Project

General

Profile

Bug #20666

jewel -> luminous upgrade doesn't update client.admin mgr cap

Added by Sage Weil about 1 month ago. Updated about 1 month ago.

Status:
Resolved
Priority:
Immediate
Assignee:
Category:
-
Target version:
-
Start date:
07/18/2017
Due date:
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Release:
Needs Doc:
No
Component(RADOS):
Monitor

Description

Date: Tue, 18 Jul 2017 21:03:34 +1200
From: Mark Kirkwood <mark.kirkwood@catalyst.net.nz>
To: "ceph-devel@vger.kernel.org" <ceph-devel@vger.kernel.org>
Subject: Luminous 12.1.1 upgrade mgr woes
Parts/Attachments:
   1 Shown    30 lines  Text
   2   OK     29 lines  Text
----------------------------------------

Hi,

Just had a go at this - 12.1.1 from a freshly deployed Jewel (10.2.9) on Ubuntu
16.04, following
http://docs.ceph.com/docs/master/release-notes/#upgrade-from-jewel-or-kraken. 

So it all worked ok *except* for the the mgr deploy, this hang at the key/caps
modification stage (see attached). Now I managed to work around it:

- switch cephx to none in ceph.conf

- restart mon

- redeploy mgr

- edit client.admin and add missing: caps mgr = "allow *" 

- switch to cephx again, restart mon, mgr

- ...and continue, but it makes things a whole lot more messy than needed, would
be good for this not to trip up upgraders on important systems (I'm just on a
play setup, so no stress here)!

regards

Mark

History

#1 Updated by Sage Weil about 1 month ago

Hmm, I suspect the issue is with the bootstrap-mgr keyring. I notice
that when trying a "mgr create" on an upgraded cluster, ceph-deploy is
prompting me to do a "gatherkeys", at which point it generates the
keyring. However, the bootstrap-mgr identity that I have inside the
mon is weird, its key is AAAAAAAAAAAAAAAA.

Even after I've got the bootstrap-mgr keyring (whose AAA... key
matches the weird one that the mon has), I get EINVAL connecting, and
the mon is logging "error when trying to handle auth request, probably
malformed request".

So yeah, something's pretty broken here!

John

#2 Updated by Joao Luis about 1 month ago

  • Assignee set to Joao Luis
  • Component(RADOS) Monitor added

#3 Updated by Joao Luis about 1 month ago

  • Status changed from Verified to Need Review

#4 Updated by Sage Weil about 1 month ago

  • Status changed from Need Review to Testing

#5 Updated by Sage Weil about 1 month ago

  • Status changed from Testing to Resolved

Also available in: Atom PDF