Feature #15733
openceph-osd should chown OSD data when --setuser is specified
0%
Description
Currently users that upgrade from Hammer have to run a large "chown" operation (or series of operations) by hand.
Since the OSD starts as root in systemd and drops privileges with --setuser ceph --setgroup ceph, one of the things that the OSD could do before dropping privileges is run the recursive chown operation on all the OSD data. This would be particularly nice because we even know the UID, from the --setuser argument.
Argument for implementing in ceph-disk¶
ceph-disk already contains heuristics for determining the user/group to pass to ceph-osd [1] and --setuser ceph --setgroup ceph is hardcoded when starting ceph-osd via the systemd service [2].
If someone is passing a user/group other than "ceph" to the OSD via --setuser/--setgroup, they will be doing the same with ceph-disk (which also takes --setuser/--setgroup). Alternatively they will not be using ceph-disk at all.
[1] https://github.com/ceph/ceph/blob/master/src/ceph-disk/ceph_disk/main.py#L951
[2] https://github.com/ceph/ceph/blob/master/systemd/ceph-osd%40.service#L12
Updated by Nathan Cutler almost 8 years ago
- Assignee set to Nathan Cutler
- Source changed from other to Development
Agreed on ceph-devel to do the recursive chown in ceph-disk instead of in the OSD itself: http://comments.gmane.org/gmane.comp.file-systems.ceph.devel/31173
Updated by Nathan Cutler almost 8 years ago
- Project changed from Ceph to devops
- Subject changed from OSD should chown its own data when --setuser is specified to ceph-disk should chown OSD data when --setuser is specified
Updated by Nathan Cutler almost 8 years ago
- Related to Bug #15874: Upon hammer->jewel upgrade, OSD cannot access journal device until after reboot added
Updated by Nathan Cutler almost 8 years ago
- Related to deleted (Bug #15874: Upon hammer->jewel upgrade, OSD cannot access journal device until after reboot)
Updated by Yuri Weinstein almost 8 years ago
@Nathan Weinberg - Can we/do we want to add ceph-disk ops into standard upgrade suites ?
Updated by Nathan Cutler almost 8 years ago
@Yuri: IIRC the "install" and "ceph" tasks are not using systemd. Perhaps that is the reason why the upgrade suite is not catching these bugs.
Updated by Nathan Cutler almost 8 years ago
@Ken In light of #15874 I realized that it's not enough to do the recursive chown at boot time. On package upgrade there is a reasonable assumption that one can simply restart the services and they will work without an intervening reboot. And "systemctl restart ceph.target" does not exercise ceph-disk at all.
So we're back to doing it in the OSD.
Updated by Ken Dreyer almost 8 years ago
- Subject changed from ceph-disk should chown OSD data when --setuser is specified to ceph-osd should chown OSD data when --setuser is specified
Updated by Nathan Cutler over 7 years ago
- Status changed from Rejected to New
- Assignee deleted (
Nathan Cutler)