Feature #15733
open
ceph-osd should chown OSD data when --setuser is specified
Added by Ken Dreyer about 8 years ago.
Updated over 7 years ago.
Description
Currently users that upgrade from Hammer have to run a large "chown" operation (or series of operations) by hand.
Since the OSD starts as root in systemd and drops privileges with --setuser ceph --setgroup ceph
, one of the things that the OSD could do before dropping privileges is run the recursive chown operation on all the OSD data. This would be particularly nice because we even know the UID, from the --setuser
argument.
Argument for implementing in ceph-disk¶
ceph-disk already contains heuristics for determining the user/group to pass to ceph-osd [1] and --setuser ceph --setgroup ceph
is hardcoded when starting ceph-osd via the systemd service [2].
If someone is passing a user/group other than "ceph" to the OSD via --setuser/--setgroup
, they will be doing the same with ceph-disk (which also takes --setuser/--setgroup
). Alternatively they will not be using ceph-disk at all.
[1] https://github.com/ceph/ceph/blob/master/src/ceph-disk/ceph_disk/main.py#L951
[2] https://github.com/ceph/ceph/blob/master/systemd/ceph-osd%40.service#L12
- Assignee set to Nathan Cutler
- Source changed from other to Development
- Project changed from Ceph to devops
- Subject changed from OSD should chown its own data when --setuser is specified to ceph-disk should chown OSD data when --setuser is specified
- Description updated (diff)
- Related to Bug #15874: Upon hammer->jewel upgrade, OSD cannot access journal device until after reboot added
- Related to deleted (Bug #15874: Upon hammer->jewel upgrade, OSD cannot access journal device until after reboot)
@Nathan Weinberg - Can we/do we want to add ceph-disk ops into standard upgrade suites ?
@Yuri: IIRC the "install" and "ceph" tasks are not using systemd. Perhaps that is the reason why the upgrade suite is not catching these bugs.
@Ken In light of #15874 I realized that it's not enough to do the recursive chown at boot time. On package upgrade there is a reasonable assumption that one can simply restart the services and they will work without an intervening reboot. And "systemctl restart ceph.target" does not exercise ceph-disk at all.
So we're back to doing it in the OSD.
- Subject changed from ceph-disk should chown OSD data when --setuser is specified to ceph-osd should chown OSD data when --setuser is specified
- Status changed from New to Rejected
- Status changed from Rejected to New
- Assignee deleted (
Nathan Cutler)
Also available in: Atom
PDF