Project

General

Profile

Actions
Copy link

Bug #15378

closed

ceph_volume_client: hasty removal of OSD caps during deauthorization

Added by Ramana Raja about 8 years ago. Updated about 5 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
Ramana Raja
Category:
-
Target version:
-
% Done:

0%

Source:
Development
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
Labels (FS):
Manila
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

When deauthorizing access of a Ceph user to a volume (a CephFS directory),
the volume client removes OSD caps that allow access to the data pool
used by the volume. The deauthorization method does not consider that the
user would still need access to the data pool if it had already been
authorized to access other volumes using the same pool.

Actions
Copy link
 #1

Updated by Greg Farnum about 8 years ago

  • Category changed from 44 to 87
  • Assignee set to Ramana Raja
Actions
Copy link
 #2

Updated by Ramana Raja about 8 years ago

This issue would no longer be a concern once each volume (CephFS directory) gets its own RADOS namespace http://tracker.ceph.com/issues/15400
So when a auth ID is authorized mount access to a volume, the auth ID's OSD caps would be restricted to a RADOS namespace (unique to a volume) and not to an entire data pool. Likewise, the deauthorization of volume access for user, would involve removing OSD caps for access to the RADOS namespace that is specific to the volume.

Actions
Copy link
 #3

Updated by Ramana Raja about 8 years ago

  • Status changed from New to Rejected
Actions
Copy link
 #4

Updated by Patrick Donnelly about 5 years ago

  • Category deleted (87)
  • Labels (FS) Manila added
Actions
Copy link

Also available in: Atom PDF