Project

General

Profile

Documentation #16906

doc: clarify path restriction instructions

Added by huanwen ren over 2 years ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
08/03/2016
Due date:
% Done:

0%

Tags:
Backport:
jewel
Reviewed:
Affected Versions:
Labels (FS):
Pull request ID:

Description

I do path restriction follow´╝Ühttp://docs.ceph.com/docs/master/cephfs/client-auth/

[root@node181 ~]# ceph auth get-or-create client.foo mon 'allow r' mds 'allow r, allow rw path=/bar' osd 'allow rw pool=data'
[client.foo]
        key = AQBGpqFXTCDnJhAAdF1TNwBFQVo0gAT8ce2gFg==

But with the following error when mount

[root@node181 ~]# ceph-fuse -n client.foo /root/mycephfs -r /bar
2016-08-03 16:13:02.449385 7f0d24b27e80 -1 init, newargv = 0x7f0d3035dd30 newargc=11
ceph-fuse[13696]: starting ceph client
2016-08-03 16:13:02.449739 7f0d24b27e80 -1 auth: unable to find a keyring on /etc/ceph/ceph.client.foo.keyring,/etc/ceph/ceph.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin: (2) No such file or directory
2016-08-03 16:13:02.449754 7f0d24b27e80 -1 monclient(hunting): ERROR: missing keyring, cannot use cephx for authentication
ceph-fuse[13696]: ceph mount failed with (2) No such file or directory
ceph-fuse[13694]: mount failed: (2) No such file or directory

if I add generated files into the /etc/ceph/ceph.client.*client_name*.keyring,
it's mount successful

[root@node181 ~]# ceph auth get-or-create client.foo mon 'allow r' mds 'allow r, allow rw path=/bar' osd 'allow rw pool=data' > /etc/ceph/ceph.client.foo.keyring

[root@node181 ~]# ceph-fuse -n client.foo /root/mycephfs -r /bar
2016-08-03 16:19:28.294400 7f753f114e80 -1 init, newargv = 0x7f7548c0bd30 newargc=11ceph-fuse[13914]: starting ceph client

ceph-fuse[13914]: starting fuse


Related issues

Copied to fs - Backport #22569: jewel: doc: clarify path restriction instructions Resolved

History

#1 Updated by John Spray over 2 years ago

  • Subject changed from doc: path restriction problem to doc: clarify path restriction instructions

So there's no bug here as such, it's just that the instructions don't explicitly tell you to write out your client key to a keyring file. That page should probably refer people to http://docs.ceph.com/docs/hammer/rados/operations/user-management/

#3 Updated by Jos Collin about 1 year ago

  • Copied to Backport #22569: jewel: doc: clarify path restriction instructions added

#4 Updated by Jos Collin about 1 year ago

  • Status changed from New to Pending Backport

#5 Updated by Nathan Cutler about 1 year ago

  • Backport set to jewel

#6 Updated by Nathan Cutler about 1 year ago

  • Status changed from Pending Backport to Resolved

Also available in: Atom PDF