (I hope). example of ceph auth: client.tenant1 key: ***** caps: [mds] allow rws fsname=cephfs path=/tenant1 caps: [mon] allow r fsname=cephfs caps: [osd] allow rw tag cephfs data=cephfs If I try some stuff manually (without really knowing how to specify objects or what that means), I get this permission denied error: root@tenant1-1:~# /usr/lib/x86_64-linux-gnu/ctdb/ctdb_mutex_ceph_rados_helper ceph client.tenant1 cephfs_metadata tenant1/ctdb_lock 1 /usr/lib/x86_64-linux-gnu/ctdb/ctdb_mutex_ceph_rados_helper: Failed to get lock on RADOS object 'tenant1/ctdb_lock' - (Operation not permitted) Angelo. _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |