Hello, In our Ceph cluster we encountered issues while attempting to execute "radosgw-admin" command on client side using cephx user having read only permission. Whenever we are executing "radosgw-admin user list" command it is throwing an error. "ceph version 18.2.1 (7fe91d5d5842e04be3b4f514d6dd990c54b29c76) reef (stable)" We have performed below steps in our environment Case-1 : First we created cephx user with below privileges client.rgw.username key: <-------key-------> caps: [mgr] allow r caps: [mon] allow r caps: [osd] allow r tag rgw *=* on client side we copied keyring and ceph.conf file What we noticed on client machine all general command like "ceph -s", "ceph health detail" "ceph df" running fine, even "radosgw-admin zonegroup list --id=rgw.username," command returned the expected output, but when attempting commands like "radosgw-admin user list," "radosgw-admin bucket list," or "radosgw-admin user info," errors were encountered. Below are the outputs that is throwing root@control:~# radosgw-admin user list --id=rgw.username 2024-01-03T17:34:06.498+0000 7f915ece1fc0 0 ERROR: failed reading data (obj=default.rgw.log:bucket.sync-source-hints.), r=-1 2024-01-03T17:34:06.498+0000 7f915ece1fc0 0 ERROR: failed to update sources index for bucket=:[]) r=-1 2024-01-03T17:34:06.498+0000 7f915ece1fc0 0 ERROR: failed to initialize bucket sync policy handler: get_bucket_sync_hints() on bucket=-- returned r=-1 2024-01-03T17:34:06.498+0000 7f915ece1fc0 -1 ERROR: could not initialize zone policy handler for zone=default 2024-01-03T17:34:06.498+0000 7f915ece1fc0 0 ERROR: failed to start notify service ((1) Operation not permitted 2024-01-03T17:34:06.498+0000 7f915ece1fc0 0 ERROR: failed to init services (ret=(1) Operation not permitted) couldn't init storage provider Case- 2 : In this case we granted read permissions to the rgw data pool and index pool for the user, client.rgw.username key: <----key----> caps: [mgr] allow r caps: [mon] allow r caps: [osd] allow r pool=default.rgw.log Despite this, while general commands worked perfectly fine on the client side, but "radosgw-admin" commands still failed to execute. Here is the output root@control:~# radosgw-admin user list --id=rgw.username 2024-01-03T17:43:38.071+0000 7f8b5a8bffc0 0 failed reading realm info: ret -1 (1) Operation not permitted 2024-01-03T17:43:38.071+0000 7f8b5a8bffc0 0 ERROR: failed to start notify service ((1) Operation not permitted 2024-01-03T17:43:38.071+0000 7f8b5a8bffc0 0 ERROR: failed to init services (ret=(1) Operation not permitted) couldn't init storage provider Have I overlooked anything in the process? Any guidance or insight would be greatly appreciated. Thanks, Mohammad Saif Ceph Enthusiast In the first step, we created a CephX user named client.rgw.saif with read permissions for the manager (mgr), monitor (mon), and object storage daemon (osd) components, along with specific RGW capabilities. On the client side, we successfully copied the keyring and ceph.conf, and certain commands, such as radosgw-admin zonegroup list --id=rgw.username, _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |