Hi,
On 29-04-2024 17:15, Ilya Dryomov wrote:
On Tue, Apr 23, 2024 at 8:28 PM Stefan Kooman <stefan@xxxxxx> wrote:
On 23-04-2024 17:44, Ilya Dryomov wrote:
On Mon, Apr 22, 2024 at 7:45 PM Stefan Kooman <stefan@xxxxxx> wrote:
Hi,
We are testing rbd-mirroring. There seems to be a permission error with
the rbd-mirror user. Using this user to query the mirror pool status gives:
failed to query services: (13) Permission denied
And results in the following output:
health: UNKNOWN
daemon health: UNKNOWN
image health: OK
images: 3 total
2 replaying
1 stopped
So, this command: rbd --id rbd-mirror mirror pool status rbd
Hi Stefan,
What is the output of "ceph auth get client.rbd-mirror"?
[client.rbd-mirror]
key = REDACTED
caps mon = "profile rbd-mirror"
caps osd = "profile rbd"
Hi Stefan,
I went through the git history and this appears to be expected, at
least for some definition of expected. Commit [1] clearly recognized
the problem and made the
rbd: failed to query services: (13) Permission denied
error that you ran into with "rbd mirror pool status" non-fatal.
Also, there is a comment in the respective PR [2] acknowledging that
even
caps mgr = "profile rbd"
cap (which your client.rbd-mirror user doesn't have and rbd-mirror
daemon doesn't actually need) would NOT be sufficient to resolve the
error because "our profiles don't give the average user access to see
Ceph cluster services".
[1] https://github.com/ceph/ceph/pull/33219/commits/1cb9e3b56932a1b00850b9cce4c65f8681dcc3cc
[2] https://github.com/ceph/ceph/pull/33219#discussion_r378436795
Sorry for the late reply, and thanks for looking into it. Properly
fixing it would probably be a lot of work not worth the effort. Fair enough.
Gr. Stefan
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
