Bug #15378
closedceph_volume_client: hasty removal of OSD caps during deauthorization
0%
Description
When deauthorizing access of a Ceph user to a volume (a CephFS directory),
the volume client removes OSD caps that allow access to the data pool
used by the volume. The deauthorization method does not consider that the
user would still need access to the data pool if it had already been
authorized to access other volumes using the same pool.
Updated by Greg Farnum about 8 years ago
- Category changed from 44 to 87
- Assignee set to Ramana Raja
Updated by Ramana Raja about 8 years ago
This issue would no longer be a concern once each volume (CephFS directory) gets its own RADOS namespace http://tracker.ceph.com/issues/15400
So when a auth ID is authorized mount access to a volume, the auth ID's OSD caps would be restricted to a RADOS namespace (unique to a volume) and not to an entire data pool. Likewise, the deauthorization of volume access for user, would involve removing OSD caps for access to the RADOS namespace that is specific to the volume.
Updated by Patrick Donnelly about 5 years ago
- Category deleted (
87) - Labels (FS) Manila added