jewel -> luminous upgrade doesn't update client.admin mgr cap
Date: Tue, 18 Jul 2017 21:03:34 +1200 From: Mark Kirkwood <email@example.com> To: "firstname.lastname@example.org" <email@example.com> Subject: Luminous 12.1.1 upgrade mgr woes Parts/Attachments: 1 Shown 30 lines Text 2 OK 29 lines Text ---------------------------------------- Hi, Just had a go at this - 12.1.1 from a freshly deployed Jewel (10.2.9) on Ubuntu 16.04, following http://docs.ceph.com/docs/master/release-notes/#upgrade-from-jewel-or-kraken. So it all worked ok *except* for the the mgr deploy, this hang at the key/caps modification stage (see attached). Now I managed to work around it: - switch cephx to none in ceph.conf - restart mon - redeploy mgr - edit client.admin and add missing: caps mgr = "allow *" - switch to cephx again, restart mon, mgr - ...and continue, but it makes things a whole lot more messy than needed, would be good for this not to trip up upgraders on important systems (I'm just on a play setup, so no stress here)! regards Mark
#1 Updated by Sage Weil about 1 year ago
Hmm, I suspect the issue is with the bootstrap-mgr keyring. I notice
that when trying a "mgr create" on an upgraded cluster, ceph-deploy is
prompting me to do a "gatherkeys", at which point it generates the
keyring. However, the bootstrap-mgr identity that I have inside the
mon is weird, its key is AAAAAAAAAAAAAAAA.
Even after I've got the bootstrap-mgr keyring (whose AAA... key
matches the weird one that the mon has), I get EINVAL connecting, and
the mon is logging "error when trying to handle auth request, probably
So yeah, something's pretty broken here!